From b22ee98c4ecc4e7c827451dee01181529df4d26c Mon Sep 17 00:00:00 2001
From: Sergey Dyasli <sergey.dyasli@citrix.com>
Date: Tue, 14 Mar 2017 12:25:47 +0100
Subject: [PATCH] x86/vvmx: add a shadow vmcs check to vmlaunch

Intel SDM states that if the current VMCS is a shadow VMCS,
VMFailInvalid occurs and control passes to the next instruction.

Implement such behaviour for nested vmlaunch.

Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
---
 xen/arch/x86/hvm/vmx/vvmx.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 3017849177..173ec7455e 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1630,6 +1630,13 @@ int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
         return X86EMUL_OKAY;
     }
 
+    /* Check that guest is not using a shadow vmcs for vmentry */
+    if ( nvmx->shadow_vmcs )
+    {
+        vmfail_invalid(regs);
+        return X86EMUL_OKAY;
+    }
+
     __vmread(GUEST_INTERRUPTIBILITY_INFO, &intr_shadow);
     if ( intr_shadow & VMX_INTR_SHADOW_MOV_SS )
     {
-- 
2.30.2