docs/xtf/xsa-200_2main_8c_source.html

#include <xtf.h>


const char test_title[] = "XSA-200 PoC";


bool test_needs_fep = true;


void test_main(void)

{

    uint64_t mem = 0xc2c2c2c2c2c2c2c2ull;


    uint64_t old = 0x0123456789abcdefull;

    uint64_t new = 0xfedcba9876543210ull;

    uint64_t prev;


    unsigned int i;

    exinfo_t fault = 0;


    for ( i = 0; i < 10; ++i )

    {

        /* Poke the emulator. */

        asm volatile (_ASM_XEN_FEP "1: .byte 0x66; cmpxchg8b %[ptr]; 2:"

                      _ASM_EXTABLE_HANDLER(1b, 2b, %P[rec])

                      : "=A" (prev), [ptr] "+m" (mem), "+D" (fault)

                      : "c" ((uint32_t)(new >> 32)), "b" ((uint32_t)new),

                        "0" (old), [rec] "p" (ex_record_fault_edi));


        if ( fault == EXINFO_SYM(UD, 0) )

            return xtf_success("Success: Not vulnerable to XSA-200\n");

        else if ( fault )

            return xtf_error("Error: Unexpected fault %08x\n", fault);


        if ( prev != mem )

            return xtf_failure("Fail: Hypervisor stack leaked into guest\n");

    }


    xtf_success("Success: Probably not vulnerable to XSA-200\n");

}


/*

 * Local variables:

 * mode: C

 * c-file-style: "BSD"

 * c-basic-offset: 4

 * tab-width: 4

 * indent-tabs-mode: nil

 * End:

 */

_ASM_XEN_FEP
#define _ASM_XEN_FEP
Xen Forced Emulation Prefix.
Definition: xen.h:150

ex_record_fault_edi
bool ex_record_fault_edi(struct cpu_regs *regs, const struct extable_entry *ex)
Record the current fault in %edi.
Definition: extable.c:16

test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:110

test_title
const char test_title[]
The title of the test.
Definition: main.c:24

EXINFO_SYM
#define EXINFO_SYM(exc, ec)
Definition: exinfo.h:29

exinfo_t
unsigned int exinfo_t
Packed exception and error code information.
Definition: exinfo.h:19

_ASM_EXTABLE_HANDLER
#define _ASM_EXTABLE_HANDLER(fault, fixup, handler)
Create an exception table entry with custom handler.
Definition: extable.h:38

xtf_failure
void xtf_failure(const char *fmt,...)
Report a test failure.
Definition: report.c:94

xtf_error
void xtf_error(const char *fmt,...)
Report a test error.
Definition: report.c:80

xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38

uint32_t
__UINT32_TYPE__ uint32_t
Definition: stdint.h:16

uint64_t
__UINT64_TYPE__ uint64_t
Definition: stdint.h:17

test_needs_fep
bool test_needs_fep
Boolean indicating whether the test is entirely predicated on the available of the Force Emulation Pr...
Definition: main.c:34