Merge branch 'master' of github.com:ahoi-attacks/heckler

ahoi-attacks · Apr 20, 2024 · eaa3dde · eaa3dde
2 parents 3d57e0a + 132cd80
commit eaa3dde
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 23 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -17,7 +17,7 @@ jobs:
     - uses: actions/checkout@master
     - name: run ci
       run: |
-        sudo apt install -y python3 python3-pip python3-venv
+        sudo apt install -y python3 python3-pip python3-venv nasm
         ./misc/ci.sh
         
   
diff --git a/README.md b/README.md
@@ -1,3 +1,7 @@
+[![build-heckler-userspace](https://github.com/ahoi-attacks/heckler/actions/workflows/ci.yaml/badge.svg)](https://github.com/ahoi-attacks/heckler/actions/workflows/ci.yaml)
+[![License: MIT](https://img.shields.io/badge/USENIX%20Security%20'24-Accepted%20Paper-blue)](https://www.usenix.org/conference/usenixsecurity24/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)
+
 # Heckler
 >
 > Breaking Confidential VMs with Malicious Interrupts  
@@ -34,7 +38,7 @@ We recommend the following additional kernel arguments.
 ```
 GRUB_CMDLINE_LINUX_DEFAULT="transparent_hugepage=never rcupdate.rcu_cpu_stall_suppress=1 nmi_watchdog=0"
 ```
-
+We ran our experiments on an AMD EPYC 9124 16-Core Processor.
 
 ### VM Image
 Create an Ubuntu 22.04/23.10 image in qcow2 format. See [./run.sh](./run_vm_sudo.sh) script.

diff --git a/launch-qemu-shell.sh b/launch-qemu-shell.sh
@@ -293,15 +293,7 @@ QEMU_CONSOLE_LOG=`pwd`/stdout.log
 # save the command line args into log file
 # cat $QEMU_CMDLINE | tee ${QEMU_CONSOLE_LOG}
 echo | tee -a ${QEMU_CONSOLE_LOG}
-
-
-
-
-
 echo "never" | sudo tee /sys/kernel/mm/transparent_hugepage/enabled
-
-
-
 echo "Launching VM ..."
 echo "  $QEMU_CMDLINE"
 

diff --git a/userspace/attack/Makefile b/userspace/attack/Makefile
@@ -1,3 +1,5 @@
+PWD=$$(pwd)
+SCRIPT_DIR=$(shell cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 venv_dir = ../venv
 env_file = ../sev-step/environment.env
 SHELL := /bin/bash
@@ -12,11 +14,13 @@ $(venv_dir)/touchfile: requirements.txt
 	touch $(venv_dir)/touchfile
 
 build: venv
+	. $(venv_dir)/bin/activate; pip install -r requirements.txt
 	. $(venv_dir)/bin/activate; pip install -e .
 	echo "/dev/kvm needs to be accessible by current user. Sudo required to change permissions"
 	sudo chmod 666 /dev/kvm
 
 test: venv
+	. $(venv_dir)/bin/activate; pip install -r requirements.txt
 	sh -c "'$(SCRIPT_DIR)/run_tests.sh'"
 
 clean:

diff --git a/userspace/attack/heckler/ssh/trace_eval.py b/userspace/attack/heckler/ssh/trace_eval.py
@@ -2,7 +2,7 @@
 
 from ordered_set import OrderedSet
 
-from experiments.common import load_json
+from heckler.common import load_json
 
 
 #

diff --git a/userspace/sudo/Makefile b/userspace/sudo/Makefile
@@ -2,21 +2,10 @@ CC = gcc
 CFLAGS =
 
 .PHONY: all
-all: profile_sample profile_pam libsample.so sample_consumer
+all: profile_pam
 
 CFLAGS=-g -I.
 
-sample_consumer: sample_consumer.c libsample.so
-	$(CC) $(CFLAGS) $^ -o $@  -lsample -L .
-
-libsample.so: sample.c
-	$(CC) -o $@ $^ -shared -fPIC
-
-
-profile_sample: profile_sample.c virt_to_phy.c
-	$(CC) $(CFLAGS) $^ -o $@
-
-
 profile_pam: profile_pam.c virt_to_phy.c
 	$(CC) $(CFLAGS) $^ -o $@
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,7 +2,7 @@ @@
     from ordered_set import OrderedSet
-    from experiments.common import load_json
+    from heckler.common import load_json
     #
@@ Expand Down @@