From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Richard W.M. Jones" Subject: [PATCH] IDE BMDMAState structure corruption with DMA_MULTI_THREAD Date: Tue, 15 May 2007 22:26:29 +0100 Message-ID: <464A2585.8070008@redhat.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1177961021==" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Mime-version: 1.0 Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com Cc: Dan Berrange List-Id: xen-devel@lists.xenproject.org This is a cryptographically signed message in MIME format. --===============1177961021== Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms060807060404050109060508" This is a cryptographically signed message in MIME format. --------------ms060807060404050109060508 Content-Type: multipart/mixed; boundary="------------050609070406070007060305" This is a multi-part message in MIME format. --------------050609070406070007060305 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit As I reported here: http://lists.xensource.com/archives/html/xen-devel/2007-05/msg00492.html I was experiencing qemu-dm segfaulting when trying to install FreeBSD 32 fullvirt on a heavily loaded machine. Dan Berrange and I tracked this down today to the BMDMAState structure being corrupted when a second DMA request was initiated by the guest before the first one had been completed. Because the DMA thread and the main thread share a pointer to a single BMDMAState, bm->dma_cb is set to NULL by the main thread, and later the DMA thread jumps to this address (in dma_thread_loop, at the line 'len1 = bm->dma_cb(bm->ide_if, prd.addr, len);'). The attached patch corrects this by passing the whole structure between the threads, rather than a pointer to the structure (5 words rather than 1, so there is a small amount of extra overhead). With this patch I have been able to complete the FreeBSD FV install under load successfully. Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903 --------------050609070406070007060305 Content-Type: text/x-patch; name="xen-safe-ide-dma.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="xen-safe-ide-dma.patch" --- tools/ioemu/hw/ide.c.old 2007-05-15 14:02:34.000000000 +0100 +++ tools/ioemu/hw/ide.c 2007-05-15 19:25:06.000000000 +0100 @@ -402,10 +402,36 @@ static void ide_dma_loop(BMDMAState *bm); static void dma_thread_loop(BMDMAState *bm); +static int +really_read (int fd, void *buf, size_t size) +{ + int r; + +again: + r = read (fd, buf, size); + if (r <= 0 || r == size) return r; + buf += r; + size -= r; + goto again; +} + +static int +really_write (int fd, void *buf, size_t size) +{ + int r; + +again: + r = write (fd, buf, size); + if (r == -1 || r == size) return r; + buf += r; + size -= r; + goto again; +} + extern int suspend_requested; static void *dma_thread_func(void* opaque) { - BMDMAState* req; + BMDMAState req; fd_set fds; int rv, nfds = file_pipes[0] + 1; struct timeval tm; @@ -420,9 +446,12 @@ rv = select(nfds, &fds, NULL, NULL, &tm); if (rv != 0) { - if (read(file_pipes[0], &req, sizeof(req)) == 0) + rv = really_read(file_pipes[0], &req, sizeof(req)); + if (rv <= 0) { + if (rv == -1) perror ("qemu-dm: read"); return NULL; - dma_thread_loop(req); + } + dma_thread_loop(&req); } else { if (suspend_requested) { /* Need to tidy up the DMA thread so that we don't end up @@ -2371,7 +2400,8 @@ #ifdef DMA_MULTI_THREAD static void ide_dma_loop(BMDMAState *bm) { - write(file_pipes[1], &bm, sizeof(bm)); + if (really_write(file_pipes[1], bm, sizeof(*bm)) == -1) + perror ("qemu-dm: write"); } static void dma_thread_loop(BMDMAState *bm) #else /* DMA_MULTI_THREAD */ --------------050609070406070007060305-- --------------ms060807060404050109060508 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJAzCC AtwwggJFoAMCAQICEAS4dW+HXx5T2s1p+JnOIgkwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MDIxOTEwMDIxOFoX