Xen Test Framework
Test index

Table of Contents

Index of all tests, sorted by category.

Special tests

Example - A hello-world example, more as a development reference than useful test.

Selftest - A set of sanity tests of the framework environment and functionality.

Functional tests

CPUID Faulting support - Guest CPUID Faulting support.

FPU Exception Emulation - FPU Exception Emulation. Covers XSA-190.

Invlpg Handling - invlpg instruction behaviour.

LBR/TSX VMentry failure - Haswell and later LBR/TSX Vmentry failure test.

Live Patch Privilege Check - Live Patch Privilege Check.

Memory operand and segment emulation - Memory operand and segment interaction test.

NMI Taskswitch with increasing privilege - Task Gate handling of interrupts.

PV FSGSBASE behaviour - FSGSBASE behaviour for PV guests.

PV IOPL Emulation - IOPL emulation for PV guests.

Software Interrupt Emulation - Software interrupt emulation for HVM guests. Coveres XSA-106 and XSA-156.

User-Mode Instruction Prevention - Guest User-Mode Instruction Prevention support.

XSA Proof-of-Concept tests

XSA-44 - See XSA-339.

XSA-106 - See Software Interrupt Emulation.

XSA-122 - Hypervisor stack leak via xen_version() hypercall.

XSA-123 - Hypervisor memory corruption due to x86 emulator flaw.

XSA-156 - See Software Interrupt Emulation.

XSA-167 - PV superpage sanity checks.

XSA-168 - invvpid non-canonical guest address.

XSA-170 - VMX: guest user mode may crash guest with non-canonical RIP.

XSA-173 - x86 shadow pagetables: address width overflow.

XSA-182 - x86: Privilege escalation in PV guests.

XSA-183 - x86: Missing SMAP whitelisting in 32-bit exception / event delivery.

XSA-185 - x86: Disallow L3 recursive pagetable for 32-bit PV guests.

XSA-186 - x86: Mishandling of instruction pointer truncation during emulation.

XSA-188 - use after free in FIFO event channel code.

XSA-190 - See FPU Exception Emulation.

XSA-191 - x86: Null segments not always treated as unusable.

XSA-192 - x86: Task switch to VM86 mode mis-handled.

XSA-193 - x86: Segment base write emulation lacking canonical address checks.

XSA-194 - Guest 32-bit ELF symbol table load leaking host data.

XSA-195 - x86: 64-bit bit test instruction emulation broken.

XSA-196 - x86: Software interrupt injection mis-handled.

XSA-200 - x86: CMPXCHG8B emulation fails to ignore operand size override.

XSA-203 - x86: missing NULL pointer check in VMFUNC emulation.

XSA-204 - x86: Mishandling of SYSCALL singlestep during emulation.

XSA-212 - x86: broken check in memory_exchange() permits PV guest breakout.

XSA-213 - multicall: deal with early exit conditions.

XSA-221 - NULL pointer deref in event channel poll.

XSA-224 - grant table operations mishandle reference counts.

XSA-227 - x86: PV privilege escalation via map_grant_ref.

XSA-231 - Missing NUMA node parameter verification.

XSA-232 - Missing check for grant table.

XSA-234 - insufficient grant unmapping checks for x86 PV guests.

XSA-239 - hypervisor stack leak in x86 I/O intercept code.

XSA-255 - grant table v2 -> v1 transition may crash Xen.

XSA-259 - x86: PV guest may crash Xen with XPTI.

XSA-260 - x86: mishandling of debug exceptions.

XSA-261 - vHPET interrupt injection memory corruption.

XSA-265 - x86: #DB exception safety check can be triggered by a guest.

XSA-269 - x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS.

XSA-277 - x86: incorrect error handling for guest p2m page removals.

XSA-278 - x86: Nested VT-x usable even when disabled.

XSA-279 - x86: DoS from attempting to use INVPCID with a non-canonical addresses.

XSA-286 - x86 PV guest INVLPG-like flushes may leave stale TLB entries.

XSA-293 - See PV FSGSBASE behaviour.

XSA-296 - VCPUOP_initialise DoS.

XSA-298 - missing descriptor table limit checking in x86 PV emulation.

CONSOLEIO_write stack overflow - CONSOLEIO_write stack overflow.

XSA-308 - VMX: VMentry failure with debug exceptions and blocked states.

XSA-316 - Bad error path in GNTTABOP_map_grant.

XSA-317 - Incorrect error handling in event channel port allocation.

XSA-333 - x86 pv: Crash when handling guest access to MSR_MISC_ENABLE.

XSA-339 - x86 pv guest kernel DoS via SYSENTER.


CPUID - Print CPUID information.

FEP - Test availability of HVM Forced Emulation Prefix.

MSR - Print MSR information.

rtm-check - Probe for the RTM behaviour.

In Development

Debug register and control tests - Debugging facility tests.

Nested SVM - Nested SVM tests.

Nested VT-x - Nested VT-x tests.