Xen Test Framework
|
Advisory: XSA-451
When CET Shadow Stack support was added to Xen, the logic which performs exception recovery from the emulation stubs wasn't adjusted correctly.
As a consequence, when an exception is taken in the emulation stubs and Xen is using CET-SS, Xen will crash with a control-flow integrity violation.
From a testing point of view, we have no idea if Xen is using CET Shadow Stacks or not. All we can do is emulate an instruction which will generate an unmasked exception, and hope that we're still alive to report success.