Xen devel - Jan 2007 - Windows domain boot failure

Hi all,

When I tried to boot three windows domains continuously, the Windows
domain created first failed to boot. The qemu-dm process was terminated
with Segmentation fault. The reproduction procedure is below.

# xm create xxx
# xm create yyy
# xm create zzz

Environment :
  Machine              : Tiger4 with 2 phycical CPU (4 CPU core)
  Dom0  OS             : RHEL5
  Guest OS             : Windows 2003Server EE SP1
  Dom0 VCPUs           : 1
  Windows Domain VCPUs : 1


I am using RHEL5, but there is the same problem in Xen, I think.
The cause is seems to be in the IDE emulation code.

tools/ioemu/hw/ide.c :

(1)The IDE DMA process starts by ide_dma_start(). 
   "bm->ide_if" and "bm->dma_cb" are set here.

  static void ide_dma_start(IDEState *s, IDEDMAFunc *dma_cb)
  {
      BMDMAState *bm = s->bmdma;
      if(!bm)
          return;

      bm->ide_if = s;
      bm->dma_cb = dma_cb;
      if (bm->status & BM_STATUS_DMAING) {
          ide_dma_loop(bm);
      }
  }

(2)The other thread receives the DMA request and starts memory copy.
   "bm->dma_cb" and "bm->ide_if" are referred by the
thread.
    dma_thread_loop() :

          cpu_physical_memory_read(cur_addr, (uint8_t *)&prd, 8);
          prd.addr = le32_to_cpu(prd.addr);
          prd.size = le32_to_cpu(prd.size);
  #ifdef DEBUG_IDE
          printf("ide: dma: prd: %08x: addr=0x%08x size=0x%08x\n",
                 (int)cur_addr, prd.addr, prd.size);
  #endif
          len = prd.size & 0xfffe;
          if (len == 0)
              len = 0x10000;
          while (len > 0) {
              len1 = bm->dma_cb(bm->ide_if, prd.addr, len);
              if (len1 == 0)
                  goto the_end;
              prd.addr += len1;
              len -= len1;
          }

(3)The ide_dma_start() is called for the next DMA request before the
   thread has not finished the memory copy for the previous DMA request.
   When the thread finishes memory copy, "bm->dma_cb" and
"bm->ide_if"
   set to NULL in ide_dma_finish(). 

  static void ide_dma_finish(BMDMAState *bm)
  {
      IDEState *s = bm->ide_if;

      bm->status &= ~BM_STATUS_DMAING;
      bm->status |= BM_STATUS_INT;
      bm->dma_cb = NULL;
      bm->ide_if = NULL;
  #ifdef DMA_MULTI_THREAD
      ide_set_irq(s);
  #endif /* DMA_MULTI_THREAD */
  }

(4)The qemu-dm process is terminated with Segmentation fault because 
   the "bm->dma_cb" and "bm->ide_if" are set to NULL.


I am not sure how to correct this code. And I can not understand 
why this problem does not occur with linux domain.

Any help is appreciated.


Thanks,
Naoki Takayama



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel