The AMD APM states that STGI causes a #UD if SVM is not enabled and
neither SVM Lock nor the device exclusion vector (DEV) are supported.
Fix the STGI exit handler by injecting #UD when these conditions are
met.

Signed-off-by: Kevin Cheng <chengkev@google.com>
---
 arch/x86/kvm/svm/svm.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 6373a25d85479..557c84a060fc6 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2271,8 +2271,18 @@ static int stgi_interception(struct kvm_vcpu *vcpu)
 {
 	int ret;
 
-	if (nested_svm_check_permissions(vcpu))
+	if ((!(vcpu->arch.efer & EFER_SVME) &&
+	     !guest_cpu_cap_has(vcpu, X86_FEATURE_SVML) &&
+	     !guest_cpu_cap_has(vcpu, X86_FEATURE_SKINIT)) ||
+	    !is_paging(vcpu)) {
+		kvm_queue_exception(vcpu, UD_VECTOR);
+		return 1;
+	}
+
+	if (to_svm(vcpu)->vmcb->save.cpl) {
+		kvm_inject_gp(vcpu, 0);
 		return 1;
+	}
 
 	ret = kvm_skip_emulated_instruction(vcpu);
 	svm_set_gif(to_svm(vcpu), true);
-- 
2.52.0.457.g6b5491de43-goog