x86/HVM: add missing NULL check before using VMFUNC hook

This is CVE-2016-10025 / XSA-203.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
master commit: 74dcd0ce6f4fadce8093e54f0fc1a45426577e13
master date: 2016-12-21 16:47:19 +0100

diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c
index f1f6e2f7decad6b1261787f5617110eab7ac736b..f32b7dc210d1945a5b2c03186a22d6a7bf499fe6 100644 (file)
--- a/xen/arch/x86/hvm/emulate.c
+++ b/xen/arch/x86/hvm/emulate.c
@@ -1694,6 +1694,8 @@ static int hvmemul_vmfunc(
 {
     int rc;
 
+    if ( !hvm_funcs.altp2m_vcpu_emulate_vmfunc )
+        return X86EMUL_UNHANDLEABLE;
     rc = hvm_funcs.altp2m_vcpu_emulate_vmfunc(ctxt->regs);
     if ( rc != X86EMUL_OKAY )
         hvmemul_inject_hw_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE,