WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] Windows domain boot failure

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Windows domain boot failure
From: Naoki Takayama <takayama.naoki@xxxxxxxxxxxxxx>
Date: Thu, 18 Jan 2007 19:16:11 +0900
Delivery-date: Thu, 18 Jan 2007 02:16:28 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi all,

When I tried to boot three windows domains continuously, the Windows
domain created first failed to boot. The qemu-dm process was terminated
with Segmentation fault. The reproduction procedure is below.

# xm create xxx
# xm create yyy
# xm create zzz

Environment :
  Machine              : Tiger4 with 2 phycical CPU (4 CPU core)
  Dom0  OS             : RHEL5
  Guest OS             : Windows 2003Server EE SP1
  Dom0 VCPUs           : 1
  Windows Domain VCPUs : 1


I am using RHEL5, but there is the same problem in Xen, I think.
The cause is seems to be in the IDE emulation code.

tools/ioemu/hw/ide.c :

(1)The IDE DMA process starts by ide_dma_start(). 
   "bm->ide_if" and "bm->dma_cb" are set here.

  static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb)
  {
      BMDMAState *bm = s->bmdma;
      if(!bm)
          return;

      bm->ide_if = s;
      bm->dma_cb = dma_cb;
      if (bm->status & BM_STATUS_DMAING) {
          ide_dma_loop(bm);
      }
  }

(2)The other thread receives the DMA request and starts memory copy.
   "bm->dma_cb" and "bm->ide_if" are referred by the thread.
    dma_thread_loop() :

          cpu_physical_memory_read(cur_addr, (uint8_t *)&prd, 8);
          prd.addr = le32_to_cpu(prd.addr);
          prd.size = le32_to_cpu(prd.size);
  #ifdef DEBUG_IDE
          printf("ide: dma: prd: %08x: addr=0x%08x size=0x%08x\n",
                 (int)cur_addr, prd.addr, prd.size);
  #endif
          len = prd.size & 0xfffe;
          if (len == 0)
              len = 0x10000;
          while (len > 0) {
              len1 = bm->dma_cb(bm->ide_if, prd.addr, len);
              if (len1 == 0)
                  goto the_end;
              prd.addr += len1;
              len -= len1;
          }

(3)The ide_dma_start() is called for the next DMA request before the
   thread has not finished the memory copy for the previous DMA request.
   When the thread finishes memory copy, "bm->dma_cb" and "bm->ide_if"
   set to NULL in ide_dma_finish(). 

  static void ide_dma_finish(BMDMAState *bm)
  {
      IDEState *s = bm->ide_if;

      bm->status &= ~BM_STATUS_DMAING;
      bm->status |= BM_STATUS_INT;
      bm->dma_cb = NULL;
      bm->ide_if = NULL;
  #ifdef DMA_MULTI_THREAD
      ide_set_irq(s);
  #endif /* DMA_MULTI_THREAD */
  }

(4)The qemu-dm process is terminated with Segmentation fault because 
   the "bm->dma_cb" and "bm->ide_if" are set to NULL.


I am not sure how to correct this code. And I can not understand 
why this problem does not occur with linux domain.

Any help is appreciated.


Thanks,
Naoki Takayama



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] Windows domain boot failure, Naoki Takayama <=