From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Thu, 6 Jun 2019 12:09:20 +0000 (+0200)
Subject: x86/svm: Fix handling of ICEBP intercepts
X-Git-Tag: archive/raspbian/4.11.3+24-g14b62ab3e5-1+rpi1~1^2~55^2~6
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4f2d189bb9f2e80300a1434b1b1070d86e2fdff2;p=xen.git

x86/svm: Fix handling of ICEBP intercepts

c/s 9338a37d "x86/svm: implement debug events" added support for introspecting
ICEBP debug exceptions, but didn't account for the fact that
svm_get_insn_len() (previously __get_instruction_length) can fail and may
already have raised #GP with the guest.

If svm_get_insn_len() fails, return back to guest context rather than
continuing and mistaking a trap-style VMExit for a fault-style one.

Spotted by Coverity.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
Acked-by: Brian Woods <brian.woods@amd.com>
master commit: 1495b4ff9b4af2b9c0f12cdb6491082cecf34f86
master date: 2019-05-13 10:35:37 +0100
---

diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index c61693dcb5..5c09ec9794 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -2806,6 +2806,9 @@ void svm_vmexit_handler(struct cpu_user_regs *regs)
             {
                 trap_type = X86_EVENTTYPE_PRI_SW_EXCEPTION;
                 inst_len = __get_instruction_length(v, INSTR_ICEBP);
+
+                if ( !inst_len )
+                    break;
             }
 
             rc = hvm_monitor_debug(regs->rip,