VMX: make vmx_read_guest_msr() cope with callers not checking its return value

It took till the 4.5 backports of the L1TF prereqs that gcc 8.2 finally
noticed that the vPMU callers, not checking the function's return value,
may consume uninitialized data. Guard against this by storing zero on
the error path.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>

diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h
index c4d4f15d2931fef0c6b4c4207db8f8f138c7387b..46668a7007964cabdbe53d0b277e1d55b885b731 100644 (file)
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
@@ -586,7 +586,10 @@ static inline int vmx_read_guest_msr(const struct vcpu *v, uint32_t msr,
     const struct vmx_msr_entry *ent = vmx_find_msr(v, msr, VMX_MSR_GUEST);
 
     if ( !ent )
+    {
+        *val = 0;
         return -ESRCH;
+    }
 
     *val = ent->data;
 
@@ -600,7 +603,10 @@ static inline int vmx_read_guest_loadonly_msr(
         vmx_find_msr(v, msr, VMX_MSR_GUEST_LOADONLY);
 
     if ( !ent )
+    {
+        *val = 0;
         return -ESRCH;
+    }
 
     *val = ent->data;