Skip to content

K
Kernel

openeuler / Kernel
1 年多 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
切换分支/标签
  1. 29 7月, 2008 3 次提交
  3. 25 7月, 2008 2 次提交
  5. 11 7月, 2008 1 次提交
  7. 26 6月, 2008 1 次提交
  9. 20 6月, 2008 1 次提交
    • S
      x86: fix NULL pointer deref in __switch_to · 54481cf8
      Suresh Siddha 提交于 
      I am able to reproduce the oops reported by Simon in __switch_to() with
lguest.

My debug showed that there is at least one lguest specific
issue (which should be present in 2.6.25 and before aswell) and it got
exposed with a kernel oops with the recent fpu dynamic allocation patches.

In addition to the previous possible scenario (with fpu_counter), in the
presence of lguest, it is possible that the cpu's TS bit it still set and the
lguest launcher task's thread_info has TS_USEDFPU still set.

This is because of the way the lguest launcher handling the guest's TS bit.
(look at lguest_set_ts() in lguest_arch_run_guest()). This can result
in a DNA fault while doing unlazy_fpu() in __switch_to(). This will
end up causing a DNA fault in the context of new process thats
getting context switched in (as opossed to handling DNA fault in the context
of lguest launcher/helper process).

This is wrong in both pre and post 2.6.25 kernels. In the recent
2.6.26-rc series, this is showing up as NULL pointer dereferences or
sleeping function called from atomic context(__switch_to()), as
we free and dynamically allocate the FPU context for the newly
created threads. Older kernels might show some FPU corruption for processes
running inside of lguest.

With the appended patch, my test system is running for more than 50 mins
now. So atleast some of your oops (hopefully all!) should get fixed.
Please give it a try. I will spend more time with this fix tomorrow.
Reported-by: NSimon Holm Thøgersen <odie@cs.aau.dk>
Reported-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NSuresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: NIngo Molnar <mingo@elte.hu>
      54481cf8
  11. 30 5月, 2008 2 次提交
    • R
      virtio: set device index in common code. · b769f579
      Rusty Russell 提交于 
      Anthony Liguori points out that three different transports use the virtio code,
but each one keeps its own counter to set the virtio_device's index field.  In
theory (though not in current practice) this means that names could be
duplicated, and that risk grows as more transports are created.

So we move the selection of the unique virtio_device.index into the common code
in virtio.c, which has the side-benefit of removing duplicate code.

The only complexity is that lguest and S/390 use the index to uniquely identify
the device in case of catastrophic failure before register_virtio_device() is
called: now we use the offset within the descriptor page as a unique identifier
for the printks.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Carsten Otte <cotte@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Chris Lalancette <clalance@redhat.com>
Cc: Anthony Liguori <anthony@codemonkey.ws>
      b769f579
    • R
      lguest: use ioremap_cache, not ioremap · e27810f1
      Rusty Russell 提交于 
      Thanks to Jon Corbet & LWN.  Only took me a day to join the dots.

Host->Guest netcat before (with unnecessily large receive buffers):
1073741824 bytes (1.1 GB) copied, 24.7528 seconds, 43.4 MB/s

After:
1073741824 bytes (1.1 GB) copied, 17.6369 seconds, 60.9 MB/s
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      e27810f1
  13. 27 5月, 2008 1 次提交
  15. 02 5月, 2008 4 次提交
    • R
      lguest: make Launcher see device status updates · a007a751
      Rusty Russell 提交于 
      This brings us closer to Real Life, where we'd examine the device
features once it's set the DRIVER_OK status bit.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      a007a751
    • R
      lguest: remove bogus NULL cpu check · 9f3f7467
      Rusty Russell 提交于 
      If lg isn't NULL, and cpu_id is sane, &lg->cpus[cpu_id] can't be NULL.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      9f3f7467
    • R
      lguest: avoid using NR_CPUS as a bounds check. · 24adf127
      Rusty Russell 提交于 
      NR_CPUS (being a host number) is an arbitrary limit for the Guest.
Using the array size directly (which currently happes to be NR_CPUS)
is more futureproof.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      24adf127
    • R
      virtio: explicit advertisement of driver features · c45a6816
      Rusty Russell 提交于 
      A recent proposed feature addition to the virtio block driver revealed
some flaws in the API: in particular, we assume that feature
negotiation is complete once a driver's probe function returns.

