WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH] x86/mcheck: do not blindly de-reference dom0 et al

from [Jan Beulich] [Permanent Link][Original]
To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] x86/mcheck: do not blindly de-reference dom0 et al
From: "Jan Beulich" <JBeulich@xxxxxxxxxx>
Date: Tue, 16 Feb 2010 11:53:11 +0000
Cc: Yunhong Jiang <yunhong.jiang@xxxxxxxxx>
Delivery-date: Tue, 16 Feb 2010 03:55:08 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Since machine checks and CMCIs can happen before Dom0 even gets
constructed, the handlers of these events have to avoid de-referencing
respective pointers without checking.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>

--- 2010-02-09.orig/xen/arch/x86/cpu/mcheck/amd_nonfatal.c      2010-01-13 
18:58:11.000000000 +0100
+++ 2010-02-09/xen/arch/x86/cpu/mcheck/amd_nonfatal.c   2010-02-16 
12:08:51.000000000 +0100
@@ -84,12 +84,9 @@ static void mce_amd_checkregs(void *info
 {
        mctelem_cookie_t mctc;
        struct mca_summary bs;
-       unsigned int event_enabled;
 
        mctc = mcheck_mca_logout(MCA_POLLER, mca_allbanks, &bs, NULL);
 
-       event_enabled = guest_enabled_event(dom0->vcpu[0], VIRQ_MCA);
-
        if (bs.errcnt && mctc != NULL) {
                static uint64_t dumpcount = 0;
 
@@ -101,7 +98,7 @@ static void mce_amd_checkregs(void *info
                 * a simple-minded attempt to avoid spamming the console
                 * for corrected errors in early startup. */
 
-               if (event_enabled) {
+               if (dom0_vmce_enabled()) {
                        mctelem_commit(mctc);
                        send_guest_global_virq(dom0, VIRQ_MCA);
                } else if (++dumpcount >= 10) {
@@ -136,7 +133,7 @@ static void mce_amd_work_fn(void *data)
        on_each_cpu(mce_amd_checkregs, data, 1);
 
        if (adjust > 0) {
-               if (!guest_enabled_event(dom0->vcpu[0], VIRQ_MCA) ) {
+               if (!dom0_vmce_enabled()) {
                        /* Dom0 did not enable VIRQ_MCA, so Xen is reporting. */
                        printk("MCE: polling routine found correctable error. "
                                " Use mcelog to parse above error output.\n");
--- 2010-02-09.orig/xen/arch/x86/cpu/mcheck/mce.c       2010-02-09 
09:00:50.000000000 +0100
+++ 2010-02-09/xen/arch/x86/cpu/mcheck/mce.c    2010-02-16 12:17:29.000000000 
+0100
@@ -414,7 +414,7 @@ void mcheck_cmn_handler(struct cpu_user_
         * as terminal for any context.
         */
        ctx_xen = SEG_PL(regs->cs) == 0;
-       ctx_dom0 = !ctx_xen && (domid == dom0->domain_id);
+       ctx_dom0 = !ctx_xen && (domid == 0);
        ctx_domU = !ctx_xen && !ctx_dom0;
 
        xen_state_lost = bs.uc != 0 || (ctx_xen && (bs.pcc || !ripv)) ||
@@ -463,7 +463,8 @@ void mcheck_cmn_handler(struct cpu_user_
         * XXFM Could add some Solaris dom0 contract kill here?
         */
        if (dom0_state_lost) {
-               if (guest_has_trap_callback(dom0, 0, TRAP_machine_check)) {
+               if (dom0 && dom0->max_vcpus && dom0->vcpu[0] &&
+                   guest_has_trap_callback(dom0, 0, TRAP_machine_check)) {
                        dom_state = DOM0_TRAP;
                        send_guest_trap(dom0, 0, TRAP_machine_check);
                        /* XXFM case of return with !ripv ??? */
@@ -532,7 +533,7 @@ cmn_handler_done:
        if (bs.errcnt) {
                /* Not panicing, so forward telemetry to dom0 now if it
                 * is interested. */
-               if (guest_enabled_event(dom0->vcpu[0], VIRQ_MCA)) {
+               if (dom0_vmce_enabled()) {
                        if (mctc != NULL)
                                mctelem_commit(mctc);
                        send_guest_global_virq(dom0, VIRQ_MCA);
--- 2010-02-09.orig/xen/arch/x86/cpu/mcheck/mce.h       2010-02-03 
16:15:15.000000000 +0100
+++ 2010-02-09/xen/arch/x86/cpu/mcheck/mce.h    2010-02-16 12:32:26.000000000 
+0100
@@ -55,6 +55,8 @@ void mc_panic(char *s);
 void x86_mc_get_cpu_info(unsigned, uint32_t *, uint16_t *, uint16_t *,
                         uint32_t *, uint32_t *, uint32_t *, uint32_t *);
 
