From: Liu, Jinsong <jinsong.liu@intel.com>
Date: Fri, 5 Oct 2012 12:30:21 +0000 (+0200)
Subject: x86: add sanity check and comments for vMCE injection
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~7818
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b02dce5082373bd39225c00b0ef1fde32760cf38;p=xen.git

x86: add sanity check and comments for vMCE injection

Add sanity check for input vcpu so that malicious value would not
return 0. Add comments since vcpu=-1 (broadcast) is some implicit to
code reader.

Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Suggested-by: Christoph Egger <Christoph.Egger@amd.com>
Acked-by: Christoph Egger <Christoph.Egger@amd.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c
index 254cbc9100..a717dfd660 100644
--- a/xen/arch/x86/cpu/mcheck/mce_intel.c
+++ b/xen/arch/x86/cpu/mcheck/mce_intel.c
@@ -360,7 +360,7 @@ static void intel_memerr_dhandler(
                 }
 
                 /* We will inject vMCE to DOMU*/
-                if ( inject_vmce(d, -1) < 0 )
+                if ( inject_vmce(d, VMCE_INJECT_BROADCAST) < 0 )
                 {
                     mce_printk(MCE_QUIET, "inject vMCE to DOM%d"
                       " failed\n", d->domain_id);
diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c
index a486af5c9b..7d3fac7c0d 100644
--- a/xen/arch/x86/cpu/mcheck/vmce.c
+++ b/xen/arch/x86/cpu/mcheck/vmce.c
@@ -341,14 +341,20 @@ HVM_REGISTER_SAVE_RESTORE(VMCE_VCPU, vmce_save_vcpu_ctxt,
 /*
  * for Intel MCE, broadcast vMCE to all vcpus
  * for AMD MCE, only inject vMCE to vcpu0
+ *
+ * @ d, domain to which would inject vmce
+ * @ vcpu,
+ *   -1 (VMCE_INJECT_BROADCAST), broadcast vMCE to all vcpus
+ *   >= 0, vcpu, the vMCE is injected to
  */
 int inject_vmce(struct domain *d, int vcpu)
 {
     struct vcpu *v;
+    int ret = -ESRCH;
 
     for_each_vcpu ( d, v )
     {
-        if ( vcpu >= 0 && v->vcpu_id != vcpu )
+        if ( vcpu != VMCE_INJECT_BROADCAST && vcpu != v->vcpu_id )
             continue;
 
         if ( (is_hvm_domain(d) ||
@@ -358,19 +364,21 @@ int inject_vmce(struct domain *d, int vcpu)
             mce_printk(MCE_VERBOSE, "MCE: inject vMCE to d%d:v%d\n",
                        d->domain_id, v->vcpu_id);
             vcpu_kick(v);
+            ret = 0;
         }
         else
         {
             mce_printk(MCE_QUIET, "Failed to inject vMCE to d%d:v%d\n",
                        d->domain_id, v->vcpu_id);
-            return -EBUSY;
+            ret = -EBUSY;
+            break;
         }
 
-        if ( vcpu >= 0 )
-            return 0;
+        if ( vcpu != VMCE_INJECT_BROADCAST )
+            break;
     }
 
-    return v ? -ESRCH : 0;
+    return ret;
 }
 
 int fill_vmsr_data(struct mcinfo_bank *mc_bank, struct domain *d,
diff --git a/xen/arch/x86/cpu/mcheck/vmce.h b/xen/arch/x86/cpu/mcheck/vmce.h
index a83db4ac04..7263deb98f 100644
--- a/xen/arch/x86/cpu/mcheck/vmce.h
+++ b/xen/arch/x86/cpu/mcheck/vmce.h
@@ -18,6 +18,8 @@ int vmce_amd_wrmsr(struct vcpu *, uint32_t msr, uint64_t val);
 
 int fill_vmsr_data(struct mcinfo_bank *mc_bank, struct domain *d,
     uint64_t gstatus);
+
+#define VMCE_INJECT_BROADCAST (-1)
 int inject_vmce(struct domain *d, int vcpu);
 
 #endif