From mboxrd@z Thu Jan  1 00:00:00 1970
From: Keir Fraser <keir@xen.org>
Subject: Re: RE: kernel panic when enable x2apic
Date: Tue, 30 Nov 2010 09:23:52 +0000
Message-ID: <C91A7328.B7B1%keir@xen.org>
References: <4CF4BAC3.6060009@intel.com>
Mime-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <4CF4BAC3.6060009@intel.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Weidong Han <weidong.han@intel.com>, Jan Beulich <JBeulich@novell.com>
Cc: "Zhang, Yang Z" <yang.z.zhang@intel.com>, Sander Eikelenboom <linux@eikelenboom.it>, "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

On 30/11/2010 08:50, "Weidong Han" <weidong.han@intel.com> wrote:

> This results in Xen to allocate xsave
> area in vcpu_initialise, we observed it may allocate a used address for
> it, therefore cause the panic.

Actually you xmalloc a zero-sized area, and then immediately write past the
end of it, corrupting neigbouring data, including possibly xmalloc metadata.

> The obvious solution is to remove
> boot_cpu_data.x86_capability[4] = cpuid_ecx(1) in start_vmx. It indeed
> works with the change. I will send out the patch after more tests.

Yes, the write to x86_capability is totally unnecessary. There is a similar
pointless one in SVM code -- in fact they don't even manage to write to the
correct array element of x86_capability[]!

Removing both writes to x86_capability[] would be an appropriate fix for 4.0
branch as well.

 -- Keir