All geek questions in one place

Meltdown PoC Detailed Code Review

I read all weekend about Meltdown and Specter

I also already read the .pdfs for Specter and Meltdown which should be read for those who are looking for more knowledge about these exploits, but, unfortunately, do not provide detailed explanations for the code.

I found various PoCs on github that were very interesting, but I lack the knowledge to fully understand this. I would appreciate a more detailed explanation on specific parts:

From this link https://github.com/dendisuhubdy/meltdown/blob/master/src/poc.c and other git repositories there are also many interesting parts to the concept of this exploit.

Reading time

/* Time reads. Order is lightly mixed up to prevent stride prediction */ for (i = 0; i < 256; i++) { mix_i = ((i * 167) + 13) & 255; addr = &array2[mix_i * 512]; time1 = __rdtscp(&junk); /* READ TIMER */ junk = *addr; /* MEMORY ACCESS TO TIME */ time2 = __rdtscp(&junk) - time1; /* READ TIMER & COMPUTE ELAPSED TIME */ if (time2 <= CACHE_HIT_THRESHOLD && mix_i != array1[tries % array1_size]) results[mix_i]++; /* cache hit - add +1 to score for this value */ }

why do we use primes 167 and 13?

  /* Locate highest & second-highest results results tallies in j/k */

Why do we care about the maximum value?

Other explanation of the details are also welcome!

+5
source share

No one has answered this question yet.

See related questions:

Source: https://habr.com/ru/post/1275016/

More articles:


All Articles