diff options
author | Liu, Jinsong <jinsong.liu@intel.com> | 2012-10-05 14:30:21 +0200 |
---|---|---|
committer | Liu, Jinsong <jinsong.liu@intel.com> | 2012-10-05 14:30:21 +0200 |
commit | b02dce5082373bd39225c00b0ef1fde32760cf38 (patch) | |
tree | 80f6cda20ff367126fc8b12236bbc17dd0d49e7d /xen/arch/x86/cpu | |
parent | 5a3be935c31be1861504dd1400651732d0d97297 (diff) | |
download | xen-b02dce5082373bd39225c00b0ef1fde32760cf38.tar.gz xen-b02dce5082373bd39225c00b0ef1fde32760cf38.tar.bz2 xen-b02dce5082373bd39225c00b0ef1fde32760cf38.zip |
x86: add sanity check and comments for vMCE injection
Add sanity check for input vcpu so that malicious value would not
return 0. Add comments since vcpu=-1 (broadcast) is some implicit to
code reader.
Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Suggested-by: Christoph Egger <Christoph.Egger@amd.com>
Acked-by: Christoph Egger <Christoph.Egger@amd.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
Diffstat (limited to 'xen/arch/x86/cpu')
-rw-r--r-- | xen/arch/x86/cpu/mcheck/mce_intel.c | 2 | ||||
-rw-r--r-- | xen/arch/x86/cpu/mcheck/vmce.c | 18 | ||||
-rw-r--r-- | xen/arch/x86/cpu/mcheck/vmce.h | 2 |
3 files changed, 16 insertions, 6 deletions
diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index 254cbc9100..a717dfd660 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -360,7 +360,7 @@ static void intel_memerr_dhandler( } /* We will inject vMCE to DOMU*/ - if ( inject_vmce(d, -1) < 0 ) + if ( inject_vmce(d, VMCE_INJECT_BROADCAST) < 0 ) { mce_printk(MCE_QUIET, "inject vMCE to DOM%d" " failed\n", d->domain_id); diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c index a486af5c9b..7d3fac7c0d 100644 --- a/xen/arch/x86/cpu/mcheck/vmce.c +++ b/xen/arch/x86/cpu/mcheck/vmce.c @@ -341,14 +341,20 @@ HVM_REGISTER_SAVE_RESTORE(VMCE_VCPU, vmce_save_vcpu_ctxt, /* * for Intel MCE, broadcast vMCE to all vcpus * for AMD MCE, only inject vMCE to vcpu0 + * + * @ d, domain to which would inject vmce + * @ vcpu, + * -1 (VMCE_INJECT_BROADCAST), broadcast vMCE to all vcpus + * >= 0, vcpu, the vMCE is injected to */ int inject_vmce(struct domain *d, int vcpu) { struct vcpu *v; + int ret = -ESRCH; for_each_vcpu ( d, v ) { - if ( vcpu >= 0 && v->vcpu_id != vcpu ) + if ( vcpu != VMCE_INJECT_BROADCAST && vcpu != v->vcpu_id ) continue; if ( (is_hvm_domain(d) || @@ -358,19 +364,21 @@ int inject_vmce(struct domain *d, int vcpu) mce_printk(MCE_VERBOSE, "MCE: inject vMCE to d%d:v%d\n", d->domain_id, v->vcpu_id); vcpu_kick(v); + ret = 0; } else { mce_printk(MCE_QUIET, "Failed to inject vMCE to d%d:v%d\n", d->domain_id, v->vcpu_id); - return -EBUSY; + ret = -EBUSY; + break; } - if ( vcpu >= 0 ) - return 0; + if ( vcpu != VMCE_INJECT_BROADCAST ) + break; } - return v ? -ESRCH : 0; + return ret; } int fill_vmsr_data(struct mcinfo_bank *mc_bank, struct domain *d, diff --git a/xen/arch/x86/cpu/mcheck/vmce.h b/xen/arch/x86/cpu/mcheck/vmce.h index a83db4ac04..7263deb98f 100644 --- a/xen/arch/x86/cpu/mcheck/vmce.h +++ b/xen/arch/x86/cpu/mcheck/vmce.h @@ -18,6 +18,8 @@ int vmce_amd_wrmsr(struct vcpu *, uint32_t msr, uint64_t val); int fill_vmsr_data(struct mcinfo_bank *mc_bank, struct domain *d, uint64_t gstatus); + +#define VMCE_INJECT_BROADCAST (-1) int inject_vmce(struct domain *d, int vcpu); #endif |