* [Qemu-devel] [PATCH] SMP BIOS race condition bug
@ 2008-03-28 1:39 David Wentzlaff
0 siblings, 0 replies; only message in thread
From: David Wentzlaff @ 2008-03-28 1:39 UTC (permalink / raw)
To: bochs-developers; +Cc: qemu-devel
This patch fixes a race condition in the Bochs rombios. Under normal MP
processor enumeration, the boot processor sends an
inter-processor-interrupt (IPI) to the non-boot processors vectoring them
to "smp_ap_boot_code_start". The code at smp_ap_boot_code_start then
increments CPU_COUNT_ADDR. The current code base increments with an incw
instruction, unfortunately incw is not atomic and multiple processors can
read, then modify, then write back the result at the same time resulting
in fewer processors being counted than are actually in the system. I have
seen this happen in high processor (>=16) count QEMU emulations. I have
experienced anywhere from {n, n-1, n-2} processors detected by the BIOS.
The fix is to simply lock the incw with the x86 'lock' prefix. Attached
is the patch. I have CCed qemu-devel as it that project as well as bochs.
Sincerely,
David Wentzlaff
Index: rombios32start.S
===================================================================
RCS file: /cvsroot/bochs/bochs/bios/rombios32start.S,v
retrieving revision 1.4
diff -d -u -r1.4 rombios32start.S
--- rombios32start.S 26 Jan 2008 09:15:27 -0000 1.4
+++ rombios32start.S 28 Mar 2008 01:29:49 -0000
@@ -42,7 +42,7 @@
smp_ap_boot_code_start:
xor %ax, %ax
mov %ax, %ds
- incw CPU_COUNT_ADDR
+ lock incw CPU_COUNT_ADDR
1:
hlt
jmp 1b
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-03-28 1:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-03-28 1:39 [Qemu-devel] [PATCH] SMP BIOS race condition bug David Wentzlaff
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).