docs/xtf/xsa-470_2main_8c_source.html

#include <xtf.h>


const char test_title[] = "XSA-470 PoC";

bool test_needs_fep = true;


void test_main(void)

{

    unsigned int status, denorm = 0x1;

    exinfo_t fault = 0;


    /* Enable SSE, clear and unmask all exceptions. */

    write_cr4(read_cr4() | X86_CR4_OSFXSR | X86_CR4_OSXMMEXCPT);

    write_mxcsr(0);


    /*

     * As we're compiled with -mno-sse, SSE register constraints aren't

     * tolerated.  Just use %xmm0 behind the back of the compiler; it's not

     * going to interfere with anything.

     */

    asm volatile ("movd %[denorm], %%xmm0\n\t"

                  _ASM_XEN_FEP "1: ucomiss %%xmm0, %%xmm0\n\t"

                  "2: "

                  _ASM_EXTABLE_HANDLER(1b, 2b, %P[rec])

                  : "+a" (fault)

                  : [rec] "p" (ex_record_fault_eax),

                    [denorm] "rm" (denorm));


    /*

     * If we're still alive here, Xen didn't crash.  Cross-check that the

     * emulator did hand us back the right exception.

     */

    if ( fault != EXINFO_SYM(XM, 0) )

        return xtf_error("Error: expecting #XM, got %pe\n", _p(fault));


    status = read_mxcsr() & X86_MXCSR_STATUS_MASK;

    if ( status != X86_MXCSR_DE )

        return xtf_error("Error: expecting #D, got %#x\n", status);


    xtf_success("Success: Not vulnerable to XSA-470\n");

}


/*

 * Local variables:

 * mode: C

 * c-file-style: "BSD"

 * c-basic-offset: 4

 * tab-width: 4

 * indent-tabs-mode: nil

 * End:

 */

_ASM_XEN_FEP
#define _ASM_XEN_FEP
Xen Forced Emulation Prefix.
Definition: xen.h:150

ex_record_fault_eax
bool ex_record_fault_eax(struct cpu_regs *regs, const struct extable_entry *ex)
Record the current fault in %eax.
Definition: extable.c:8

read_mxcsr
static uint32_t read_mxcsr(void)
Definition: lib.h:308

write_mxcsr
static void write_mxcsr(uint32_t mxcsr)
Definition: lib.h:317

read_cr4
static unsigned long read_cr4(void)
Definition: lib.h:252

write_cr4
static void write_cr4(unsigned long cr4)
Definition: lib.h:285

test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition: main.c:301

test_title
const char test_title[]
The title of the test.
Definition: main.c:13

EXINFO_SYM
#define EXINFO_SYM(exc, ec)
Definition: exinfo.h:29

exinfo_t
unsigned int exinfo_t
Packed exception and error code information.
Definition: exinfo.h:19

_ASM_EXTABLE_HANDLER
#define _ASM_EXTABLE_HANDLER(fault, fixup, handler)
Create an exception table entry with custom handler.
Definition: extable.h:38

_p
#define _p(v)
Express an abitrary integer v as void *.
Definition: numbers.h:48

X86_MXCSR_DE
#define X86_MXCSR_DE
Definition: processor.h:92

X86_CR4_OSFXSR
#define X86_CR4_OSFXSR
Definition: processor.h:53

X86_MXCSR_STATUS_MASK
#define X86_MXCSR_STATUS_MASK
Definition: processor.h:97

X86_CR4_OSXMMEXCPT
#define X86_CR4_OSXMMEXCPT
Definition: processor.h:54

xtf_error
void xtf_error(const char *fmt,...)
Report a test error.
Definition: report.c:80

status
static enum test_status status
Current status of this test.
Definition: report.c:14

xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition: report.c:38

test_needs_fep
bool test_needs_fep
Boolean indicating whether the test is entirely predicated on the available of the Force Emulation Pr...
Definition: main.c:34