From e3a0b9ccf912c298920693a1a4de7f2df08c3f1a Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 28 Aug 2018 17:12:05 +0200
Subject: [PATCH] VMX: make vmx_read_guest_msr() cope with callers not checking
 its return value

It took till the 4.5 backports of the L1TF prereqs that gcc 8.2 finally
noticed that the vPMU callers, not checking the function's return value,
may consume uninitialized data. Guard against this by storing zero on
the error path.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
---
 xen/include/asm-x86/hvm/vmx/vmcs.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h
index c4d4f15d29..46668a7007 100644
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
@@ -586,7 +586,10 @@ static inline int vmx_read_guest_msr(const struct vcpu *v, uint32_t msr,
     const struct vmx_msr_entry *ent = vmx_find_msr(v, msr, VMX_MSR_GUEST);
 
     if ( !ent )
+    {
+        *val = 0;
         return -ESRCH;
+    }
 
     *val = ent->data;
 
@@ -600,7 +603,10 @@ static inline int vmx_read_guest_loadonly_msr(
         vmx_find_msr(v, msr, VMX_MSR_GUEST_LOADONLY);
 
     if ( !ent )
+    {
+        *val = 0;
         return -ESRCH;
+    }
 
     *val = ent->data;
 
-- 
2.30.2