DTA4MDIxOTEwMDIxOFowQzEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEgMB4G CSqGSIb3DQEJARYRcmpvbmVzQHJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDPJ872hlyuT89WhxOjsWO6ZmnJXFozZHACO5WRaOGKE63VWbYdrWrW2zhV11ND kiZ5nI2IZoN2sga57/bLs1Wcc3W7VCEQ/vP+YqnzvzBPnt9e1gD/Rte64hiNeP58cGjbzjMx AcBa1ICHzwniYxEP1QAiSu0Hk6ecRiMVVXYxCwa1D46klRkVPtQT89EIXS5Z4EOqQy83UZh/ XdgcsadaRxsgkQNgOif6M1pR149uuW0STunhuaNBz8eNRKFTkmn7Mb+claNdiedViabqgbOt F7NJjPPivv/aBEPb7e2cRa/SSdziRFZUA5w8Kvpr6JQW6cipV2KwnAMJOwhlgjMlAgMBAAGj LjAsMBwGA1UdEQQVMBOBEXJqb25lc0ByZWRoYXQuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZI hvcNAQEFBQADgYEAwQGFC+ULhnDVOGH/1FhxI7v56HVlKkkXk7Xazf3m/vk3s6lBjrUW9VAe c7f8uGEIRAyDsWQN/yyVxmwRFleEK6UiZFIOVTTH0Pcb5XSibBO5v7y3TILeqtGQcRYJwT0m 1K5LkZobCUGeZgw0KjCFeLzPzlxv7efYBheyJyFoRB4wggLcMIICRaADAgECAhAEuHVvh18e U9rNafiZziIJMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3 dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJl ZW1haWwgSXNzdWluZyBDQTAeFw0wNzAyMTkxMDAyMThaFw0wODAyMTkxMDAyMThaMEMxHzAd BgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxIDAeBgkqhkiG9w0BCQEWEXJqb25lc0By ZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyfO9oZcrk/PVocT o7FjumZpyVxaM2RwAjuVkWjhihOt1Vm2Ha1q1ts4VddTQ5ImeZyNiGaDdrIGue/2y7NVnHN1 u1QhEP7z/mKp878wT57fXtYA/0bXuuIYjXj+fHBo284zMQHAWtSAh88J4mMRD9UAIkrtB5On nEYjFVV2MQsGtQ+OpJUZFT7UE/PRCF0uWeBDqkMvN1GYf13YHLGnWkcbIJEDYDon+jNaUdeP brltEk7p4bmjQc/HjUShU5Jp+zG/nJWjXYnnVYmm6oGzrRezSYzz4r7/2gRD2+3tnEWv0knc 4kRWVAOcPCr6a+iUFunIqVdisJwDCTsIZYIzJQIDAQABoy4wLDAcBgNVHREEFTATgRFyam9u ZXNAcmVkaGF0LmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBAMEBhQvlC4Zw 1Thh/9RYcSO7+eh1ZSpJF5O12s395v75N7OpQY61FvVQHnO3/LhhCEQMg7FkDf8slcZsERZX hCulImRSDlU0x9D3G+V0omwTub+8t0yC3qrRkHEWCcE9JtSuS5GaGwlBnmYMNCowhXi8z85c b+3n2AYXsichaEQeMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UE BhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl cyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJ KoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAw MFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25z dWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJ c3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1 BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwL B+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZ cmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYy aHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYD VR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODAN BgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82 L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr3 94fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCA2QwggNgAgEBMHYwYjEL MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhAEuHVvh18eU9rN afiZziIJMAkGBSsOAwIaBQCgggHDMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI hvcNAQkFMQ8XDTA3MDUxNTIxMjYyOVowIwYJKoZIhvcNAQkEMRYEFLcAgbKcPq02Kt20BZ/K 4UpXuUjwMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0G CCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGFBgkrBgEEAYI3EAQxeDB2 MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQu MSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQBLh1b4df HlPazWn4mc4iCTCBhwYLKoZIhvcNAQkQAgsxeKB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIQBLh1b4dfHlPazWn4mc4iCTANBgkqhkiG9w0BAQEF AASCAQBeEP1lvDIOzPtpSmljh2GiVVObHTvOPdEMD97QSIBU+/lb/O7oSRjwBnvLze+W8N6Q hC473rm8/sirvVOIwGOLl5czYpsOhJhmJRLYOxG1A1eFPFkLpHuIaPZeThRFKhvFyNepgOeM 4N9wEzKHrvMt6z9+LLlWEyK7JHKmj5anC950Nf9/7R05k2a9r9maJGoQHde7hKKrGfGHbvLs 3b5rnDeN0sO8v3GGWnvZ/cvcDRUZKAma76ydyQlb/lX1TO+9+bWtTBrwSkG3UBRW+/FHIA6f OJHEJDCstyXZUUMi1L+OsBfgxi6d7UImQQg18HRXfrBvwItopaKQX5BuRC3pAAAAAAAA --------------ms060807060404050109060508-- --===============1177961021== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --===============1177961021==--