x86/HVM: improve a few state load checks

Using plain int for instance numbers looks quite dangerous without
being aware that hvm_load_instance() returns an unsigned quantity. Make
this more explicit. Also replace uint16_t uses by unsigned int.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index c7eb943ed36ddcc4049146751106abffef2c9cd7..f9408e1ee4b3b4a6fb80c325fc14faf14ab38336 100644 (file)
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -976,14 +976,13 @@ unsigned long hvm_cr4_guest_valid_bits(const struct domain *d, bool restore)
 
 static int hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context_t *h)
 {
-    int vcpuid;
+    unsigned int vcpuid = hvm_load_instance(h);
     struct vcpu *v;
     struct hvm_hw_cpu ctxt;
     struct segment_register seg;
     const char *errstr;
 
     /* Which vcpu is this? */
-    vcpuid = hvm_load_instance(h);
     if ( vcpuid >= d->max_vcpus || (v = d->vcpu[vcpuid]) == NULL )
     {
         dprintk(XENLOG_G_ERR, "HVM restore: dom%u has no vcpu%u\n",

diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c
index 2b00993a7bdba65e1ac5c0f2467b257d5eb24400..eb86cbacb4ec6cc60f871be63ee6bff8f38818af 100644 (file)
--- a/xen/arch/x86/hvm/mtrr.c
+++ b/xen/arch/x86/hvm/mtrr.c
@@ -768,7 +768,7 @@ static int hvm_save_mtrr_msr(struct domain *d, hvm_domain_context_t *h)
 
 static int hvm_load_mtrr_msr(struct domain *d, hvm_domain_context_t *h)
 {
-    int vcpuid, i;
+    unsigned int vcpuid, i;
     struct vcpu *v;
     struct mtrr_state *mtrr_state;
     struct hvm_hw_mtrr hw_mtrr;

diff --git a/xen/arch/x86/hvm/viridian.c b/xen/arch/x86/hvm/viridian.c
index 694eae6336e68d9107996655b90ff047e833ac95..486065182c5d594bddb4ea6483a0dc8926afd165 100644 (file)
--- a/xen/arch/x86/hvm/viridian.c
+++ b/xen/arch/x86/hvm/viridian.c
@@ -1048,11 +1048,10 @@ static int viridian_save_vcpu_ctxt(struct domain *d, hvm_domain_context_t *h)
 
 static int viridian_load_vcpu_ctxt(struct domain *d, hvm_domain_context_t *h)
 {
-    int vcpuid;
+    unsigned int vcpuid = hvm_load_instance(h);
     struct vcpu *v;
     struct hvm_viridian_vcpu_context ctxt;
 
-    vcpuid = hvm_load_instance(h);
     if ( vcpuid >= d->max_vcpus || (v = d->vcpu[vcpuid]) == NULL )
     {
         dprintk(XENLOG_G_ERR, "HVM restore: dom%d has no vcpu%u\n",

diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c
index 1b9f00a0e4ae64a0cd92c30a1dbb3979ff416749..cf8f606e550c62a8d5e91fe9d1b3d6c8b60c39a2 100644 (file)
--- a/xen/arch/x86/hvm/vlapic.c
+++ b/xen/arch/x86/hvm/vlapic.c
@@ -1507,7 +1507,7 @@ static void lapic_load_fixup(struct vlapic *vlapic)
 
 static int lapic_load_hidden(struct domain *d, hvm_domain_context_t *h)
 {
-    uint16_t vcpuid;
+    unsigned int vcpuid = hvm_load_instance(h);
     struct vcpu *v;
     struct vlapic *s;
 
@@ -1515,7 +1515,6 @@ static int lapic_load_hidden(struct domain *d, hvm_domain_context_t *h)
         return -ENODEV;
 
     /* Which vlapic to load? */
-    vcpuid = hvm_load_instance(h); 
     if ( vcpuid >= d->max_vcpus || (v = d->vcpu[vcpuid]) == NULL )
     {
         dprintk(XENLOG_G_ERR, "HVM restore: dom%d has no apic%u\n",
@@ -1542,7 +1541,7 @@ static int lapic_load_hidden(struct domain *d, hvm_domain_context_t *h)
 
 static int lapic_load_regs(struct domain *d, hvm_domain_context_t *h)
 {
-    uint16_t vcpuid;
+    unsigned int vcpuid = hvm_load_instance(h);
     struct vcpu *v;
     struct vlapic *s;
 
@@ -1550,7 +1549,6 @@ static int lapic_load_regs(struct domain *d, hvm_domain_context_t *h)
         return -ENODEV;
 
     /* Which vlapic to load? */
-    vcpuid = hvm_load_instance(h); 
     if ( vcpuid >= d->max_vcpus || (v = d->vcpu[vcpuid]) == NULL )
     {
         dprintk(XENLOG_G_ERR, "HVM restore: dom%d has no apic%u\n",

diff --git a/xen/arch/x86/hvm/vpic.c b/xen/arch/x86/hvm/vpic.c
index e160bbdc40a293cfa3b819b042d7709a066d9e1c..cfc95442167caf1733cfadd7078a9cf67cc88739 100644 (file)
--- a/xen/arch/x86/hvm/vpic.c
+++ b/xen/arch/x86/hvm/vpic.c
@@ -393,13 +393,12 @@ static int vpic_save(struct domain *d, hvm_domain_context_t *h)
 static int vpic_load(struct domain *d, hvm_domain_context_t *h)
 {
     struct hvm_hw_vpic *s;
-    uint16_t inst;
+    unsigned int inst = hvm_load_instance(h);
 
     if ( !has_vpic(d) )
         return -ENODEV;
 
     /* Which PIC is this? */
-    inst = hvm_load_instance(h);
     if ( inst > 1 )
         return -EINVAL;
     s = &d->arch.hvm_domain.vpic[inst];

diff --git a/xen/include/asm-x86/hvm/save.h b/xen/include/asm-x86/hvm/save.h
index f889e8fe1dda32e67f6a2e2be040eef420651165..5a3b347e0dbfb88c0d42ce02d4d8d4e58a453d2f 100644 (file)
--- a/xen/include/asm-x86/hvm/save.h
+++ b/xen/include/asm-x86/hvm/save.h
@@ -84,10 +84,10 @@ void _hvm_read_entry(struct hvm_domain_context *h,
     _hvm_load_entry(_x, _h, _dst, 0)
 
 /* Unmarshalling: what is the instance ID of the next entry? */
-static inline uint16_t hvm_load_instance(struct hvm_domain_context *h)
+static inline unsigned int hvm_load_instance(const struct hvm_domain_context *h)
 {
-    struct hvm_save_descriptor *d 
-        = (struct hvm_save_descriptor *)&h->data[h->cur];
+    const struct hvm_save_descriptor *d = (const void *)&h->data[h->cur];
+
     return d->instance;
 }