Hi,

In VT-d enabled and SMP machine, when start HVM guests that was assigned
device such as "pci = ['01:00.0']", sometimes panic happens! This panic
occurs because of NULL function call in timer_softirq_action().

Attached patch fixes this problem.

This panic's cause was find_first_bit() in vmx_dirq_assist().
In find_first_bit(__find_first_bit) function, "repe; scas" instruction
and "bsf" instruction refer addresses of a bitmap. If clear_bit() is
called to clear a bit of the bitmap between above instructions, eax
register's value is zero after execution of "bsf" instruction. As a
result, the return value of find_first_bit() will be 0, 64, 128 or
192(on x86_64 arch).
In this case, vmx_dirq_assist() calls set_timer() about the bit not to
be set. If hvm_timer(timer structure) about the bit is not initialized,
timer_softirq_action() will call zero address.

Only in VT-d enabled and SMP machine, clear_bit() is called in
pt_irq_time_out() on another cpu.


Signed-off-by: Naoki Nishiguchi <nisiguti@jp.fujitsu.com>

Regards,
Naoki Nishiguchi