From: Juergen Gross <juergen.gross@ts.fujitsu.com>
To: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: [Patch] cmpxchg emulation returns wrong ZF
Date: Thu, 06 Aug 2009 08:49:15 +0200 [thread overview]
Message-ID: <4A7A7CEB.9080702@ts.fujitsu.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 550 bytes --]
Hi,
attached patch corrects a bug in cmpxchg emulation in the hypervisor.
BS2000 running as HVM-domain on 4 vcpus (no HAP) hit an error due to this bug
after several days.
Juergen
--
Juergen Gross Principal Developer Operating Systems
TSP ES&S SWE OS6 Telephone: +49 (0) 89 636 47950
Fujitsu Technolgy Solutions e-mail: juergen.gross@ts.fujitsu.com
Otto-Hahn-Ring 6 Internet: ts.fujitsu.com
D-81739 Muenchen Company details: ts.fujitsu.com/imprint.html
[-- Attachment #2: cmpxchg.patch --]
[-- Type: text/x-patch, Size: 1740 bytes --]
The cmpxchg emulation for accesses to page tables of guests doesn't handle
races correct.
ops->cmpxchg might return X86EMUL_CMPXCHG_FAILED if the addressed memory
location changed after checking the old contents. In this case ZF was not
changed and could remain 1 instead of being set to 0.
Signed-off-by: juergen.gross@ts.fujitsu.com
# HG changeset patch
# User juergen.gross@ts.fujitsu.com
# Date 1249540842 -7200
# Node ID 26adbdb6cb1d59d95e0a65b6a0d38fa8e95b9f51
# Parent 68e8b8379244e293c55875e7dc3692fc81d3d212
handle race on cmpxchg emulation
diff -r 68e8b8379244 -r 26adbdb6cb1d xen/arch/x86/x86_emulate/x86_emulate.c
--- a/xen/arch/x86/x86_emulate/x86_emulate.c Sun Aug 02 13:43:15 2009 +0100
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c Thu Aug 06 08:40:42 2009 +0200
@@ -4124,6 +4124,7 @@
op_bytes *= 2;
/* Get actual old value. */
+cmpxchg_failed:
for ( i = 0; i < (op_bytes/sizeof(long)); i++ )
if ( (rc = read_ulong(ea.mem.seg, ea.mem.off + i*sizeof(long),
&old[i], sizeof(long), ctxt, ops)) != 0 )
@@ -4151,10 +4152,13 @@
else
{
/* Expected == actual: attempt atomic cmpxchg and set ZF. */
- if ( (rc = ops->cmpxchg(ea.mem.seg, ea.mem.off, old,
- new, op_bytes, ctxt)) != 0 )
- goto done;
- _regs.eflags |= EFLG_ZF;
+ rc = ops->cmpxchg(ea.mem.seg, ea.mem.off, old, new, op_bytes, ctxt);
+ if ( rc == 0 )
+ _regs.eflags |= EFLG_ZF;
+ else if ( rc == X86EMUL_CMPXCHG_FAILED )
+ goto cmpxchg_failed;
+ else
+ goto done;
}
break;
}
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next reply other threads:[~2009-08-06 6:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-06 6:49 Juergen Gross [this message]
2009-08-06 8:01 ` [Patch] cmpxchg emulation returns wrong ZF Jan Beulich
2009-08-06 8:12 ` Juergen Gross
2009-08-06 8:12 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A7A7CEB.9080702@ts.fujitsu.com \
--to=juergen.gross@ts.fujitsu.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.