x86/vvmx: add a shadow vmcs check to vmlaunch

Intel SDM states that if the current VMCS is a shadow VMCS,
VMFailInvalid occurs and control passes to the next instruction.

Implement such behaviour for nested vmlaunch.

Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 3017849177b3e4e43156fadb4fa1cc7c4a32fb3d..173ec7455e65501f77a7ef86269e1b72849544d2 100644 (file)
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1630,6 +1630,13 @@ int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
         return X86EMUL_OKAY;
     }
 
+    /* Check that guest is not using a shadow vmcs for vmentry */
+    if ( nvmx->shadow_vmcs )
+    {
+        vmfail_invalid(regs);
+        return X86EMUL_OKAY;
+    }
+
     __vmread(GUEST_INTERRUPTIBILITY_INFO, &intr_shadow);
     if ( intr_shadow & VMX_INTR_SHADOW_MOV_SS )
     {