Xen Test Framework
main.c
Go to the documentation of this file.
1 
27 #include <xtf.h>
28 
29 const char test_title[] = "XSA-191 PoC";
30 
31 bool test_needs_fep = true;
32 
33 void test_main(void)
34 {
35  unsigned long tmp;
36  exinfo_t fault;
37 
38  printk("Testing read through NULL segment:\n");
39  write_fs(0);
40  asm volatile (_ASM_XEN_FEP
41  "1: mov %%fs:0, %[dst]; 2:"
42  _ASM_EXTABLE_HANDLER(1b, 2b, %P[rec])
43  : "=D" (fault),
44  [dst] "=r" (tmp)
45  : "D" (0),
46  [rec] "p" (ex_record_fault_edi));
47 
48  switch ( fault )
49  {
50  case 0:
51  xtf_failure(" Fail: Access via NULL segment didn't fault\n");
52  break;
53 
54  case EXINFO_SYM(GP, 0):
55  printk(" Success: Got #GP fault\n");
56  break;
57 
58  default:
59  xtf_error(" Error: Unexpected fault %#x, %pe\n", fault, _p(fault));
60  break;
61  }
62 
63  printk("Testing stale LDT:\n");
64 
65  user_desc ldt[1] = { gdt[__KERN_DS >> 3] };
66 
67  pack_ldt_desc(&gdt[GDTE_AVAIL0], ldt, sizeof(ldt) - 1);
68 
69  lldt(GDTE_AVAIL0 << 3);
70  lldt(0);
71 
72  asm volatile (_ASM_XEN_FEP
73  "1: mov %[sel], %%fs; 2:"
74  _ASM_EXTABLE_HANDLER(1b, 2b, %P[rec])
75  : "=a" (fault)
76  : "a" (0),
77  [sel] "r" (4),
78  [rec] "p" (ex_record_fault_eax));
79 
80  switch ( fault )
81  {
82  case 0:
83  xtf_failure(" Fail: Loaded selector from stale LDT\n");
84  break;
85 
86  case EXINFO_SYM(GP, SEL_EC_SYM(0, LDT)):
87  printk(" Success: Got #GP fault\n");
88  break;
89 
90  default:
91  xtf_error(" Error: Unexpected fault %#x, %pe\n", fault, _p(fault));
92  break;
93  }
94 
96 }
97 
98 /*
99  * Local variables:
100  * mode: C
101  * c-file-style: "BSD"
102  * c-basic-offset: 4
103  * tab-width: 4
104  * indent-tabs-mode: nil
105  * End:
106  */
unsigned int exinfo_t
Packed exception and error code information.
Definition: exinfo.h:19
#define _ASM_XEN_FEP
Xen Forced Emulation Prefix.
Definition: xen.h:150
bool ex_record_fault_eax(struct cpu_regs *regs, const struct extable_entry *ex)
Record the current fault in %eax.
Definition: extable.c:8
bool ex_record_fault_edi(struct cpu_regs *regs, const struct extable_entry *ex)
Record the current fault in %edi.
Definition: extable.c:16
static void pack_ldt_desc(user_desc *d, const user_desc *ldt, unsigned int limit)
Definition: desc.h:214
static void lldt(unsigned int sel)
Definition: lib.h:337
void printk(const char *fmt,...)
Definition: console.c:134
#define SEL_EC_SYM(sel,...)
Create a selector based error code using X86_EC_ mnemonics.
#define NULL
Definition: stddef.h:12
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38
user_desc gdt[NR_GDT_ENTRIES]
void xtf_failure(const char *fmt,...)
Report a test failure.
Definition: report.c:94
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:137
#define GP
bool test_needs_fep
Boolean indicating whether the test is entirely predicated on the available of the Force Emulation Pr...
Definition: main.c:34
const char test_title[]
The title of the test.
Definition: main.c:14
#define GDTE_AVAIL0
Definition: segment.h:37
#define _p(v)
Express an abitrary integer v as void *.
Definition: numbers.h:48
#define EXINFO_SYM(exc, ec)
Definition: exinfo.h:29
void xtf_error(const char *fmt,...)
Report a test error.
Definition: report.c:80
static void write_fs(unsigned int fs)
Definition: lib.h:196
#define _ASM_EXTABLE_HANDLER(fault, fixup, handler)
Create an exception table entry with custom handler.
Definition: extable.h:38