x86/vvmx: Don't handle unknown nested vmexit reasons at L0

This is very dangerous from a security point of view, because a missing entry
will cause L2's action to be interpreted as L1's action.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Sergey Dyasli <sergey.dyasli@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 9fa2fe224e91dea267619113eacee130c6e7975b..8e2e8c266ae90930a86c1efc138805759f3b3857 100644 (file)
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -2611,8 +2611,9 @@ int nvmx_n2_vmexit_handler(struct cpu_user_regs *regs,
             nvcpu->nv_vmexit_pending = 1;
         break;
     default:
-        gprintk(XENLOG_ERR, "Unexpected nested vmexit: reason %u\n",
+        gprintk(XENLOG_ERR, "Unhandled nested vmexit: reason %u\n",
                 exit_reason);
+        domain_crash(v->domain);
     }
 
     return ( nvcpu->nv_vmexit_pending == 1 );