x86/vmx: don't call __vmxoff() blindly

If vmx_vcpu_up() failed, __vmxon() would generally not have got
(successfully) executed, and in that case __vmxoff() will #UD.

Additionally, any panic() during early resume (namely the tboot
related one) would cause vmx_cpu_down() to get executed without
vmx_cpu_up() having run before.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
xen-unstable changeset:   23848:cf37d2eec2ef
xen-unstable date:        Sat Sep 17 16:26:37 2011 +0100

diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index ebb73f8cf08cfdf7e4c0da4730823c77c0ad7c4d..e6522d617ae2f36a8844d6950a9945f5c9617e1d 100644 (file)
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -70,6 +70,7 @@ bool_t cpu_has_vmx_ins_outs_instr_info __read_mostly;
 static DEFINE_PER_CPU_READ_MOSTLY(struct vmcs_struct *, host_vmcs);
 static DEFINE_PER_CPU(struct vmcs_struct *, current_vmcs);
 static DEFINE_PER_CPU(struct list_head, active_vmcs_list);
+static DEFINE_PER_CPU(bool_t, vmxon);
 
 static u32 vmcs_revision_id __read_mostly;
 
@@ -442,6 +443,7 @@ int vmx_cpu_up(void)
         printk("CPU%d: unexpected VMXON failure\n", cpu);
         return 0;
     case 0: /* success */
+        this_cpu(vmxon) = 1;
         break;
     default:
         BUG();
@@ -463,6 +465,9 @@ void vmx_cpu_down(void)
     struct list_head *active_vmcs_list = &this_cpu(active_vmcs_list);
     unsigned long flags;
 
+    if ( !this_cpu(vmxon) )
+        return;
+
     local_irq_save(flags);
 
     while ( !list_empty(active_vmcs_list) )
@@ -470,6 +475,7 @@ void vmx_cpu_down(void)
                                     struct vcpu, arch.hvm_vmx.active_list));
 
     BUG_ON(!(read_cr4() & X86_CR4_VMXE));
+    this_cpu(vmxon) = 0;
     __vmxoff();
 
     local_irq_restore(flags);