From: NISHIGUCHI Naoki <nisiguti@jp.fujitsu.com>
To: xen-devel@lists.xensource.com
Subject: [PATCH] x86: fix NULL function call in timer_softirq_action()
Date: Tue, 22 Apr 2008 11:42:18 +0900 [thread overview]
Message-ID: <480D508A.6000403@jp.fujitsu.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1053 bytes --]
Hi,
In VT-d enabled and SMP machine, when start HVM guests that was assigned
device such as "pci = ['01:00.0']", sometimes panic happens! This panic
occurs because of NULL function call in timer_softirq_action().
Attached patch fixes this problem.
This panic's cause was find_first_bit() in vmx_dirq_assist().
In find_first_bit(__find_first_bit) function, "repe; scas" instruction
and "bsf" instruction refer addresses of a bitmap. If clear_bit() is
called to clear a bit of the bitmap between above instructions, eax
register's value is zero after execution of "bsf" instruction. As a
result, the return value of find_first_bit() will be 0, 64, 128 or
192(on x86_64 arch).
In this case, vmx_dirq_assist() calls set_timer() about the bit not to
be set. If hvm_timer(timer structure) about the bit is not initialized,
timer_softirq_action() will call zero address.
Only in VT-d enabled and SMP machine, clear_bit() is called in
pt_irq_time_out() on another cpu.
Signed-off-by: Naoki Nishiguchi <nisiguti@jp.fujitsu.com>
Regards,
Naoki Nishiguchi
[-- Attachment #2: bitops.patch --]
[-- Type: text/plain, Size: 876 bytes --]
diff -r 08e010c3f251 xen/arch/x86/bitops.c
--- a/xen/arch/x86/bitops.c Tue Apr 15 16:39:00 2008 +0100
+++ b/xen/arch/x86/bitops.c Wed Apr 16 09:38:06 2008 +0900
@@ -8,12 +8,15 @@ unsigned int __find_first_bit(
unsigned long d0, d1, res;
asm volatile (
- " xor %%eax,%%eax\n\t" /* also ensures ZF==1 if size==0 */
+ "1: xor %%eax,%%eax\n\t" /* also ensures ZF==1 if size==0 */
" repe; scas"__OS"\n\t"
- " je 1f\n\t"
+ " je 2f\n\t"
" lea -"STR(BITS_PER_LONG/8)"(%2),%2\n\t"
- " bsf (%2),%0\n"
- "1: sub %%ebx,%%edi\n\t"
+ " bsf (%2),%0\n\t"
+ " jnz 2f\n\t"
+ " lea "STR(BITS_PER_LONG/8)"(%2),%2\n\t"
+ " jmp 1b\n\t"
+ "2: sub %%ebx,%%edi\n\t"
" shl $3,%%edi\n\t"
" add %%edi,%%eax"
: "=&a" (res), "=&c" (d0), "=&D" (d1)
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next reply other threads:[~2008-04-22 2:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-22 2:42 NISHIGUCHI Naoki [this message]
2008-04-22 10:29 ` [PATCH] x86: fix NULL function call in timer_softirq_action() Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=480D508A.6000403@jp.fujitsu.com \
--to=nisiguti@jp.fujitsu.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.