Richard W.M. Jones
2007-May-15 21:26 UTC
[Xen-devel] [PATCH] IDE BMDMAState structure corruption with DMA_MULTI_THREAD
As I reported here: http://lists.xensource.com/archives/html/xen-devel/2007-05/msg00492.html I was experiencing qemu-dm segfaulting when trying to install FreeBSD 32 fullvirt on a heavily loaded machine. Dan Berrange and I tracked this down today to the BMDMAState structure being corrupted when a second DMA request was initiated by the guest before the first one had been completed. Because the DMA thread and the main thread share a pointer to a single BMDMAState, bm->dma_cb is set to NULL by the main thread, and later the DMA thread jumps to this address (in dma_thread_loop, at the line ''len1 = bm->dma_cb(bm->ide_if, prd.addr, len);''). The attached patch corrects this by passing the whole structure between the threads, rather than a pointer to the structure (5 words rather than 1, so there is a small amount of extra overhead). With this patch I have been able to complete the FreeBSD FV install under load successfully. Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel