Xen kernel panics when "acpi=off" is set. Problem is caused by dereferncing
NULL pointer in drhd after calling acpi_find_matched_drhd_unit. As
acpi_find_matched_drhd_unit can return NULL, checks has to be done before
returned value is used.
----- "Dexuan Cui" <dexuan.cui@xxxxxxxxx> wrote:
> But when I use c/s 20330 and use "iommu=1 acpi=off", I still get the
> the panic:
>
> (XEN) Xen call trace:
> (XEN) [<ffff82c4801401b5>] ats_device+0x53/0x10e
> (XEN) [<ffff82c48013c8e5>] intel_iommu_domain_init+0xa8/0x200
> (XEN) [<ffff82c4801379dd>] iommu_domain_init+0x74/0x76
> (XEN) [<ffff82c48014c437>] arch_domain_create+0x544/0x94a
> (XEN) [<ffff82c48010676a>] domain_create+0x26c/0x3fd
> (XEN) [<ffff82c48024cdb5>] __start_xen+0x5264/0x557f
>
> Actually when iommu=1 and acpi=off, in __start_xen() ->
> acpi_boot_init(), acpi_dmar_init() can't be invoked at all and hence
> parse_dmar_table() can't be invoked, as a result, we should not try to
> use VT-d at all, however, the global variable iommu_enabled is left
> set to 1.
>
> So I don't think this changeset is the right fix. I think the correct
> one should be: in disable_acpi(), we force iommu_enabled to 0.
To prevent this problem, disable iommu if acpi is disabled.
Patch
---
diff -r 97684ba1303e xen/drivers/passthrough/iommu.c
--- a/xen/drivers/passthrough/iommu.c Thu Oct 01 18:39:03 2009 +0100
+++ b/xen/drivers/passthrough/iommu.c Fri Oct 16 13:08:36 2009 +0200
@@ -39,6 +39,7 @@
* no-intremap Disable VT-d Interrupt Remapping
*/
custom_param("iommu", parse_iommu_param);
+extern int acpi_disabled;
int iommu_enabled = 0;
int iommu_pv_enabled = 0;
int force_iommu = 0;
@@ -266,6 +267,11 @@
if ( !iommu_enabled )
goto out;
+ if ( !acpi_disabled ) {
+ iommu_enabled = 0;
+ goto out;
+ }
+
rc = iommu_hardware_setup();
iommu_enabled = (rc == 0);
diff -r 97684ba1303e xen/drivers/passthrough/vtd/intremap.c
--- a/xen/drivers/passthrough/vtd/intremap.c Thu Oct 01 18:39:03 2009 +0100
+++ b/xen/drivers/passthrough/vtd/intremap.c Fri Oct 16 13:08:36 2009 +0200
@@ -461,6 +461,8 @@
struct ir_ctrl *ir_ctrl;
drhd = acpi_find_matched_drhd_unit(pdev);
+ if (!drhd)
+ return;
iommu = drhd->iommu;
ir_ctrl = iommu_ir_ctrl(iommu);
@@ -479,6 +481,8 @@
struct ir_ctrl *ir_ctrl;
drhd = acpi_find_matched_drhd_unit(pdev);
+ if (!drhd)
+ return;
iommu = drhd->iommu;
ir_ctrl = iommu_ir_ctrl(iommu);
diff -r 97684ba1303e xen/drivers/passthrough/vtd/iommu.c
--- a/xen/drivers/passthrough/vtd/iommu.c Thu Oct 01 18:39:03 2009 +0100
+++ b/xen/drivers/passthrough/vtd/iommu.c Fri Oct 16 13:08:36 2009 +0200
@@ -1412,6 +1412,8 @@
return -ENODEV;
drhd = acpi_find_matched_drhd_unit(pdev);
+ if (!drhd)
+ return -ENODEV;
pdev_iommu = drhd->iommu;
domain_context_unmap(source, bus, devfn);
@@ -1425,7 +1427,7 @@
for_each_pdev ( source, pdev )
{
drhd = acpi_find_matched_drhd_unit(pdev);
- if ( drhd->iommu == pdev_iommu )
+ if ( drhd && drhd->iommu == pdev_iommu )
{
found = 1;
break;
---
Miroslav Rezanina
Software Engineer - Virtualization Team - XEN kernel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home