nested VMX: VMLANUCH/VMRESUME emulation must check permission first thing
Otherwise uninitialized data may be used, leading to crashes.
This is XSA-75.
Reported-and-tested-by: Jeff Zimmerman <Jeff_Zimmerman@McAfee.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-and-tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1075,15 +1075,10 @@ int nvmx_handle_vmxoff(struct cpu_user_r
return X86EMUL_OKAY;
}
-int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs)
+static int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs)
{
struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
- int rc;
-
- rc = vmx_inst_check_privilege(regs, 0);
- if ( rc != X86EMUL_OKAY )
- return rc;
/* check VMCS is valid and IO BITMAP is set */
if ( (nvcpu->nv_vvmcxaddr != VMCX_EADDR) &&
@@ -1100,6 +1095,10 @@ int nvmx_handle_vmresume(struct cpu_user
{
int launched;
struct vcpu *v = current;
+ int rc = vmx_inst_check_privilege(regs, 0);
+
+ if ( rc != X86EMUL_OKAY )
+ return rc;
if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
{
@@ -1119,8 +1118,11 @@ int nvmx_handle_vmresume(struct cpu_user
int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
{
int launched;
- int rc;
struct vcpu *v = current;
+ int rc = vmx_inst_check_privilege(regs, 0);
+
+ if ( rc != X86EMUL_OKAY )
+ return rc;
if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
{