From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 28 Aug 2018 15:12:05 +0000 (+0200)
Subject: VMX: make vmx_read_guest_msr() cope with callers not checking its return value
X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~3383
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e3a0b9ccf912c298920693a1a4de7f2df08c3f1a;p=xen.git

VMX: make vmx_read_guest_msr() cope with callers not checking its return value

It took till the 4.5 backports of the L1TF prereqs that gcc 8.2 finally
noticed that the vPMU callers, not checking the function's return value,
may consume uninitialized data. Guard against this by storing zero on
the error path.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
---

diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h
index c4d4f15d29..46668a7007 100644
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
@@ -586,7 +586,10 @@ static inline int vmx_read_guest_msr(const struct vcpu *v, uint32_t msr,
     const struct vmx_msr_entry *ent = vmx_find_msr(v, msr, VMX_MSR_GUEST);
 
     if ( !ent )
+    {
+        *val = 0;
         return -ESRCH;
+    }
 
     *val = ent->data;
 
@@ -600,7 +603,10 @@ static inline int vmx_read_guest_loadonly_msr(
         vmx_find_msr(v, msr, VMX_MSR_GUEST_LOADONLY);
 
     if ( !ent )
+    {
+        *val = 0;
         return -ESRCH;
+    }
 
     *val = ent->data;