Skip to content

Commit f01e6ef

Browse files
mingqiangchilijinxia
mingqiangchi
authored and
lijinxia
committed
hv:fix return value violation in vmexit handler
Check return value for the called functions in vmexit handler Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
1 parent 2686fe7 commit f01e6ef

File tree

4 files changed

+24
-19
lines changed

4 files changed

+24
-19
lines changed

hypervisor/arch/x86/guest/vlapic.c

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2258,7 +2258,7 @@ apicv_inject_pir(struct vlapic *vlapic)
22582258

22592259
int apic_access_vmexit_handler(struct vcpu *vcpu)
22602260
{
2261-
int access_type, offset = 0, ret;
2261+
int access_type, offset = 0, err = 0;
22622262
uint64_t qual;
22632263
struct vlapic *vlapic;
22642264

@@ -2271,23 +2271,25 @@ int apic_access_vmexit_handler(struct vcpu *vcpu)
22712271

22722272
vlapic = vcpu->arch_vcpu.vlapic;
22732273

2274-
ret = decode_instruction(vcpu);
2274+
err = decode_instruction(vcpu);
22752275
/* apic access should already fetched instruction, decode_instruction
22762276
* will not trigger #PF, so if it failed, just return error_no
22772277
*/
2278-
if (ret < 0)
2279-
return ret;
2278+
if (err < 0)
2279+
return err;
22802280

22812281
if (access_type == 1) {
22822282
if (emulate_instruction(vcpu) == 0)
2283-
vlapic_write(vlapic, 1, offset, vcpu->mmio.value);
2283+
err = vlapic_write(vlapic, 1, offset, vcpu->mmio.value);
22842284
} else if (access_type == 0) {
2285-
vlapic_read(vlapic, 1, offset, &vcpu->mmio.value);
2286-
emulate_instruction(vcpu);
2285+
err = vlapic_read(vlapic, 1, offset, &vcpu->mmio.value);
2286+
if (err < 0)
2287+
return err;
2288+
err = emulate_instruction(vcpu);
22872289
}
22882290

22892291
TRACE_2L(TRACE_VMEXIT_APICV_ACCESS, qual, (uint64_t)vlapic);
2290-
return 0;
2292+
return err;
22912293
}
22922294

22932295
int veoi_vmexit_handler(struct vcpu *vcpu)

hypervisor/arch/x86/guest/vmsr.c

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,7 @@ void init_msr_emulation(struct vcpu *vcpu)
140140

141141
int rdmsr_vmexit_handler(struct vcpu *vcpu)
142142
{
143+
int err = 0;
143144
uint32_t msr;
144145
uint64_t v = 0UL;
145146
int cur_context = vcpu->arch_vcpu.cur_context;
@@ -151,7 +152,7 @@ int rdmsr_vmexit_handler(struct vcpu *vcpu)
151152
switch (msr) {
152153
case MSR_IA32_TSC_DEADLINE:
153154
{
154-
vlapic_rdmsr(vcpu, msr, &v);
155+
err = vlapic_rdmsr(vcpu, msr, &v);
155156
break;
156157
}
157158
case MSR_IA32_TIME_STAMP_COUNTER:
@@ -221,7 +222,7 @@ int rdmsr_vmexit_handler(struct vcpu *vcpu)
221222
case MSR_IA32_APIC_BASE:
222223
{
223224
/* Read APIC base */
224-
vlapic_rdmsr(vcpu, msr, &v);
225+
err = vlapic_rdmsr(vcpu, msr, &v);
225226
break;
226227
}
227228
default:
@@ -245,11 +246,12 @@ int rdmsr_vmexit_handler(struct vcpu *vcpu)
245246

246247
TRACE_2L(TRACE_VMEXIT_RDMSR, msr, v);
247248

248-
return 0;
249+
return err;
249250
}
250251

251252
int wrmsr_vmexit_handler(struct vcpu *vcpu)
252253
{
254+
int err = 0;
253255
uint32_t msr;
254256
uint64_t v;
255257
struct run_context *cur_context =
@@ -266,7 +268,7 @@ int wrmsr_vmexit_handler(struct vcpu *vcpu)
266268
switch (msr) {
267269
case MSR_IA32_TSC_DEADLINE:
268270
{
269-
vlapic_wrmsr(vcpu, msr, v);
271+
err = vlapic_wrmsr(vcpu, msr, v);
270272
break;
271273
}
272274
case MSR_IA32_TIME_STAMP_COUNTER:
@@ -340,7 +342,7 @@ int wrmsr_vmexit_handler(struct vcpu *vcpu)
340342
}
341343
case MSR_IA32_PAT:
342344
{
343-
vmx_wrmsr_pat(vcpu, v);
345+
err = vmx_wrmsr_pat(vcpu, v);
344346
break;
345347
}
346348
case MSR_IA32_GS_BASE:
@@ -355,7 +357,7 @@ int wrmsr_vmexit_handler(struct vcpu *vcpu)
355357
}
356358
case MSR_IA32_APIC_BASE:
357359
{
358-
vlapic_wrmsr(vcpu, msr, v);
360+
err = vlapic_wrmsr(vcpu, msr, v);
359361
break;
360362
}
361363
default:
@@ -373,5 +375,5 @@ int wrmsr_vmexit_handler(struct vcpu *vcpu)
373375

374376
TRACE_2L(TRACE_VMEXIT_WRMSR, msr, v);
375377

376-
return 0;
378+
return err;
377379
}

hypervisor/arch/x86/virq.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -525,7 +525,7 @@ int exception_vmexit_handler(struct vcpu *vcpu)
525525
/* Handle all other exceptions */
526526
vcpu_retain_rip(vcpu);
527527

528-
vcpu_queue_exception(vcpu, exception_vector, int_err_code);
528+
status = vcpu_queue_exception(vcpu, exception_vector, int_err_code);
529529

530530
if (exception_vector == IDT_MC) {
531531
/* just print error message for #MC, it then will be injected

hypervisor/arch/x86/vmexit.c

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -236,6 +236,7 @@ int cpuid_vmexit_handler(struct vcpu *vcpu)
236236

237237
int cr_access_vmexit_handler(struct vcpu *vcpu)
238238
{
239+
int err = 0;
239240
uint64_t *regptr;
240241
struct run_context *cur_context =
241242
&vcpu->arch_vcpu.contexts[vcpu->arch_vcpu.cur_context];
@@ -267,11 +268,11 @@ int cr_access_vmexit_handler(struct vcpu *vcpu)
267268
VM_EXIT_CR_ACCESS_CR_NUM(vcpu->arch_vcpu.exit_qualification)) {
268269
case 0x00U:
269270
/* mov to cr0 */
270-
vmx_write_cr0(vcpu, *regptr);
271+
err = vmx_write_cr0(vcpu, *regptr);
271272
break;
272273
case 0x04U:
273274
/* mov to cr4 */
274-
vmx_write_cr4(vcpu, *regptr);
275+
err = vmx_write_cr4(vcpu, *regptr);
275276
break;
276277
case 0x08U:
277278
/* mov to cr8 */
@@ -292,7 +293,7 @@ int cr_access_vmexit_handler(struct vcpu *vcpu)
292293
VM_EXIT_CR_ACCESS_CR_NUM
293294
(vcpu->arch_vcpu.exit_qualification));
294295

295-
return 0;
296+
return err;
296297
}
297298

298299
/*

0 commit comments

Comments
 (0)