[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] x86/MCE: sanitize domain/vcpu ID handling

commit bf118558984ebd42843bc81f873b3f378aca4fdd
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Mar 8 15:07:41 2017 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Mar 8 15:07:41 2017 +0100

    x86/MCE: sanitize domain/vcpu ID handling
    
    Storing -1 into both fields was misleading consumers: We really should
    have a manifest constant for "invalid vCPU" here, and the already
    existing DOMID_INVALID should be used.
    
    Also correct a bogus (dead code) check in mca_init_global(), at once
    introducing a manifest constant for the early boot "invalid vCPU"
    pointer (avoiding proliferation of the open coding). Make that pointer
    a non-canonical address at once.
    
    Finally, don't leave mc_domid uninitialized in mca_init_bank().
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 xen/arch/x86/cpu/mcheck/mcaction.c    |  3 ++-
 xen/arch/x86/cpu/mcheck/mce.c         | 18 ++++++++----------
 xen/arch/x86/cpu/mcheck/vmce.c        |  2 +-
 xen/arch/x86/domain_page.c            |  3 ++-
 xen/arch/x86/setup.c                  |  2 +-
 xen/include/asm-x86/setup.h           |  3 +++
 xen/include/public/arch-x86/xen-mca.h |  2 ++
 7 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/xen/arch/x86/cpu/mcheck/mcaction.c 
b/xen/arch/x86/cpu/mcheck/mcaction.c
index 9cf2499..322163a 100644
--- a/xen/arch/x86/cpu/mcheck/mcaction.c
+++ b/xen/arch/x86/cpu/mcheck/mcaction.c
@@ -100,7 +100,8 @@ mc_memerr_dhandler(struct mca_binfo *binfo,
                     goto vmce_failed;
                 }
 
-                if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL )
+                if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ||
+                    global->mc_vcpuid == XEN_MC_VCPUID_INVALID)
                     vmce_vcpuid = VMCE_INJECT_BROADCAST;
                 else
                     vmce_vcpuid = global->mc_vcpuid;
diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c
index bc5b79e..191a35a 100644
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
@@ -18,6 +18,7 @@
 #include <xen/cpu.h>
 
 #include <asm/processor.h>
+#include <asm/setup.h>
 #include <asm/system.h>
 #include <asm/apic.h>
 #include <asm/msr.h>
@@ -215,6 +216,7 @@ static void mca_init_bank(enum mca_source who,
     mib->common.type = MC_TYPE_BANK;
     mib->common.size = sizeof (struct mcinfo_bank);
     mib->mc_bank = bank;
+    mib->mc_domid = DOMID_INVALID;
 
     if (mib->mc_status & MCi_STATUS_MISCV)
         mib->mc_misc = mca_rdmsr(MSR_IA32_MCx_MISC(bank));
@@ -245,15 +247,15 @@ static int mca_init_global(uint32_t flags, struct 
mcinfo_global *mig)
 {
     uint64_t status;
     int cpu_nr;
-    struct vcpu *v = current;
-    struct domain *d;
+    const struct vcpu *curr = current;
 
     /* Set global information */
     mig->common.type = MC_TYPE_GLOBAL;
     mig->common.size = sizeof (struct mcinfo_global);
     status = mca_rdmsr(MSR_IA32_MCG_STATUS);
     mig->mc_gstatus = status;
-    mig->mc_domid = mig->mc_vcpuid = -1;
+    mig->mc_domid = DOMID_INVALID;
+    mig->mc_vcpuid = XEN_MC_VCPUID_INVALID;
     mig->mc_flags = flags;
     cpu_nr = smp_processor_id();
     /* Retrieve detector information */
@@ -261,13 +263,9 @@ static int mca_init_global(uint32_t flags, struct 
mcinfo_global *mig)
                         &mig->mc_coreid, &mig->mc_core_threadid,
                         &mig->mc_apicid, NULL, NULL, NULL);
 
