Advisory: XSA-232

GNTTABOP_cache_flush takes a machine address, looks up the page owner and unconditionally follows the owners grant table pointer. For system domains such as DOMID_IO, there is no grant table set up.

Loop over the first 1MB of memory (which is owned by DOMID_IO), poking the hypercall. If Xen remains alive, it is probably not vulnerable.

See also: tests/xsa-232/main.c