Hi,
I was wondering if anyone was able to get a PoC for Spectre v2/BTB working on
gem5. I was able to get Spectre v1 and ret2spec to work, but not Spectre v2. I
tried multiple PoCs, cache thresholds, and gem5 configurations (both se and fs;
with different branch predictors) but none seem to work. The problem is that
the misspeculated gadget is not executed, not that the flush+reload channel
does not work. This is supported by the fact that the other working variants
use the same flush+reload code and parameters.
Here are the PoCs I tried, all on x86:
*
Spectre v2/BTB (all not working):
*
https://github.com/Anton-Cao/spectrev2-poc
*
https://github.com/IAIK/transientfail/tree/master/pocs/spectre/BTB/sa_ip
*
https://github.com/google/safeside/blob/main/demos/spectre_v1_btb_sa.cc
*
Spectre v1/PHT:
*
https://github.com/Eugnis/spectre-attack (working)
*
https://github.com/IAIK/transientfail/tree/master/pocs/spectre/PHT/sa_ip
(working but fails with some branch predictors)
*
https://github.com/google/safeside/blob/main/demos/spectre_v1_pht_sa.cc
(working)
*
ret2spec:
*
https://github.com/google/safeside/blob/main/demos/ret2spec_sa.cc (working)
Any help would be appreciated. Thank you.
Best,
Hossam
_______________________________________________
gem5-users mailing list -- gem5-users@gem5.org
To unsubscribe send an email to gem5-users-le...@gem5.org
