[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [HVM] Don't invoke pt_{save/restore}_timer for one_shot timer

  • To: "Cui, Dexuan" <dexuan.cui@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
  • Date: Wed, 12 Dec 2007 11:09:43 +0000
  • Delivery-date: Wed, 12 Dec 2007 03:10:17 -0800
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: Acg3PEyAIo2inm4VSGuup7EBw1kwsAE1W1gAACdxUF8=
  • Thread-topic: [HVM] Don't invoke pt_{save/restore}_timer for one_shot timer


Please try xen-unstable changeset 16595 and see if that fixes the issue.
You'll need to take just that patch, or remove changeset 16594, as otherwise
your IRQ routing fix will mask the issue.


On 11/12/07 16:43, "Cui, Dexuan" <dexuan.cui@xxxxxxxxx> wrote:

> HVM guest can set vlapic timer to one-shot mode; in
> vmx_asm_vmexit_handler -> do_softirq(), we may invoke pt_timer_fn() for
> some timer T (T is used for some vlapic timer vpt and fires at this
> time), hence T is removed from the timer_heap; soon after that, when we
> remain in do_softirq(), we may invoke schedule() due to
> SCHEDULE_SOFTIRQ, and the vcpu is switched out;
> When the vcpu is switched in, in hvm_do_resume() -> pt_restore_timer(),
> we use set_timer() to unconditionally add the fired T into the
> timer_heap!
> Next, in vmx_asm_vmexit_handler -> vmx_intr_assist() -> pt_intr_post(),
> we "pt->enabled = 0";
> Next, the guest may re-program the vlapic timer: vlapic_write() ->
> create_periodic_time() -> set_timer(), so T is added into the timer_heap
> again! And later, when we remove T from the timer_heap for the 2nd time,
> we can crash Xen.
> The issue can be reproduced easily on Woodcrest and Weybridge platforms
> by installing 32-bit Fedora 7 with vcpus=8.
> The patch fixes the issue by not invoking pt_{save/restore}_timer for
> one_shot timer.
> Signed-off-by: Dexuan Cui <dexuan.cui@xxxxxxxxx>

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.