From: Jan Beulich <jbeulich@suse.com>
Subject: x86/SVM: XSETBV intercept needs to check CPL

Other than most (all?) other intercepts, basic checks - namely the CPL
one - don't get done before checking for the intercept to be enabled.

This is XSA-161.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -2609,10 +2609,11 @@ void svm_vmexit_handler(struct cpu_user_
         break;
 
     case VMEXIT_XSETBV:
-        if ( (inst_len = __get_instruction_length(current, INSTR_XSETBV))==0 )
-            break;
-        if ( hvm_handle_xsetbv(regs->ecx,
-                               (regs->rdx << 32) | regs->_eax) == 0 )
+        if ( vmcb_get_cpl(vmcb) )
+            hvm_inject_hw_exception(TRAP_gp_fault, 0);
+        else if ( (inst_len = __get_instruction_length(v, INSTR_XSETBV)) &&
+                  hvm_handle_xsetbv(regs->ecx,
+                                    (regs->rdx << 32) | regs->_eax) == 0 )
             __update_guest_eip(regs, inst_len);
         break;