From 1de95c144458ad8841e85c93736b0c364f285ef2 Mon Sep 17 00:00:00 2001
From: Tim Deegan <Tim.Deegan@citrix.com>
Date: Tue, 26 Jul 2011 17:00:25 +0100
Subject: [PATCH] Nested VMX: fix error paths in emulation of VMLAUNCH and
 VMRESUME.

These instructions don't fault on bad VMCS pointers, they set bits in
RFLAGS and continue execution.

Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
---
 xen/arch/x86/hvm/vmx/vvmx.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 942fd49d13..889f3d5af1 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1070,11 +1070,17 @@ int nvmx_handle_vmresume(struct cpu_user_regs *regs)
     int launched;
     struct vcpu *v = current;
 
+    if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
+    {
+        vmreturn (regs, VMFAIL_INVALID);
+        return X86EMUL_OKAY;        
+    }
+
     launched = __get_vvmcs(vcpu_nestedhvm(v).nv_vvmcx,
                            NVMX_LAUNCH_STATE);
     if ( !launched ) {
        vmreturn (regs, VMFAIL_VALID);
-       return X86EMUL_EXCEPTION;
+       return X86EMUL_OKAY;
     }
     return nvmx_vmresume(v,regs);
 }
@@ -1085,11 +1091,17 @@ int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
     int rc;
     struct vcpu *v = current;
 
+    if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
+    {
+        vmreturn (regs, VMFAIL_INVALID);
+        return X86EMUL_OKAY;        
+    }
+
     launched = __get_vvmcs(vcpu_nestedhvm(v).nv_vvmcx,
                            NVMX_LAUNCH_STATE);
     if ( launched ) {
        vmreturn (regs, VMFAIL_VALID);
-       rc = X86EMUL_EXCEPTION;
+       return X86EMUL_OKAY;
     }
     else {
         rc = nvmx_vmresume(v,regs);
-- 
2.30.2