From 3946cc5a6f3779138fbfdacdafcbc42c10484752 Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Thu, 1 Nov 2018 17:37:48 +0000
Subject: [PATCH] x86/vvmx: Correct the INVALID_PADDR checks for
 VMPTRLD/VMCLEAR
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The referenced addresses also need checking against MAXPHYSADDR.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Sergey Dyasli <sergey.dyasli@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
---
 xen/arch/x86/hvm/vmx/vvmx.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index c296660e38..5daab82dc0 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1672,7 +1672,7 @@ static int nvmx_handle_vmptrld(struct cpu_user_regs *regs)
     if ( rc != X86EMUL_OKAY )
         return rc;
 
-    if ( gpa & 0xfff )
+    if ( (gpa & ~PAGE_MASK) || !gfn_valid(v->domain, gaddr_to_gfn(gpa)) )
     {
         vmfail(regs, VMX_INSN_VMPTRLD_INVALID_PHYADDR);
         goto out;
@@ -1780,7 +1780,7 @@ static int nvmx_handle_vmclear(struct cpu_user_regs *regs)
         goto out;
     }
 
-    if ( gpa & 0xfff )
+    if ( (gpa & ~PAGE_MASK) || !gfn_valid(v->domain, gaddr_to_gfn(gpa)) )
     {
         vmfail(regs, VMX_INSN_VMCLEAR_INVALID_PHYADDR);
         goto out;
-- 
2.30.2