- fill_vmsr_data() leaked a domain reference; since the caller already
  obtained one, there's no need to obtain another one here
- intel_UCR_handler() could call put_domain() with a NULL pointer
- mcheck_mca_logout() updated a local data structure that wasn't used
  after the update

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>

--- 2010-02-09.orig/xen/arch/x86/cpu/mcheck/mce.c	2010-02-03 16:15:15.000000000 +0100
+++ 2010-02-09/xen/arch/x86/cpu/mcheck/mce.c	2010-02-09 09:00:50.000000000 +0100
@@ -300,13 +300,15 @@ mctelem_cookie_t mcheck_mca_logout(enum 
 
 	if (mci != NULL && errcnt > 0) {
 		x86_mcinfo_lookup(mic, mci, MC_TYPE_GLOBAL);
-		mig = (struct mcinfo_global *)mic;
-		if (pcc)
-			mcg.mc_flags |= MC_FLAG_UNCORRECTABLE;
+		mig = container_of(mic, struct mcinfo_global, common);
+		if (mic == NULL)
+			;
+		else if (pcc)
+			mig->mc_flags |= MC_FLAG_UNCORRECTABLE;
 		else if (uc)
-			mcg.mc_flags |= MC_FLAG_RECOVERABLE;
+			mig->mc_flags |= MC_FLAG_RECOVERABLE;
 		else
-			mcg.mc_flags |= MC_FLAG_CORRECTABLE;
+			mig->mc_flags |= MC_FLAG_CORRECTABLE;
 	}
 
 
--- 2010-02-09.orig/xen/arch/x86/cpu/mcheck/mce_intel.c	2010-02-03 16:15:15.000000000 +0100
+++ 2010-02-09/xen/arch/x86/cpu/mcheck/mce_intel.c	2010-02-09 09:16:49.000000000 +0100
@@ -225,22 +225,13 @@ static struct bank_entry* alloc_bank_ent
       for vMCE# MSRs virtualization
 */
 
-static int fill_vmsr_data(struct mcinfo_bank *mc_bank, 
+static int fill_vmsr_data(struct mcinfo_bank *mc_bank, struct domain *d,
         uint64_t gstatus) {
-    struct domain *d;
     struct bank_entry *entry;
 
     /* This error bank impacts one domain, we need to fill domain related
      * data for vMCE MSRs virtualization and vMCE# injection */
     if (mc_bank->mc_domid != (uint16_t)~0) {
-        d = get_domain_by_id(mc_bank->mc_domid);
-
-        /* Not impact a valid domain, skip this error of the bank */
-        if (!d) {
-            mce_printk(MCE_QUIET, "MCE: Not found valid impacted DOM\n");
-            return 0;
-        }
-
         /* For HVM guest, Only when first vMCE is consumed by HVM guest successfully,
          * will we generete another node and inject another vMCE
          */
@@ -365,15 +356,18 @@ static void intel_UCR_handler(struct mci
                           if ( mca_ctl_conflict(bank, d) )
                           {
                               /* Guest has different MCE ctl with hypervisor */
-                              put_domain(d);
+                              if ( d )
+                                  put_domain(d);
                               return;
                           }
 
+                          ASSERT(d);
                           gfn =
                               get_gpfn_from_mfn((bank->mc_addr) >> PAGE_SHIFT);
                           bank->mc_addr =  gfn << PAGE_SHIFT |
                                         (bank->mc_addr & (PAGE_SIZE -1 ));
-                          if (fill_vmsr_data(bank, global->mc_gstatus) == -1)
+                          if ( fill_vmsr_data(bank, d,
+                                              global->mc_gstatus) == -1 )
                           {
                               mce_printk(MCE_QUIET, "Fill vMCE# data for DOM%d "
                                       "failed\n", result->owner);