There is nothing in the API to require this, however, and even I
didn't notice when it was violated.

So instead, we require the driver to specify what features it supports
in a table, we can then move the feature negotiation into the virtio
core.  The intersection of device and driver features are presented in
a new 'features' bitmap in the struct virtio_device.

Note that this highlights the difference between Linux unsigned-long
bitmaps where each unsigned long is in native endian, and a
straight-forward little-endian array of bytes.

Drivers can still remove feature bits in their probe routine if they
really have to.

API changes:
- dev->config->feature() no longer gets and acks a feature.
- drivers should advertise their features in the 'feature_table' field
- use virtio_has_feature() for extra sanity when checking feature bits
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      c45a6816
  17. 19 4月, 2008 1 次提交
  19. 31 3月, 2008 1 次提交
  21. 28 3月, 2008 2 次提交
  23. 11 3月, 2008 3 次提交
    • R
      lguest: Revert 1ce70c4f, fix real problem. · 4357bd94
      Rusty Russell 提交于 
      Ahmed managed to crash the Host in release_pgd(), which cannot be a Guest
bug, and indeed it wasn't.

The bug was that handing a 0 as the address of the toplevel page table
being manipulated can cause the lookup code in find_pgdir() to return
an uninitialized cache entry (we shadow up to 4 top level page tables
for each Guest).

Commit 37cc8d7f introduced this
behaviour in the Guest, uncovering the bug.

The patch which he submitted (which removed the /4 from the index
calculation) simply ensured that these high-indexed entries hit the
early exit path of guest_set_pmd().  But you get lots of segfaults in
guest userspace as the PMDs aren't being updated.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      4357bd94
    • R
      lguest: fix __get_vm_area usage. · f14ae652
      Rusty Russell 提交于 
      Robert Bragg's 5dc33185 tightened
(ie. fixed) the checking in __get_vm_area, and it broke lguest.

lguest should pass the exact "end" it wants, not some random constant
(it was possible previously that it would actually get an address
different from SWITCHER_ADDR).

Also, Fabio Checconi pointed out that we should make sure we're not
hitting the fixmap area.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
Cc: Robert Bragg <robert@sixbynine.org>
      f14ae652
    • E
      lguest: make sure cpu is initialized before accessing it · f73d1e6c
      Eugene Teo 提交于 
      If req is LHREQ_INITIALIZE, and the guest has been initialized before
(unlikely), it will attempt to access cpu->tsk even though cpu is not yet
initialized.
Signed-off-by: NEugene Teo <eugeneteo@kernel.sg>
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      f73d1e6c
  25. 10 2月, 2008 1 次提交
  27. 09 2月, 2008 1 次提交
  29. 04 2月, 2008 3 次提交
    • R
      virtio: reset function · 6e5aa7ef
      Rusty Russell 提交于 
      A reset function solves three problems:

1) It allows us to renegotiate features, eg. if we want to upgrade a
   guest driver without rebooting the guest.

2) It gives us a clean way of shutting down virtqueues: after a reset,
   we know that the buffers won't be used by the host, and

3) It helps the guest recover from messed-up drivers.

So we remove the ->shutdown hook, and the only way we now remove
feature bits is via reset.

We leave it to the driver to do the reset before it deletes queues:
the balloon driver, for example, needs to chat to the host in its
remove function.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      6e5aa7ef
    • R
      virtio: explicit enable_cb/disable_cb rather than callback return. · 18445c4d
      Rusty Russell 提交于 
      It seems that virtio_net wants to disable callbacks (interrupts) before
calling netif_rx_schedule(), so we can't use the return value to do so.

Rename "restart" to "cb_enable" and introduce "cb_disable" hook: callback
now returns void, rather than a boolean.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      18445c4d
    • R
      virtio: simplify config mechanism. · a586d4f6
      Rusty Russell 提交于 
      Previously we used a type/len pair within the config space, but this
seems overkill.  We now simply define a structure which represents the
layout in the config space: the config space can now only be extended
at the end.

The main driver-visible changes:
1) We indicate what fields are present with an explicit feature bit.
2) Virtqueues are explicitly numbered, and not in the config space.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      a586d4f6
  31. 31 1月, 2008 1 次提交
  33. 30 1月, 2008 12 次提交