[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-ia64-devel] Small bug in handling of domU's itc ops

  • To: xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
  • From: Dietmar Hahn <dietmar.hahn@xxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 15 Dec 2006 13:55:59 +0100
  • Delivery-date: Fri, 15 Dec 2006 04:55:57 -0800
  • Domainkey-signature: s=s768; d=fujitsu-siemens.com; c=nofws; q=dns; b=qu219Z3lt4eK02v/1Iq33uStpm96HJf/tWIHe+BJR3cPN/oGKL5t714riVY7i3LpPGf3OBrb+pJ0O5K6JZKvJZvIU58VB+EKleaAOqPuYGJpTsfSnImB8bZwnyggi7mM;
  • List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
Hi,

in a previous mail
http://lists.xensource.com/archives/html/xen-ia64-devel/2006-11/msg00053.html
I described a strange panic in xen.
Now I tried to look something deeper into the problem.

Wenn in the domU a itc.d = r is called, a Privileged Operation fault is raised 
and the hypervisor tries to emulate the itc.d. It takes the pte from the domU 
and does some checks and changes. But it doesn't check whether the reserved 
bits are masked out.  In vcpu_itc_no_srlz() the function ia64_itc() ist 
called with this buggy pte and which leads to a nested Reserved 
Register/Field Fault and panics the hypervisor!

My simple traphandler didn't mask out these bits and used a wrong pte for 
itc.d.

My patch only masks these bits before calling ia64_itc(). I didn't check the 
vmx parts because I don't have a vti machine.

Maybe the patch is not complete. Any comments are welcome.
Thanks.

Dietmar.

# HG changeset patch
# User dietmar.hahn@xxxxxxxxxxxxxxxxxxx
# Node ID a9ea368e59a52106866131fbf52b10a971756e3d
# Parent  2fc3392d0889684c80675b29f9bde0f63cfc3cb9
Mask out reserved bits to avoid Reserved Register/Field faults.

Signed-off-by: Dietmar Hahn <dietmar.hahn@xxxxxxxxxxxxxxxxxxx>

diff -r 2fc3392d0889 -r a9ea368e59a5 xen/arch/ia64/xen/vcpu.c
--- a/xen/arch/ia64/xen/vcpu.c  Thu Dec 14 09:56:41 2006 -0700
+++ b/xen/arch/ia64/xen/vcpu.c  Fri Dec 15 13:35:36 2006 +0100
@@ -2162,6 +2162,7 @@ vcpu_itc_no_srlz(VCPU * vcpu, u64 IorD, 
        BUG_ON(logps > PAGE_SHIFT);
        vcpu_tlb_track_insert_or_dirty(vcpu, vaddr, entry);
        psr = ia64_clear_ic();
+       pte &= ~((0x3UL<<50) | 0x1<<1); // Mask out the reserved bits.
        ia64_itc(IorD, vaddr, pte, ps); // FIXME: look for bigger mappings
        ia64_set_psr(psr);
        // ia64_srlz_i(); // no srls req'd, will rfi later

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.