From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ben Guthro Subject: [PATCH] [HVM] Prevent usb driver crashes in Windows Date: Wed, 06 Jun 2007 12:00:28 -0400 Message-ID: <4666DA1C.4010708@virtualiron.com> References: <9392A06CB0FDC847B3A530B3DC174E7B02A95EDB@mse10be1.mse10.exchange.ms> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------090900050208030603070600" Return-path: In-Reply-To: <9392A06CB0FDC847B3A530B3DC174E7B02A95EDB@mse10be1.mse10.exchange.ms> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --------------090900050208030603070600 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit qemu-word-tearing.patch: Use atomic updates to read/write usb controller data. This can be done because: a) word copies on x86 are atomic b) The USB spec requires word alignment This will need to be enhanced once USB 1.2 is supported. Signed-off-by: Steve Ofsthun --------------090900050208030603070600 Content-Type: text/x-patch; name="qemu-word-tearing.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="qemu-word-tearing.patch" diff -r 86fa3e4277f6 tools/ioemu/target-i386-dm/exec-dm.c --- a/tools/ioemu/target-i386-dm/exec-dm.c Mon Jun 04 11:26:30 2007 -0400 +++ b/tools/ioemu/target-i386-dm/exec-dm.c Mon Jun 04 11:29:03 2007 -0400 @@ -434,6 +434,28 @@ extern unsigned long *logdirty_bitmap; extern unsigned long *logdirty_bitmap; extern unsigned long logdirty_bitmap_size; +/* + * Replace the standard byte memcpy with a int memcpy for appropriately sized + * memory copy operations. Some users (USB-UHCI) can not tolerate the possible + * word tearing that can result from a guest concurrently writing a memory + * structure while the qemu device model is modifying the same location. + * Forcing a int sized read/write prevents the guest from seeing a partially + * written int sized atom. + */ +void memcpy32(void *dst, void *src, size_t n) +{ + if ((n % sizeof(int)) != 0) { + memcpy(dst, src, n); + return; + } + n /= sizeof(int); + while(n--) { + *(int *)dst = *(int *)src; + dst += sizeof(int); + src += sizeof(int); + } +} + void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf, int len, int is_write) { @@ -470,7 +492,7 @@ void cpu_physical_memory_rw(target_phys_ } } else if ((ptr = phys_ram_addr(addr)) != NULL) { /* Writing to RAM */ - memcpy(ptr, buf, l); + memcpy32(ptr, buf, l); if (logdirty_bitmap != NULL) { /* Record that we have dirtied this frame */ unsigned long pfn = addr >> TARGET_PAGE_BITS; @@ -506,7 +528,7 @@ void cpu_physical_memory_rw(target_phys_ } } else if ((ptr = phys_ram_addr(addr)) != NULL) { /* Reading from RAM */ - memcpy(buf, ptr, l); + memcpy32(buf, ptr, l); } else { /* Neither RAM nor known MMIO space */ memset(buf, 0xff, len); --------------090900050208030603070600 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --------------090900050208030603070600--