RE: [Xen-ia64-devel] stack corruption creating idle domain

To:	"Alex Williamson" <alex.williamson@xxxxxx>
Subject:	RE: [Xen-ia64-devel] stack corruption creating idle domain
From:	"Tian, Kevin" <kevin.tian@xxxxxxxxx>
Date:	Wed, 25 Jan 2006 11:04:31 +0800
Cc:	xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Wed, 25 Jan 2006 03:13:06 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id:	Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post:	<mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcYhWbKjdIa7s0hKRX+ErZR4u+uaLQAAFbXQ
Thread-topic:	[Xen-ia64-devel] stack corruption creating idle domain

>From: Alex Williamson [mailto:alex.williamson@xxxxxx]
>Sent: 2006年1月25日 10:44
>On Wed, 2006-01-25 at 09:54 +0800, Tian, Kevin wrote:
>
>>      I don't quite catch you in above sentence. What's the problematic
>> value for r13 in your case? Ideally r13 is initialized to init_task in
>> very early setup in head.S. Then later it's referred further as
>> idle_vcpu[0]. It's harmless to clear switch stack and pt_regs area for
>> idle vcpu0 at that point. So you may need to figure out where r13 is
>> getting changed before that point.
>
>Hi Kevin,
>
>   I don't have the actual values right now, but if this doesn't make
>sense I'll do a better job of documenting the exact values tomorrow.  As
>an example, lets say r13 is 0x1000 and r12 is 0x2000.  The memset in
>init_switch_stacks would be something like memset(0x1d00, 0, 0x400),
>therefore clearing anything on the stack.  When we get back from the
>memset, we pull a pointer off the stack (which is now zero) and page
>fault storing to an offset from the zero'd pointer.  So it seems like
>maybe the size of the structure used to setup r13 doesn't match what
>we're using later.  Does that make more sense?  Thanks,
>
>       Alex

Make sense and thanks for info. We shouldn't manipulate switch stack area for 
current running vcpu, since that area only makes sense when specific vcpu is 
de-activated. The initial stack of idle vcpu0 starts from point under pt_regs, 
and thus above memset definitely corrupts active stack frames. Could you try 
whether following change working for you?

Thanks,
Kevin

diff -r cfa3b96b056d xen/arch/ia64/xen/domain.c
--- a/xen/arch/ia64/xen/domain.c        Fri Jan 13 20:58:41 2006
+++ b/xen/arch/ia64/xen/domain.c        Wed Jan 25 10:44:09 2006
@@ -195,11 +195,7 @@
 int arch_do_createdomain(struct vcpu *v)
 {
        struct domain *d = v->domain;
-       struct thread_info *ti = alloc_thread_info(v);
-
-       /* Clear thread_info to clear some important fields, like preempt_count 
*/
-       memset(ti, 0, sizeof(struct thread_info));
-       init_switch_stack(v);
+       struct thread_info *ti;
 
        // the following will eventually need to be negotiated dynamically
        d->xen_vastart = XEN_START_ADDR;
@@ -208,6 +204,11 @@
 
        if (is_idle_vcpu(v))
            return 0;
+
+       /* Clear thread_info to clear some important fields, like preempt_count 
*/
+       ti = alloc_thread_info(v);
+       memset(ti, 0, sizeof(struct thread_info));
+       init_switch_stack(v);
 
        d->shared_info = (void *)alloc_xenheap_page();
        if (!d->shared_info) {

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel

WARNING - OLD ARCHIVES

xen-ia64-devel

RE: [Xen-ia64-devel] stack corruption creating idle domain