Hello everyone,
I am currently working on a meltdown simulation & analysis using the fs.py script. Using se.py is not possible, because there is no kernel space mapping.
As for the meltdown test code, I'm using this repo: https://github.com/IAIK/meltdown
After playing a bit with the multiple parameter options, my current command line call is:
"./build/X86/gem5.opt configs/example/fs.py --cpu-type=X86O3CPU --bp-type=LTAGE --caches --l2cache -n 8 --kernel=fs_stuff/vmlinux-5.4.49 --disk-image=fs_stuff/x86-ubuntu.img --script=fs_stuff/test"
As you can see here, I am using the X86O3CPU and the branch predictor LTAGE (mainly because spectre only works using LTAGE). In theory, this should work and the test binary is executed in the simulation, but unfortunately the simulation either stops right before the leak or during the leakage (not at an exact point everytime, sometimes 1 char, sometimes 4 chars). The simulation does not abort by itself but looks like it's stuck somewhere. I waited for over one hour, but there was no extra char leaked.
First I thought something is missing to even leak anything here, but after some tries do in fact leak some parts of the secret before stopping, there should be another problem.
When the meltdown code is executed, the console log is spammed with "warn: instruction 'palignr_Vdq_Wdq_Ib' unimplemented"". At first I thought this could be the missing piece, but even with these warnings, some parts of the secret were leaked in some tries.
My first goal is to get the complete leak in the result including a normal exit of the gem5 simulation.
Does anyone here have an idea or experience at this topic? It would be very helpful to discuss possible problems and solutions.
Thank you very much in advance.
Kind regards
Robin
_______________________________________________ gem5-users mailing list -- gem5-users@gem5.org To unsubscribe send an email to gem5-users-le...@gem5.org
