From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Ling, Xiaofeng" Subject: [PATCH]fix xen0 hang when start seconds vmx guest Date: Thu, 10 Nov 2005 14:39:07 +0800 Message-ID: <4372EB0B.5080001@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel List-Id: xen-devel@lists.xenproject.org For vmx domain, because shadow_mode_reference is set later in vmx_final_setup_guest, so in arch_set_info_guest, the phys_basetab is not do get_page, while when destroying, put_page is called, so there is one page, the count=-1, and when a new domain allocate this page, it will take it as cpumask 0xffffffff, this cause flash_tlb_mask goes into dead loop.(How new bios/microcode can deal with it? maybe some differnet in sending IPI?) The warning: (XEN) Audit 1: type count went below zero mfn=1e03d t=f0000000 ot=3654b is also caused by this, for vmx domain, the page is net get_type. I think bug 128, 131, 351 are all caused by this issue. diff -r 07070a351156 -r 833b086cc0e8 xen/arch/x86/domain.c --- a/xen/arch/x86/domain.c Thu Nov 10 12:18:23 2005 +0800 +++ b/xen/arch/x86/domain.c Thu Nov 10 14:05:11 2005 +0800 @@ -389,7 +389,12 @@ if ( !get_page(&frame_table[phys_basetab>>PAGE_SHIFT], d) ) return -EINVAL; } - else if ( !(c->flags & VGCF_VMX_GUEST) ) + else if ( (c->flags & VGCF_VMX_GUEST) ) + { + if ( !get_page(&frame_table[phys_basetab>>PAGE_SHIFT], d) ) + return -EINVAL; + } + else { if ( !get_page_and_type(&frame_table[phys_basetab>>PAGE_SHIFT], d, PGT_base_page_table) )