hv:fix return value violation in vmexit handler

Check return value for the called functions in vmexit handler Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
2025-06-21 13:08:42 +00:00 · 2018-07-10 13:33:33 +08:00 · 2018-07-10 13:33:33 +08:00 · f01e6efdf5
commit f01e6efdf5
parent 2686fe76bc
4 changed files with 24 additions and 19 deletions
--- a/hypervisor/arch/x86/guest/vlapic.c
+++ b/hypervisor/arch/x86/guest/vlapic.c
@ -2258,7 +2258,7 @@ apicv_inject_pir(struct vlapic *vlapic)

 int apic_access_vmexit_handler(struct vcpu *vcpu)
 {
-	int access_type, offset = 0, ret;
+	int access_type, offset = 0, err = 0;
 	uint64_t qual;
 	struct vlapic *vlapic;

@ -2271,23 +2271,25 @@ int apic_access_vmexit_handler(struct vcpu *vcpu)

 	vlapic = vcpu->arch_vcpu.vlapic;

-	ret = decode_instruction(vcpu);
+	err = decode_instruction(vcpu);
 	/* apic access should already fetched instruction, decode_instruction
 	 * will not trigger #PF, so if it failed, just return error_no
 	 */
-	if (ret < 0)
-		return ret;
+	if (err < 0)
+		return err;

 	if (access_type == 1) {
 		if (emulate_instruction(vcpu) == 0)
-			vlapic_write(vlapic, 1, offset, vcpu->mmio.value);
+			err = vlapic_write(vlapic, 1, offset, vcpu->mmio.value);
 	} else if (access_type == 0) {
-		vlapic_read(vlapic, 1, offset, &vcpu->mmio.value);
-		emulate_instruction(vcpu);
+		err = vlapic_read(vlapic, 1, offset, &vcpu->mmio.value);
+		if (err < 0)
+			return err;
+		err = emulate_instruction(vcpu);
 	}

 	TRACE_2L(TRACE_VMEXIT_APICV_ACCESS, qual, (uint64_t)vlapic);
-	return 0;
+	return err;
 }

 int veoi_vmexit_handler(struct vcpu *vcpu)
--- a/hypervisor/arch/x86/guest/vmsr.c
+++ b/hypervisor/arch/x86/guest/vmsr.c
@ -140,6 +140,7 @@ void init_msr_emulation(struct vcpu *vcpu)

 int rdmsr_vmexit_handler(struct vcpu *vcpu)
 {
+	int err = 0;
 	uint32_t msr;
 	uint64_t v = 0UL;
 	int cur_context = vcpu->arch_vcpu.cur_context;
@ -151,7 +152,7 @@ int rdmsr_vmexit_handler(struct vcpu *vcpu)
 	switch (msr) {
 	case MSR_IA32_TSC_DEADLINE:
 	{
-		vlapic_rdmsr(vcpu, msr, &v);
+		err = vlapic_rdmsr(vcpu, msr, &v);
 		break;
 	}
 	case MSR_IA32_TIME_STAMP_COUNTER:
@ -221,7 +222,7 @@ int rdmsr_vmexit_handler(struct vcpu *vcpu)
 	case MSR_IA32_APIC_BASE:
 	{
 		/* Read APIC base */
-		vlapic_rdmsr(vcpu, msr, &v);
+		err = vlapic_rdmsr(vcpu, msr, &v);
 		break;
 	}
 	default:
@ -245,11 +246,12 @@ int rdmsr_vmexit_handler(struct vcpu *vcpu)

 	TRACE_2L(TRACE_VMEXIT_RDMSR, msr, v);

-	return 0;
+	return err;
 }

 int wrmsr_vmexit_handler(struct vcpu *vcpu)
 {
+	int err = 0;
 	uint32_t msr;
 	uint64_t v;
 	struct run_context *cur_context =
@ -266,7 +268,7 @@ int wrmsr_vmexit_handler(struct vcpu *vcpu)
 	switch (msr) {
 	case MSR_IA32_TSC_DEADLINE:
 	{
-		vlapic_wrmsr(vcpu, msr, v);
+		err = vlapic_wrmsr(vcpu, msr, v);
 		break;
 	}
 	case MSR_IA32_TIME_STAMP_COUNTER:
@ -340,7 +342,7 @@ int wrmsr_vmexit_handler(struct vcpu *vcpu)
 	}
 	case MSR_IA32_PAT:
 	{
-		vmx_wrmsr_pat(vcpu, v);
+		err = vmx_wrmsr_pat(vcpu, v);
 		break;
 	}
 	case MSR_IA32_GS_BASE:
@ -355,7 +357,7 @@ int wrmsr_vmexit_handler(struct vcpu *vcpu)
 	}
 	case MSR_IA32_APIC_BASE:
 	{
-		vlapic_wrmsr(vcpu, msr, v);
+		err = vlapic_wrmsr(vcpu, msr, v);
 		break;
 	}
 	default:
@ -373,5 +375,5 @@ int wrmsr_vmexit_handler(struct vcpu *vcpu)

 	TRACE_2L(TRACE_VMEXIT_WRMSR, msr, v);

-	return 0;
+	return err;
 }
--- a/hypervisor/arch/x86/virq.c
+++ b/hypervisor/arch/x86/virq.c
@ -525,7 +525,7 @@ int exception_vmexit_handler(struct vcpu *vcpu)
 	/* Handle all other exceptions */
 	vcpu_retain_rip(vcpu);

-	vcpu_queue_exception(vcpu, exception_vector, int_err_code);
+	status = vcpu_queue_exception(vcpu, exception_vector, int_err_code);

 	if (exception_vector == IDT_MC) {
 		/* just print error message for #MC, it then will be injected
--- a/hypervisor/arch/x86/vmexit.c
+++ b/hypervisor/arch/x86/vmexit.c
@ -236,6 +236,7 @@ int cpuid_vmexit_handler(struct vcpu *vcpu)

 int cr_access_vmexit_handler(struct vcpu *vcpu)
 {
+	int err = 0;
 	uint64_t *regptr;
 	struct run_context *cur_context =
 		&vcpu->arch_vcpu.contexts[vcpu->arch_vcpu.cur_context];
@ -267,11 +268,11 @@ int cr_access_vmexit_handler(struct vcpu *vcpu)
 		VM_EXIT_CR_ACCESS_CR_NUM(vcpu->arch_vcpu.exit_qualification)) {
 	case 0x00U:
 		/* mov to cr0 */
-		vmx_write_cr0(vcpu, *regptr);
+		err = vmx_write_cr0(vcpu, *regptr);
 		break;
 	case 0x04U:
 		/* mov to cr4 */
-		vmx_write_cr4(vcpu, *regptr);
+		err = vmx_write_cr4(vcpu, *regptr);
 		break;
 	case 0x08U:
 		/* mov to cr8 */
@ -292,7 +293,7 @@ int cr_access_vmexit_handler(struct vcpu *vcpu)
 		VM_EXIT_CR_ACCESS_CR_NUM
 			(vcpu->arch_vcpu.exit_qualification));

-	return 0;
+	return err;
 }

 /*