+#define dom0_vmce_enabled() (dom0 && dom0->max_vcpus && dom0->vcpu[0] \
+       && guest_enabled_event(dom0->vcpu[0], VIRQ_MCA))
 
 /* Register a handler for machine check exceptions. */
 typedef void (*x86_mce_vector_t)(struct cpu_user_regs *, long);
--- 2010-02-09.orig/xen/arch/x86/cpu/mcheck/mce_intel.c 2010-02-09 
09:16:49.000000000 +0100
+++ 2010-02-09/xen/arch/x86/cpu/mcheck/mce_intel.c      2010-02-16 
12:11:40.000000000 +0100
@@ -518,7 +518,7 @@ static void mce_softirq(void)
         }
 
         /* Step2: Send Log to DOM0 through vIRQ */
-        if (dom0 && guest_enabled_event(dom0->vcpu[0], VIRQ_MCA)) {
+        if (dom0_vmce_enabled()) {
             mce_printk(MCE_VERBOSE, "MCE: send MCE# to DOM0 through virq\n");
             send_guest_global_virq(dom0, VIRQ_MCA);
         }
@@ -863,7 +863,7 @@ static void cmci_discover(void)
         MCA_CMCI_HANDLER, __get_cpu_var(mce_banks_owned), &bs, NULL);
 
     if (bs.errcnt && mctc != NULL) {
-        if (guest_enabled_event(dom0->vcpu[0], VIRQ_MCA)) {
+        if (dom0_vmce_enabled()) {
             mctelem_commit(mctc);
             send_guest_global_virq(dom0, VIRQ_MCA);
         } else {
@@ -978,7 +978,7 @@ fastcall void smp_cmci_interrupt(struct 
         MCA_CMCI_HANDLER, __get_cpu_var(mce_banks_owned), &bs, NULL);
 
     if (bs.errcnt && mctc != NULL) {
-        if (guest_enabled_event(dom0->vcpu[0], VIRQ_MCA)) {
+        if (dom0_vmce_enabled()) {
             mctelem_commit(mctc);
             mce_printk(MCE_VERBOSE, "CMCI: send CMCI to DOM0 through virq\n");
             send_guest_global_virq(dom0, VIRQ_MCA);
--- 2010-02-09.orig/xen/arch/x86/cpu/mcheck/non-fatal.c 2010-01-13 
18:58:11.000000000 +0100
+++ 2010-02-09/xen/arch/x86/cpu/mcheck/non-fatal.c      2010-02-16 
12:09:10.000000000 +0100
@@ -53,7 +53,7 @@ static void mce_checkregs (void *info)
                 * for corrected errors in early startup.
                 */
 
-               if (guest_enabled_event(dom0->vcpu[0], VIRQ_MCA)) {
+               if (dom0_vmce_enabled()) {
                        mctelem_commit(mctc);
                        send_guest_global_virq(dom0, VIRQ_MCA);
                } else if (++dumpcount >= 10) {

Attachment: x86-mce-dom0-check.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] x86/mcheck: do not blindly de-reference dom0 et al, Jan Beulich <=
Previous by Date:  [Xen-users] Re: [rhelv5-list] Itanium support ..., Zoran Popović
Next by Date:  [Xen-devel] Third release candidiate for Xen 4.0.0, Keir Fraser
Previous by Thread:  [Xen-users] Re: [rhelv5-list] Itanium support ..., Zoran Popović
Next by Thread:  [Xen-devel] Third release candidiate for Xen 4.0.0, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy