[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [Patch] cmpxchg emulation returns wrong ZF

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: Juergen Gross <juergen.gross@xxxxxxxxxxxxxx>
Date: Thu, 06 Aug 2009 08:49:15 +0200
Delivery-date: Wed, 05 Aug 2009 23:49:43 -0700
Domainkey-signature: s=s1536a; d=ts.fujitsu.com; c=nofws; q=dns; h=X-SBRSScore:X-IronPort-AV:Received:X-IronPort-AV: Received:Received:Message-ID:Date:From:Organization: User-Agent:MIME-Version:To:Subject:X-Enigmail-Version: Content-Type; b=oxOxPCOLxVc4SNnmUR8o3ElQvxysNyPg3jmxaypKvpXh5G+wc4LA3L6T X7tM9gcw5nSFNygrQPBFTCvI5aabIySgAXujkYj04mP4rOJtCpUdP8LhL WTg9XfmONtr8MBcF6PUHbWpkjUg3U6uX4BJMEVBnSRF04zHErfQWTuaNa R7FT8vRD+d6HCJ3LBsp2Grk86U/vja4KVyIOiY4g5OANQq5ervwstaI8t QkO4q58tN38Z4eUHAe73YpoqeomXp;
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Hi,

attached patch corrects a bug in cmpxchg emulation in the hypervisor.

BS2000 running as HVM-domain on 4 vcpus (no HAP) hit an error due to this bug
after several days.


Juergen

-- 
Juergen Gross                 Principal Developer Operating Systems
TSP ES&S SWE OS6                       Telephone: +49 (0) 89 636 47950
Fujitsu Technolgy Solutions               e-mail: juergen.gross@xxxxxxxxxxxxxx
Otto-Hahn-Ring 6                        Internet: ts.fujitsu.com
D-81739 Muenchen                 Company details: ts.fujitsu.com/imprint.html

The cmpxchg emulation for accesses to page tables of guests doesn't handle
races correct.
ops->cmpxchg might return X86EMUL_CMPXCHG_FAILED if the addressed memory
location changed after checking the old contents. In this case ZF was not
changed and could remain 1 instead of being set to 0.

Signed-off-by: juergen.gross@xxxxxxxxxxxxxx


# HG changeset patch
# User juergen.gross@xxxxxxxxxxxxxx
# Date 1249540842 -7200
# Node ID 26adbdb6cb1d59d95e0a65b6a0d38fa8e95b9f51
# Parent  68e8b8379244e293c55875e7dc3692fc81d3d212
handle race on cmpxchg emulation

diff -r 68e8b8379244 -r 26adbdb6cb1d xen/arch/x86/x86_emulate/x86_emulate.c
--- a/xen/arch/x86/x86_emulate/x86_emulate.c    Sun Aug 02 13:43:15 2009 +0100
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c    Thu Aug 06 08:40:42 2009 +0200
@@ -4124,6 +4124,7 @@
         op_bytes *= 2;
 
         /* Get actual old value. */
+cmpxchg_failed:
         for ( i = 0; i < (op_bytes/sizeof(long)); i++ )
             if ( (rc = read_ulong(ea.mem.seg, ea.mem.off + i*sizeof(long),
                                   &old[i], sizeof(long), ctxt, ops)) != 0 )
@@ -4151,10 +4152,13 @@
         else
         {
             /* Expected == actual: attempt atomic cmpxchg and set ZF. */
-            if ( (rc = ops->cmpxchg(ea.mem.seg, ea.mem.off, old,
-                                    new, op_bytes, ctxt)) != 0 )
-                goto done;
-            _regs.eflags |= EFLG_ZF;
+            rc = ops->cmpxchg(ea.mem.seg, ea.mem.off, old, new, op_bytes, 
ctxt);
+            if ( rc == 0 )
+                _regs.eflags |= EFLG_ZF;
+            else if ( rc == X86EMUL_CMPXCHG_FAILED )
+                goto cmpxchg_failed;
+            else
+                goto done;
         }
         break;
     }

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] [Patch] cmpxchg emulation returns wrong ZF
  - From: Keir Fraser
- Re: [Xen-devel] [Patch] cmpxchg emulation returns wrong ZF
  - From: Jan Beulich

Prev by Date: [Xen-devel] Re: With latest Qemu and Xen-3.4, VT-d does not work
Next by Date: RE: [Xen-devel] kernel BUG at arch/x86/xen/multicalls.c:103!
Previous by thread: [Xen-devel] With latest Qemu and Xen-3.4, VT-d does not work
Next by thread: Re: [Xen-devel] [Patch] cmpxchg emulation returns wrong ZF
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.