-
Notifications
You must be signed in to change notification settings - Fork 4
/
README.xen_vmexit
27 lines (20 loc) · 1.62 KB
/
README.xen_vmexit
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# ** Build/run from dom0 **
# To build:
cd dom0/xen-vmexit-hypercall-client ; make
# To run:
# Edit config.txt:
# Modify the DOMAIN_NUMBER to your appropriate domain ('sudo xl list' from dom0 to determine what it is)
# Toggle lines to 1 to enable exiting, then execute 'sudo ./xen_ioctl'. You can check 'sudo xl dmesg' to verify that the hypercall completed.
# Check xen_ioctl.h for available primary and secondary execution controls (the provided list in config.txt is not comprehensive). Every line in config.txt will result in a hypercall being sent.
# Note: DR exiting is enabled by default on Xen, thus it is left as 1 in config.txt. Enabling exiting on an unsupported instruction will destabilize the guest domain (e.g., RDRAND, RDSEED). Ensure that they are supported before enabling them. You can check by running the guest code on the guest domain ('sudo ./ecr.sh ecr.ko'), which will not report results for RDRAND/RDSEED if either of them are not supported.
# ** Build/run from domU **
# Build the ECR package.
git clone https://github.com/ainfosec/ecr_toolkit.git
cd ecr_toolkit
make
# Run the module without any options to obtain timing for each instruction, sans the non-temporal move operations.
sudo ./ecr.sh ecr.ko
# To test the non-temporal instructions, enable kernel memory allocation. See README.libvmi and use xen-emulate-response to cause variations in move instruction timing:
sudo ./ecr.sh ecr.ko -k
# Note 1: Kernel memory allocation may fail. In this case, simply rerun the module.
# Note 2: To obtain output in a CSV file, run with -c