Does not build on 32bit with gcc 7.2.0 #1
Comments
|
Heavily uses 64-bit asm so won't work on 32-bit either. Sorry. |
|
Alright. |
|
@RealKindOne I can provide an implementation if you are willing to check it! |
|
Sure. |
|
I've a couple of 32 bit intel atoms (one linux and one openBSD) happy to test on those if you want.
|
|
I've tried that, it fails here (Debian Stretch i386) with:
|
|
On 5 Jan 2018, at 14:42, Pavel Boldin ***@***.***> wrote:
https://github.com/paboldin/meltdown-exploit/tree/i386 <https://github.com/paboldin/meltdown-exploit/tree/i386>
thp@pi:/project2/github/paboldin/meltdown-exploit$ make
cc -O0 -c -o meltdown.o meltdown.c
cc meltdown.o -o meltdown
meltdown.o: In function `clflush_target':
meltdown.c:(.text+0x1e): undefined reference to `_mm_clflush'
meltdown.o: In function `set_cache_hit_threshold':
meltdown.c:(.text+0x92a): undefined reference to `_mm_clflush'
collect2: error: ld returned 1 exit status
make: *** [meltdown] Error 1
|
|
@corsac-s try with |
|
@steely-glint show me gcc version please. I will need to have |
|
@paboldin it fixes the _mm_clflush issue but now I have which is confusing since there is no |
|
Updated the branch. Please try again. |
|
On 5 Jan 2018, at 15:57, Pavel Boldin ***@***.***> wrote:
@steely-glint <https://github.com/steely-glint> show me gcc version please.
I will need to have cflush as asm inline I believe.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AArh4HwPrvKCy31pugfNHFjRdByE4vFPks5tHkZmgaJpZM4RTvDT>.
$cc --version
cc (Ubuntu 4.8.4-2ubuntu1~14.04.3) 4.8.4
Copyright (C) 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ uname -a
Linux pi.pe 3.13.0-129-generic #178-Ubuntu SMP Fri Aug 11 12:49:13 UTC 2017 i686 i686 i686 GNU/Linux
|
|
@paboldin thanks it builds fine now. Note: IA32 doesn't have It doesn't seem to work here but I guess it's not from the code but rather from the CPU (Core 2 Duo) or the threshold |
That is strange, the symbols must be arch-independent. They might be missing from the /proc/kallsyms. Can you please try finding them in the |
|
They're present indeed there (but it still doesn't work, I get only 0). Again thanks for your time |
|
The sudo test doesn't work in 32 bits, I still get an invalid operation when I run it though
here's a patch:
diff --git a/run.sh b/run.sh
index d6f3af7..7350148 100755
--- a/run.sh
+++ b/run.sh
@@ -1,6 +1,12 @@
#!/bin/sh -x
+arch=`uname -i`
+if test $arch = "x86_64" ; then
+ zeros="0000000000000000"
+else
+ zeros="00000000"
+fi
linux_proc_banner=$(awk '/linux_proc_banner/ { print $1 }' /proc/kallsyms)
-if test $linux_proc_banner = "0000000000000000"; then
+if test $linux_proc_banner = $zeros ; then
linux_proc_banner=$(sudo awk '/linux_proc_banner/ { print $1 }' /proc/ka
fi
./meltdown $linux_proc_banner 16
… On 5 Jan 2018, at 16:20, Yves-Alexis Perez ***@***.***> wrote:
They're present indeed there (but it still doesn't work, I get only 0). Again thanks for your time
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AArh4EAX8LQbYCbbpOuSIaUVD9-GiV_Dks5tHkvXgaJpZM4RTvDT>.
|
|
@corsac-s np. I have no such a hardware at my disposal so it will be impossible for me to make it work there. Full exploit should be able to do this as well. |
|
@steely-glint please recompile with |
No problem again many thanks for your help and your time. If I manage to do something I'll report back (I'm also trying amd64 on the same box just to be sure) |
|
On 5 Jan 2018, at 16:25, Pavel Boldin ***@***.***> wrote:
make CFLAGS=-DHAVE_RDTSCP=0 clean all
$ make "CFLAGS=-DHAVE_RDTSCP=0 -msse2" clean all
rm -f meltdown.o meltdown
cc -DHAVE_RDTSCP=0 -msse2 -c -o meltdown.o meltdown.c
cc meltdown.o -o meltdown
$ ./run.sh
+ uname -i
+ arch=i686
+ test i686 = x86_64
+ zeros=00000000
+ awk /linux_proc_banner/ { print $1 } /proc/kallsyms
+ linux_proc_banner=00000000
+ test 00000000 = 00000000
+ sudo awk /linux_proc_banner/ { print $1 } /proc/kallsyms
+ linux_proc_banner=c1671040
+ ./meltdown c1671040 16
cached = 36, uncached = 192, threshold 83
c1671040 = 0
c1671041 = 0
c1671042 = 0
c1671043 = 0
c1671044 = 0
c1671045 = 0
c1671046 = 0
c1671047 = 0
c1671048 = 0
c1671049 = 0
c167104a = 0
c167104b = 0
c167104c = 0
c167104d = 0
c167104e = 0
c167104f = 0
c1671050 = 0
c1671051 = 0
c1671052 = 0
c1671053 = 0
c1671054 = 0
c1671055 = 0
|
|
Please show output of |
|
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 28
model name : Intel(R) Atom(TM) CPU Z530 @ 1.60GHz
stepping : 2
microcode : 0x211
cpu MHz : 800.000
cache size : 512 KB
physical id : 0
… On 5 Jan 2018, at 16:35, Pavel Boldin ***@***.***> wrote:
Please show output of head /proc/cpuinfo.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AArh4IQi1Mfkt0z3nlqX5r2ORtojVn7pks5tHk9fgaJpZM4RTvDT>.
