$NetBSD: patch-CVE-2013-4355_4,v 1.1 2013/10/01 14:54:44 drochner Exp $

--- xen/arch/x86/hvm/vmx/realmode.c.orig	2013-09-10 06:42:18.000000000 +0000
+++ xen/arch/x86/hvm/vmx/realmode.c	2013-09-30 15:23:07.000000000 +0000
@@ -38,7 +38,9 @@ static void realmode_deliver_exception(
 
  again:
     last_byte = (vector * 4) + 3;
-    if ( idtr->limit < last_byte )
+    if ( idtr->limit < last_byte ||
+         hvm_copy_from_guest_phys(&cs_eip, idtr->base + vector * 4, 4) !=
+         HVMCOPY_okay )
     {
         /* Software interrupt? */
         if ( insn_len != 0 )
@@ -63,8 +65,6 @@ static void realmode_deliver_exception(
         }
     }
 
-    (void)hvm_copy_from_guest_phys(&cs_eip, idtr->base + vector * 4, 4);
-
     frame[0] = regs->eip + insn_len;
     frame[1] = csr->sel;
     frame[2] = regs->eflags & ~X86_EFLAGS_RF;
