12 Sep
2005
12 Sep
'05
7:43 a.m.
I'm working on bug 713 (http://www.reactos.com/bugzilla/show_bug.cgi?id=713
for the click-happy). What I have found is this:
- Telnet opens a socket
- Sending and receiving are handled by different threads, let's call them S
and R
- Thread R starts a recv() operation, which is translated to an ioctl on the
socket
- No data is available, so thread R blocks, waiting for FileObject->Event
- I type something, which is handled by thread S. Thread S starts a send()
operation.
- Again translated to an ioctl on the socket. Since this is the same socket
as used by S, the FileObject will be the same
- The send can complete immediately, IoCompleteRequest is called which sets
the FileObject->Event.
- Thread R is unblocked, the event it was waiting for was set by thread S.
However, the irp of thread R was never completed. The recv() call returns
with bogus info.
- Thread R starts another recv(). When some data arrives from the server,
two irps are waiting for it. This eventually leads to the crash.
The fundamental problem seems to be multiple overlapping I/O operations
which all use FileObject->Event to signal their completion. I have no idea
how to fix that...
Gé van Geldorp.
12 Sep
12 Sep
11:16 a.m.
We dont support serialization of asynch. i/o agains the same fileobject.
:-D
Fileobject have 4 members used for this lock:
ULONG Waiters;
ULONG Busy;
PVOID LastLock;
KEVENT Lock;
afaics, its basically a mutex but its reimplemented as a "file object
lock" to support alertable waits and customized rundown.
I remeber seeing some of these members incorrectly used in Cc for some
bizzare synch. but it might be removed now...
G.
Ge van Geldorp wrote:
I'm working on bug 713
(http://www.reactos.com/bugzilla/show_bug.cgi?id=713
for the click-happy). What I have found is this:
- Telnet opens a socket
- Sending and receiving are handled by different threads, let's call them S
and R
- Thread R starts a recv() operation, which is translated to an ioctl on the
socket
- No data is available, so thread R blocks, waiting for FileObject->Event
- I type something, which is handled by thread S. Thread S starts a send()
operation.
- Again translated to an ioctl on the socket. Since this is the same socket
as used by S, the FileObject will be the same
- The send can complete immediately, IoCompleteRequest is called which sets
the FileObject->Event.
- Thread R is unblocked, the event it was waiting for was set by thread S.
However, the irp of thread R was never completed. The recv() call returns
with bogus info.
- Thread R starts another recv(). When some data arrives from the server,
two irps are waiting for it. This eventually leads to the crash.
The fundamental problem seems to be multiple overlapping I/O operations
which all use FileObject->Event to signal their completion. I have no idea
how to fix that...
Gé van Geldorp.
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.com
http://reactos.com:8080/mailman/listinfo/ros-dev
2:43 p.m.
From: Gunnar Dalsnes
We dont support serialization of asynch. i/o agains the same
fileobject.
:-D
Ok, let me rephrase :)
Both the recv() and the send() call are synchronous: they are not expected
to return before they completed their job. However, they are being called
from two different threads and so are in progress at the same time. Seems
like a pretty common scenario for network apps to me.
Gé van Geldorp.
3:17 p.m.
sry. i ment synch. io
Ge van Geldorp wrote:
From: Gunnar
Dalsnes
We dont support serialization of asynch. i/o agains the same
fileobject.
:-D
Ok, let me rephrase :)
Both the recv() and the send() call are synchronous: they are not expected
to return before they completed their job. However, they are being called
from two different threads and so are in progress at the same time. Seems
like a pretty common scenario for network apps to me.
Gé van Geldorp.
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.com
http://reactos.com:8080/mailman/listinfo/ros-dev
14 Sep
14 Sep
4:38 a.m.
Gunnar Dalsnes wrote:
sry. i ment synch. io
Ge van Geldorp wrote:
>> From: Gunnar Dalsnes
>>
>> We dont support serialization of asynch. i/o agains the same
>> fileobject. :-D
>
>
>
> Ok, let me rephrase :)
> Both the recv() and the send() call are synchronous: they are not
> expected
> to return before they completed their job. However, they are being
> called
> from two different threads and so are in progress at the same time.
> Seems
> like a pretty common scenario for network apps to me.
>
> Gé van Geldorp.
>
Hmm. I know that before moved I created different events used by each
synchronous call in msafd to correct exactly that problem. Is that not
working?
7:55 a.m.
From: art yerkes
Hmm. I know that before moved I created different events
used by each synchronous call in msafd to correct exactly
that problem. Is that not working?
The problem was that the handle was opened with the
FILE_SYNCHRONOUS_IO_NONALERT option. This caused NtDeviceIoControlFile to do
an internal wait if the driver returned STATUS_PENDING. As a result,
STATUS_PENDING was no longer returned as the status by NtDeviceIoControlFile
to msafd, so the waits in msafd were bypassed.
I've attached the proposed patch to bug 713. No comments so far.
Gé van Geldorp.
2:37 p.m.
I believe the socket needs to be opened for async IO then.
Ge van Geldorp wrote:
From: art
yerkes
Hmm. I know that before moved I created different events
used by each synchronous call in msafd to correct exactly
that problem. Is that not working?
The problem was that the handle was opened with the
FILE_SYNCHRONOUS_IO_NONALERT option. This caused NtDeviceIoControlFile to do
an internal wait if the driver returned STATUS_PENDING. As a result,
STATUS_PENDING was no longer returned as the status by NtDeviceIoControlFile
to msafd, so the waits in msafd were bypassed.
I've attached the proposed patch to bug 713. No comments so far.
Gé van Geldorp.
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.com
http://reactos.com:8080/mailman/listinfo/ros-dev
12 Sep
12 Sep
2:43 p.m.
That's easy enough to fix. The ioctls need to pass down their own event
object and not rely on signaling of the file object.
Ge van Geldorp wrote:
I'm working on bug 713
(http://www.reactos.com/bugzilla/show_bug.cgi?id=713
for the click-happy). What I have found is this:
- Telnet opens a socket
- Sending and receiving are handled by different threads, let's call them S
and R
- Thread R starts a recv() operation, which is translated to an ioctl on the
socket
- No data is available, so thread R blocks, waiting for FileObject->Event
- I type something, which is handled by thread S. Thread S starts a send()
operation.
- Again translated to an ioctl on the socket. Since this is the same socket
as used by S, the FileObject will be the same
- The send can complete immediately, IoCompleteRequest is called which sets
the FileObject->Event.
- Thread R is unblocked, the event it was waiting for was set by thread S.
However, the irp of thread R was never completed. The recv() call returns
with bogus info.
- Thread R starts another recv(). When some data arrives from the server,
two irps are waiting for it. This eventually leads to the crash.
The fundamental problem seems to be multiple overlapping I/O operations
which all use FileObject->Event to signal their completion. I have no idea
how to fix that...
Gé van Geldorp.
7142
days inactive
7145
days old
8 comments
5 participants
participants (5)
-
art yerkes -
Ge van Geldorp -
Gunnar Dalsnes -
KJKHyperion -
Phillip Susi