|
|
Intel Atoms are not vulnerable. Thanks for testing the port! Will merge it soon. |
|
|
I ran it on an edison too, same result.
make "CFLAGS=-DHAVE_RDTSCP=0 -msse2" clean all
rm -f meltdown.o meltdown
cc -DHAVE_RDTSCP=0 -msse2 -c -o meltdown.o meltdown.c
cc meltdown.o -o meltdown
root@edison:~/paboldin/meltdown-exploit# ./run.sh
++ uname -i
+ arch=unknown
+ test unknown = x86_64
+ zeros=00000000
++ awk '/linux_proc_banner/ { print $1 }' /proc/kallsyms
+ linux_proc_banner=c18f2040
+ test c18f2040 = 00000000
+ ./meltdown c18f2040 16
cached = 48, uncached = 96, threshold 67
c18f2040 = 0
c18f2041 = 0
c18f2042 = 0
c18f2043 = 0
c18f2044 = 0
c18f2045 = 0
c18f2046 = 0
c18f2047 = 0
c18f2048 = 0
c18f2049 = 0
c18f204a = 0
c18f204b = 0
c18f204c = 0
c18f204d = 0
c18f204e = 0
c18f204f = 0
c18f2050 = 0
c18f2051 = 0
c18f2052 = 0
c18f2053 = 0
c18f2054 = 0
c18f2055 = 0
root@edison:~/paboldin/meltdown-exploit# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 74
model name : Genuine Intel(R) CPU 4000 @ 500MHz
stepping : 8
microcode : 0x81f
cpu MHz : 500.000
cache size : 1024 KB
physical id : 0
… On 5 Jan 2018, at 16:46, Yves-Alexis Perez ***@***.***> wrote:
Intel Atoms are not vulnerable. Thanks for testing the port! Will merge it soon.
Actually earlier ones might not, but later one (starting with the Silvermont microarchitecture) have out-of-order execution (https://en.wikipedia.org/wiki/Silvermont#Design <https://en.wikipedia.org/wiki/Silvermont#Design>). The Z530 uses that micro architecture, so I'm unsure if it's really not vulnerable.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AArh4DHcrQjHHIZApL177PiGiTAuaxLtks5tHlHPgaJpZM4RTvDT>.
|
I'd be surprised if Edison had out-of-order execution so it makes sense. |
|
On 5 Jan 2018, at 16:46, Yves-Alexis Perez ***@***.***> wrote:
Intel Atoms are not vulnerable. Thanks for testing the port! Will merge it soon.
Actually earlier ones might not, but later one (starting with the Silvermont microarchitecture) have out-of-order execution (https://en.wikipedia.org/wiki/Silvermont#Design). The Z530 uses that micro architecture, so I'm unsure if it's really not vulnerable.
The register says:
"Chipzilla doesn't want you to know that every Intel processor since 1995 that implements out-of-order execution is potentially affected by Meltdown – except Itanium, and the Atom before 2013."
So I guess this is an old one :-)
https://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/
… —
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Yes indeed, sorry I messed up earlier. Z530 is really old (08) and definitely not Silvermont. It's Z3530 which is Silvermont. Sorry again. |
amd64 doesn't work either so maybe Core 2 Duo is not affected (lot of emphasis on maybe). |
|
Merged the i386 version. Thank you guys! |
|
Guys, please check the latest version build so I can close this. |
ghost
mentioned this issue
ghost
mentioned this issue
ghost
mentioned this issue
ghost
mentioned this issue
$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/i686-linux-gnu/7/lto-wrapper
Target: i686-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 7.2.0-18' --with-bugurl=file:///usr/share/doc/gcc-7/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr --with-gcc-major-version-only --program-suffix=-7 --program-prefix=i686-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib --enable-objc-gc=auto --enable-targets=all --enable-multiarch --disable-werror --with-arch-32=i686 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=i686-linux-gnu --host=i686-linux-gnu --target=i686-linux-gnu
Thread model: posix
gcc version 7.2.0 (Debian 7.2.0-18)
The text was updated successfully, but these errors were encountered: