heckler: introduce CI and fix build errors

ahoi-attacks · Apr 19, 2024 · 4f23a2d · 4f23a2d
1 parent 7f938e1
commit 4f23a2d
Show file tree

Hide file tree

Showing 6 changed files with 99 additions and 21 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,23 @@
+on:
+  push:
+    branches:    
+      - master
+
+  workflow_dispatch:
+
+concurrency: 
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
+name: build-heckler-userspace
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - name: run ci
+      run: |
+        sudo apt install -y python3 python3-pip python3-venv nasm
+        ./misc/ci.sh
+        
+  
diff --git a/README.md b/README.md
@@ -34,7 +34,7 @@ We recommend the following additional kernel arguments.
 ```
 GRUB_CMDLINE_LINUX_DEFAULT="transparent_hugepage=never rcupdate.rcu_cpu_stall_suppress=1 nmi_watchdog=0"
 ```
-
+We ran our experiments on an AMD EPYC 9124 16-Core Processor.
 
 ### VM Image
 Create an Ubuntu 22.04/23.10 image in qcow2 format. See [./run.sh](./run_vm_sudo.sh) script.

diff --git a/launch-qemu-shell.sh b/launch-qemu-shell.sh
@@ -293,15 +293,7 @@ QEMU_CONSOLE_LOG=`pwd`/stdout.log
 # save the command line args into log file
 # cat $QEMU_CMDLINE | tee ${QEMU_CONSOLE_LOG}
 echo | tee -a ${QEMU_CONSOLE_LOG}
-
-
-
-
-
 echo "never" | sudo tee /sys/kernel/mm/transparent_hugepage/enabled
-
-
-
 echo "Launching VM ..."
 echo "  $QEMU_CMDLINE"
 

diff --git a/misc/ci.sh b/misc/ci.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+set -euo pipefail
+
+script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+root_dir=$script_dir/../
+
+#
+# simple ci for some basic tests
+#
+
+function check_pgm() {
+    local pgm=$1
+
+    if ! command -v $pgm &> /dev/null
+    then
+        echo "$pgm could not be found"
+        exit 1
+    fi
+}
+
+
+function ssh() {
+    cd $root_dir/userspace/ssh
+
+    #
+    # github runner fails
+    # /usr/bin/mkdir: cannot create directory ‘/var/empty’: Permission denied
+    # ignore
+    make || true
+}
+
+function sudo() {
+    cd $root_dir/userspace/sudo
+    make
+
+}
+
+function kernel() {
+    set -x
+    source $root_dir/stable-commits
+
+    mkdir -p $root_dir/linux/host
+    git clone --depth 1 -b $KERNEL_HOST_BRANCH $KERNEL_GIT_URL $root_dir/linux/host || true
+    cd $root_dir/linux/host
+    make headers
+}
+
+function attack() {
+    set -x
+    cd $root_dir/userspace/sev-step
+    make
+
+    cd $root_dir/userspace/heckler_bindings
+    make
+
+    cd $root_dir/userspace/attack
+    make
+
+    make test
+}
+
+check_pgm python
+check_pgm make
+check_pgm gcc
+
+
+ssh
+sudo
+kernel
+attack
+
+
diff --git a/userspace/attack/Makefile b/userspace/attack/Makefile
@@ -1,3 +1,5 @@
+PWD=$$(pwd)
+SCRIPT_DIR=$(shell cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 venv_dir = ../venv
 env_file = ../sev-step/environment.env
 SHELL := /bin/bash

diff --git a/userspace/sudo/Makefile b/userspace/sudo/Makefile
@@ -2,21 +2,10 @@ CC = gcc
 CFLAGS =
 
 .PHONY: all
-all: profile_sample profile_pam libsample.so sample_consumer
+all: profile_pam
 
 CFLAGS=-g -I.
 
-sample_consumer: sample_consumer.c libsample.so
-	$(CC) $(CFLAGS) $^ -o $@  -lsample -L .
-
-libsample.so: sample.c
-	$(CC) -o $@ $^ -shared -fPIC
-
-
-profile_sample: profile_sample.c virt_to_phy.c
-	$(CC) $(CFLAGS) $^ -o $@
-
-
 profile_pam: profile_pam.c virt_to_phy.c
 	$(CC) $(CFLAGS) $^ -o $@