cachepc

Prime+Probe cache-based side-channel attack on AMD SEV-SNP protected virtual machines
git clone https://git.sinitax.com/sinitax/cachepc
Log | Files | Refs | Submodules | README | sfeed.txt
commit 27ac7a95b69d70622f281c1b8d0300d38e5c541d
parent 2ee037acfeb15bbea48422199e09ce9911dfe117
Author: Louis Burda <quent.burda@gmail.com>
Date:   Mon, 30 Jan 2023 11:25:17 +0100

Added mainpfn guest utility to determine rough pfn for userspace code

Diffstat:

MMakefile | 25++++++++++++++++---------


Mtest/.gitignore | 1+


Mtest/qemu-pagestep | 0


Mutil/.gitignore | 2+-


Autil/mainpfn.c | 51+++++++++++++++++++++++++++++++++++++++++++++++++++


5 files changed, 69 insertions(+), 10 deletions(-)

diff --git a/Makefile b/Makefile
@@ -12,7 +12,7 @@ BINS += test/kvm-pagestep test/kvm-pagestep_guest
 BINS += test/qemu-pagestep
 BINS += test/qemu-eviction test/qemu-eviction_guest
 # BINS += test/qemu-aes_guest test/qemu-aes
-BINS += util/debug util/reset
+BINS += util/debug util/reset util/mainpfn
 
 CFLAGS = -I . -I linux/usr/include
 CFLAGS += -g -Wunused-variable -Wunknown-pragmas -Wunused-function
@@ -22,8 +22,11 @@ GUEST_CFLAGS = $(CFLAGS) -static
 
 LDLIBS = -lpthread
 
-TEST_SRCS = test/util.c test/util.h test/kvm.c test/kvm.h
-TEST_SRCS += cachepc/uapi.h cachepc/const.h
+UTIL_HDRS = cachepc/uapi.h cachepc/const.h
+UTIL_SRCS =
+
+TEST_HDRS = cachepc/uapi.h cachepc/const.h test/util.h test/kvm.h
+TEST_SRCS = test/util.c test/kvm.c
 
 all: build $(BINS)
 
@@ -62,16 +65,20 @@ prep:
 	sudo cpupower frequency-set -d 3.7GHz -u 3.7GHz
 	sudo bash -c "for f in /proc/irq/*/smp_affinity; do echo 1 > \$$f 2>/dev/null; done"
 
-util/%: util/%.c $(CACHEPC_UAPI)
+util/%: util/%.c $(UTIL_SRCS)
+	$(CC) -o $@ $< $(HOST_CFLAGS)
+
+util/mainpfn: util/mainpfn.c $(UTIL_SRCS)
+	$(CC) -o $@ $< $(GUEST_CFLAGS)
 
-test/%.o: test/%.c
-	$(CC) -c -o $@ $^ $(CFLAGS)
+test/%.o: test/%.c $(TEST_HDRS)
+	$(CC) -c -o $@ $< $(HOST_CFLAGS)
 
-test/%.o: test/%.S
-	$(CC) -c -o $@ $^ $(CFLAGS)
+test/%.o: test/%.S $(TEST_HDRS)
+	$(CC) -c -o $@ $< $(HOST_CFLAGS)
 
 test/%: test/%.c $(TEST_SRCS)
-	$(CC) -o $@ $(filter %.c,$^) $(filter %.S,$^) $(CFLAGS) $(LDLIBS)
+	$(CC) -o $@ $(filter %.c,$^) $(HOST_CFLAGS) $(LDLIBS)
 
 test/kvm-%_guest: test/kvm-%_guest.o test/kvm-guest.lds
 	$(LD) -Ttest/kvm-guest.lds -o $@ $<
diff --git a/test/.gitignore b/test/.gitignore
@@ -9,6 +9,7 @@ kvm-pagestep
 kvm-pagestep_guest
 qemu-eviction
 qemu-eviction_guest
+qemu-pagestep
 qemu-aes
 qemu-aes_guest
 qemu-poc
diff --git a/test/qemu-pagestep b/test/qemu-pagestep
Binary files differ.
diff --git a/util/.gitignore b/util/.gitignore
@@ -1,3 +1,3 @@
 debug
-svme
 reset
+mainpfn
diff --git a/util/mainpfn.c b/util/mainpfn.c
@@ -0,0 +1,51 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <err.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+struct pageinfo {
+	uint64_t pfn : 54;
+	unsigned int soft_dirty : 1;
+	unsigned int file_page : 1;
+	unsigned int swapped : 1;
+	unsigned int present : 1;
+};
+
+void
+pagemap_get_entry(struct pageinfo *entry, int fd, uintptr_t vaddr)
+{
+	uint64_t data;
+	size_t offset;
+
+	offset = (vaddr / sysconf(_SC_PAGE_SIZE)) * 8;
+	if (pread(fd, (void *) &data, 8, offset) != 8)
+		err(1, "pread");
+
+	entry->pfn = data & ((1ULL << 54) - 1);
+	entry->soft_dirty = (data >> 54) & 1;
+	entry->file_page = (data >> 61) & 1;
+	entry->swapped = (data >> 62) & 1;
+	entry->present = (data >> 63) & 1;
+}
+
+int
+main(int argc, const char **argv)
+{
+	char filepath[256];
+	struct pageinfo info;
+	pid_t pid;
+	int fd;
+
+	pid = getpid();
+	snprintf(filepath, sizeof(filepath), "/proc/%u/pagemap", pid);
+
+	fd = open(filepath, O_RDONLY);
+	if (!fd) err(1, "open");
+
+	pagemap_get_entry(&info, fd, (uintptr_t) main);
+	printf("PFN: %08lx\n", info.pfn);
+
+	close(fd);
+}