WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [HVM] Don't invoke pt_{save/restore}_timer for one_shot time

from [Cui, Dexuan] [Permanent Link][Original]
To: "Keir Fraser" <Keir.Fraser@xxxxxxxxxxxx>, "xen-devel" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [HVM] Don't invoke pt_{save/restore}_timer for one_shot timer
From: "Cui, Dexuan" <dexuan.cui@xxxxxxxxx>
Date: Wed, 12 Dec 2007 00:43:34 +0800
Delivery-date: Tue, 11 Dec 2007 08:44:23 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acg3PEyAIo2inm4VSGuup7EBw1kwsAE1W1gA
Thread-topic: [HVM] Don't invoke pt_{save/restore}_timer for one_shot timer 
HVM guest can set vlapic timer to one-shot mode; in
vmx_asm_vmexit_handler -> do_softirq(), we may invoke pt_timer_fn() for
some timer T (T is used for some vlapic timer vpt and fires at this
time), hence T is removed from the timer_heap; soon after that, when we
remain in do_softirq(), we may invoke schedule() due to
SCHEDULE_SOFTIRQ, and the vcpu is switched out;
When the vcpu is switched in, in hvm_do_resume() -> pt_restore_timer(),
we use set_timer() to unconditionally add the fired T into the
timer_heap!
Next, in vmx_asm_vmexit_handler -> vmx_intr_assist() -> pt_intr_post(),
we "pt->enabled = 0";
Next, the guest may re-program the vlapic timer: vlapic_write() ->
create_periodic_time() -> set_timer(), so T is added into the timer_heap
again! And later, when we remove T from the timer_heap for the 2nd time,
we can crash Xen.

The issue can be reproduced easily on Woodcrest and Weybridge platforms
by installing 32-bit Fedora 7 with vcpus=8.

The patch fixes the issue by not invoking pt_{save/restore}_timer for
one_shot timer.

Signed-off-by: Dexuan Cui <dexuan.cui@xxxxxxxxx>

Attachment: donnot_save_restore_one-shot_vpt.patch
Description: donnot_save_restore_one-shot_vpt.patch

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] linux: add __exit to module_exit() handlers, Jan Beulich
Next by Date:  [Xen-devel] [PATCH] linux: secondary CPU handling adjustments, Jan Beulich
Previous by Thread:  [Xen-devel] [PATCH] linux: add __exit to module_exit() handlers, Jan Beulich
Next by Thread:  [Xen-devel] Re: [HVM] Don't invoke pt_{save/restore}_timer for one_shot timer, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy