cachepc

Prime+Probe cache-based side-channel attack on AMD SEV-SNP protected virtual machines
git clone https://git.sinitax.com/sinitax/cachepc
Log | Files | Refs | Submodules | README | sfeed.txt
commit 156da64fb4f36584039d06d30eab2784e4a71a5d
parent 61d67ae0927eeade04171374a91a1adaa4d94a28
Author: Louis Burda <quent.burda@gmail.com>
Date:   Thu,  3 Nov 2022 13:45:41 +0100

Build crypto module and no ACCESS_PATTERN in aes-detect_guest

Diffstat:

MMakefile | 8+++++---


Mcachepc/mmu.c | 3+--


Mtest/aes-detect_guest | 0


Mtest/aes-detect_guest.c | 8++++----


4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/Makefile b/Makefile
@@ -4,6 +4,8 @@ PWD := $(shell pwd)
 TARGETS = build test/eviction test/access test/kvm test/sev test/sev-es test/sevstep 
 TARGETS += test/aes-detect_guest test/aes-detect_host
 
+CFLAGS = -I . -I test -Wunused-variable -Wunknown-pragmas
+
 all: $(TARGETS)
 
 clean:
@@ -13,7 +15,7 @@ $(LINUX)/arch/x86/kvm/cachepc:
 	ln -sf $(PWD)/cachepc $@
 
 build: $(LINUX)/arch/x86/kvm/cachepc
-	$(MAKE) -C $(LINUX) -j6 M=arch/x86/kvm
+	$(MAKE) -C $(LINUX) -j6 M=arch/x86/kvm M=crypto
 
 load:
 	sudo rmmod kvm_amd || true
@@ -22,10 +24,10 @@ load:
 	sudo insmod $(LINUX)/arch/x86/kvm/kvm-amd.ko
 
 test/aes-detect_%: test/aes-detect_%.c test/aes-detect.c
-	clang -o $@ $< -I . -I test/libkcapi/lib -L test/libkcapi/.libs -lkcapi -static
+	clang -o $@ $< $(CFLAGS) -I test/libkcapi/lib -L test/libkcapi/.libs -lkcapi -static
 
 test/%: test/%.c cachepc/uapi.h
-	clang -o $@ $< -fsanitize=address -I . -I test -Wunused-variable
+	clang -o $@ $< $(CFLAGS)  -fsanitize=address
 
 update:
 	git -C $(LINUX) diff 0aaa1e599bee256b3b15643bbb95e80ce7aa9be5 -G. > patch.diff
diff --git a/cachepc/mmu.c b/cachepc/mmu.c
@@ -14,8 +14,6 @@ sevstep_uspt_page_fault_handle(struct kvm_vcpu *vcpu,
 	int i;
 	int err;
 
-	pr_warn("Sevstep: Got page fault (gfn:%llu)", fault->gfn);
-
 	was_tracked = false;
 	for (i = 0; i < sizeof(modes) / sizeof(modes[0]); i++) {
 		if (kvm_slot_page_track_is_active(vcpu->kvm,
@@ -26,6 +24,7 @@ sevstep_uspt_page_fault_handle(struct kvm_vcpu *vcpu,
 	}
 
 	if (was_tracked) {
+		pr_warn("Sevstep: Tracked page fault (gfn:%llu)", fault->gfn);
 		err = sevstep_uspt_send_and_block(fault->gfn << PAGE_SHIFT,
 			fault->error_code);
 		if (err) {
diff --git a/test/aes-detect_guest b/test/aes-detect_guest
Binary files differ.
diff --git a/test/aes-detect_guest.c b/test/aes-detect_guest.c
@@ -11,7 +11,7 @@
 #include <stdint.h>
 #include <stdlib.h>
 
-#include "aes-detect.c"
+// #include "aes-detect.c"
 
 static uint8_t key[16];
 
@@ -48,14 +48,14 @@ main(int argc, const char **argv)
 		memset(block, 0, sizeof(block));
 		strncpy((char *) block, "Hello world", sizeof(block));
 
-		DO_ACCESS_PATTERN();
+		// DO_ACCESS_PATTERN();
 
-		// printhex(block, sizeof(block));
+		printhex(block, sizeof(block));
 		n = kcapi_cipher_encrypt(kcapi, block, sizeof(block), NULL,
 			block, sizeof(block), KCAPI_ACCESS_HEURISTIC);
 		if (n != sizeof(block))
 			err(1, "encrypt");
-		// printhex(block, sizeof(block));
+		printhex(block, sizeof(block));
 
 		sleep(1);
 	}