From: Sergey Dyasli <sergey.dyasli@citrix.com>
Date: Tue, 14 Mar 2017 11:25:47 +0000 (+0100)
Subject: x86/vvmx: add a shadow vmcs check to vmlaunch
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2517
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b22ee98c4ecc4e7c827451dee01181529df4d26c;p=xen.git

x86/vvmx: add a shadow vmcs check to vmlaunch

Intel SDM states that if the current VMCS is a shadow VMCS,
VMFailInvalid occurs and control passes to the next instruction.

Implement such behaviour for nested vmlaunch.

Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
---

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 3017849177..173ec7455e 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1630,6 +1630,13 @@ int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
         return X86EMUL_OKAY;
     }
 
+    /* Check that guest is not using a shadow vmcs for vmentry */
+    if ( nvmx->shadow_vmcs )
+    {
+        vmfail_invalid(regs);
+        return X86EMUL_OKAY;
+    }
+
     __vmread(GUEST_INTERRUPTIBILITY_INFO, &intr_shadow);
     if ( intr_shadow & VMX_INTR_SHADOW_MOV_SS )
     {