x86: Add warning comment explaining restrictions to play_dead().

Signed-off-by: Shan Haitao <haitao.shan@intel.com>
Signed-off-by: Keir Fraser <keir@xen.org>

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index d432eb89906f8679d402ea06d34e616c12fd86d9..b91adfb5a4df5b68512eb5804fdf83b5fa31f556 100644 (file)
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -99,6 +99,15 @@ static void default_dead_idle(void)
 
 static void play_dead(void)
 {
+    /*
+     * NOTE: After cpu_exit_clear, per-cpu variables are no longer accessible,
+     * as they may be freed at any time. In this case, heap corruption or
+     * #PF can occur (when heap debugging is enabled). For example, even
+     * printk() can involve tasklet scheduling, which touches per-cpu vars.
+     * 
+     * Consider very carefully when adding code to this path. Most hypervisor
+     * subsystems are unsafe to call.
+     */
     cpu_exit_clear(smp_processor_id());
     mb();
     local_irq_disable();