From ef2c4ec6d5eef64ab0771b8416eafea11d82bb5d Mon Sep 17 00:00:00 2001
From: conradgrobler <58467069+conradgrobler@users.noreply.github.com>
Date: Thu, 21 Mar 2024 11:01:46 +0000
Subject: [PATCH] Check CPUID instruction in Stage0 #VC handler (#4921)

We want to make sure that the instruction pointer in a #VC exception really pointed to a CPUID instruction since it is the only #VC exception type we support.

Ref b/330197837
---
 stage0_bin/src/asm/boot.s | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/stage0_bin/src/asm/boot.s b/stage0_bin/src/asm/boot.s
index be2cb7b4e73..b42805508e6 100644
--- a/stage0_bin/src/asm/boot.s
+++ b/stage0_bin/src/asm/boot.s
@@ -43,7 +43,10 @@ gp_handler:
 vc_handler:
     pop %ebx              # get the error code
     cmp $0x72, %ebx       # is this about CPUID?
-    jne 2f                # if not, skip ahead
+    jne 2f                # if not, skip ahead and crash
+    mov (%esp), %ebx      # get the instruction pointer
+    cmpw $0xa20f, (%ebx)  # was this really a CPUID instruction?
+    jne 2f                # if not it might be injected by the hypervisor, skip ahead and crash
     cmp $0x0, %ecx        # are we asked for a CPUID subleaf?
     jne 2f                # if yes, skip ahead, as we don't support subleaves
     # Use the GHCB MSR protocol to request one page of CPUID information. The protocol itself is