-    /* This is really meaningless */
-    if (v != NULL && ((d = v->domain) != NULL)) {
-        mig->mc_domid = d->domain_id;
-        mig->mc_vcpuid = v->vcpu_id;
-    } else {
-        mig->mc_domid = -1;
-        mig->mc_vcpuid = -1;
+    if (curr != INVALID_VCPU) {
+        mig->mc_domid = curr->domain->domain_id;
+        mig->mc_vcpuid = curr->vcpu_id;
     }
 
     return 0;
diff --git a/xen/arch/x86/cpu/mcheck/vmce.c b/xen/arch/x86/cpu/mcheck/vmce.c
index 8b727b4..7dde457 100644
--- a/xen/arch/x86/cpu/mcheck/vmce.c
+++ b/xen/arch/x86/cpu/mcheck/vmce.c
@@ -391,7 +391,7 @@ int fill_vmsr_data(struct mcinfo_bank *mc_bank, struct 
domain *d,
 {
     struct vcpu *v = d->vcpu[0];
 
-    if ( mc_bank->mc_domid != (uint16_t)~0 )
+    if ( mc_bank->mc_domid != DOMID_INVALID )
     {
         if ( v->arch.vmce.mcg_status & MCG_STATUS_MCIP )
         {
diff --git a/xen/arch/x86/domain_page.c b/xen/arch/x86/domain_page.c
index a58ef8e..71baede 100644
--- a/xen/arch/x86/domain_page.c
+++ b/xen/arch/x86/domain_page.c
@@ -16,6 +16,7 @@
 #include <asm/current.h>
 #include <asm/flushtlb.h>
 #include <asm/hardirq.h>
+#include <asm/setup.h>
 
 static struct vcpu *__read_mostly override;
 
@@ -28,7 +29,7 @@ static inline struct vcpu *mapcache_current_vcpu(void)
      * When current isn't properly set up yet, this is equivalent to
      * running in an idle vCPU (callers must check for NULL).
      */
-    if ( v == (struct vcpu *)0xfffff000 )
+    if ( v == INVALID_VCPU )
         return NULL;
 
     /*
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index dab67d5..5bb387b 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -657,7 +657,7 @@ void __init noreturn __start_xen(unsigned long mbi_p)
     /* Critical region without IDT or TSS.  Any fault is deadly! */
 
     set_processor_id(0);
-    set_current((struct vcpu *)0xfffff000); /* debug sanity. */
+    set_current(INVALID_VCPU); /* debug sanity. */
     idle_vcpu[0] = current;
 
     percpu_init_areas();
diff --git a/xen/include/asm-x86/setup.h b/xen/include/asm-x86/setup.h
index 47b9442..c5b3d4e 100644
--- a/xen/include/asm-x86/setup.h
+++ b/xen/include/asm-x86/setup.h
@@ -4,6 +4,9 @@
 #include <xen/multiboot.h>
 #include <asm/numa.h>
 
+/* vCPU pointer used prior to there being a valid one around */
+#define INVALID_VCPU ((struct vcpu *)0xccccccccccccc000UL)
+
 extern const char __2M_text_start[], __2M_text_end[];
 extern const char __2M_rodata_start[], __2M_rodata_end[];
 extern char __2M_init_start[], __2M_init_end[];
diff --git a/xen/include/public/arch-x86/xen-mca.h 
b/xen/include/public/arch-x86/xen-mca.h
index 1868371..7db9907 100644
--- a/xen/include/public/arch-x86/xen-mca.h
+++ b/xen/include/public/arch-x86/xen-mca.h
@@ -88,6 +88,8 @@
 #define XEN_MC_NOTDELIVERED 0x10
 /* Note, XEN_MC_CANNOTHANDLE and XEN_MC_NOTDELIVERED are mutually exclusive. */
 
+/* Applicable to all mc_vcpuid fields below. */
+#define XEN_MC_VCPUID_INVALID 0xffff
 
 #ifndef __ASSEMBLY__
 
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.