Xen Test Framework
main.c
Go to the documentation of this file.
1
27#include <xtf.h>
28
29const char test_title[] = "XSA-191 PoC";
30
31bool test_needs_fep = true;
32
33void test_main(void)
34{
35 unsigned long tmp;
36 exinfo_t fault;
37
38 printk("Testing read through NULL segment:\n");
39 write_fs(0);
40 asm volatile (_ASM_XEN_FEP
41 "1: mov %%fs:0, %[dst]; 2:"
42 _ASM_EXTABLE_HANDLER(1b, 2b, %P[rec])
43 : "=D" (fault),
44 [dst] "=r" (tmp)
45 : "D" (0),
46 [rec] "p" (ex_record_fault_edi));
47
48 switch ( fault )
49 {
50 case 0:
51 xtf_failure(" Fail: Access via NULL segment didn't fault\n");
52 break;
53
54 case EXINFO_SYM(GP, 0):
55 printk(" Success: Got #GP fault\n");
56 break;
57
58 default:
59 xtf_error(" Error: Unexpected fault %#x, %pe\n", fault, _p(fault));
60 break;
61 }
62
63 printk("Testing stale LDT:\n");
64
65 user_desc ldt[1] = { gdt[__KERN_DS >> 3] };
66
67 pack_ldt_desc(&gdt[GDTE_AVAIL0], ldt, sizeof(ldt) - 1);
68
69 lldt(GDTE_AVAIL0 << 3);
70 lldt(0);
71
72 asm volatile (_ASM_XEN_FEP
73 "1: mov %[sel], %%fs; 2:"
74 _ASM_EXTABLE_HANDLER(1b, 2b, %P[rec])
75 : "=a" (fault)
76 : "a" (0),
77 [sel] "r" (4),
78 [rec] "p" (ex_record_fault_eax));
79
80 switch ( fault )
81 {
82 case 0:
83 xtf_failure(" Fail: Loaded selector from stale LDT\n");
84 break;
85
86 case EXINFO_SYM(GP, SEL_EC_SYM(0, LDT)):
87 printk(" Success: Got #GP fault\n");
88 break;
89
90 default:
91 xtf_error(" Error: Unexpected fault %#x, %pe\n", fault, _p(fault));
92 break;
93 }
94
95 xtf_success(NULL);
96}
97
98/*
99 * Local variables:
100 * mode: C
101 * c-file-style: "BSD"
102 * c-basic-offset: 4
103 * tab-width: 4
104 * indent-tabs-mode: nil
105 * End:
106 */
_ASM_XEN_FEP
#define _ASM_XEN_FEP
Xen Forced Emulation Prefix.
Definition: xen.h:150
ex_record_fault_edi
bool ex_record_fault_edi(struct cpu_regs *regs, const struct extable_entry *ex)
Record the current fault in %edi.
Definition: extable.c:16
ex_record_fault_eax
bool ex_record_fault_eax(struct cpu_regs *regs, const struct extable_entry *ex)
Record the current fault in %eax.
Definition: extable.c:8
write_fs
static void write_fs(unsigned int fs)
Definition: lib.h:196
lldt
static void lldt(unsigned int sel)
Definition: lib.h:337
printk
void printk(const char *fmt,...)
Definition: console.c:134
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:110
test_title
const char test_title[]
The title of the test.
Definition: main.c:24
gdt
user_desc gdt[NR_GDT_ENTRIES]
pack_ldt_desc
static void pack_ldt_desc(user_desc *d, const user_desc *ldt, unsigned int limit)
Definition: desc.h:212
EXINFO_SYM
#define EXINFO_SYM(exc, ec)
Definition: exinfo.h:29
exinfo_t
unsigned int exinfo_t
Packed exception and error code information.
Definition: exinfo.h:19
_ASM_EXTABLE_HANDLER
#define _ASM_EXTABLE_HANDLER(fault, fixup, handler)
Create an exception table entry with custom handler.
Definition: extable.h:38
GP
#define GP
_p
#define _p(v)
Express an abitrary integer v as void *.
Definition: numbers.h:48
xtf_failure
void xtf_failure(const char *fmt,...)
Report a test failure.
Definition: report.c:94
xtf_error
void xtf_error(const char *fmt,...)
Report a test error.
Definition: report.c:80
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38
GDTE_AVAIL0
#define GDTE_AVAIL0
Definition: segment.h:37
NULL
#define NULL
Definition: stddef.h:12
SEL_EC_SYM
#define SEL_EC_SYM(sel,...)
Create a selector based error code using X86_EC_ mnemonics.
Definition: symbolic-const.h:80
test_needs_fep
bool test_needs_fep
Boolean indicating whether the test is entirely predicated on the available of the Force Emulation Pr...
Definition: main.c:34
Generated by doxygen 1.9.4