Souldn't it also work, if /proc/version" is read from an other process into buffer? about meltdown-exploit HOT 6 CLOSED

Should it not also work, if /proc/version is read for some seconds by an other process

I'm not sure and must be depending on the environment.

I put the read file stuff into an other file and recompiled both

I can't tell without the source code.

from meltdown-exploit.

As quick example, something like:
comment lines 163 to 167:
ret = pread(fd, buf, sizeof(buf), 0);
if (ret < 0) {
perror("pread");
break;
}

and in an other terminal run:

while [ 1 ]; do cat /proc/version > /dev/null; done

Maybe I miss understood the whole thing but in my opinion the code is accessing data for which it has permission anyways. Is it possible to output /proc/version without
fd = open("/proc/version", O_RDONLY);
in the same process?

So thanks for your test, but I don't get it at the moment.

from meltdown-exploit.

The kernel has the access to this memory, but not the userspace. But userspace can "read" it via cache accesses.

Try playing with processes affinities. Maybe try change the criteria of the success (I believe checking that hist[i] > 2 may be enough). Try enabling debug and show the results again.

from meltdown-exploit.

OK, I played with the thresholds
Now, even with reading /proc/version in a C loop and enabling DEBUG:
#ifdef DEBUG
for (i = 0; i < BITS_BY_READ; i++) {
if (hist[i] > 0)
printf("addr %lx hist[%x] = %d\n", addr, i, hist[i]);
}
#endif
There are only zeros.

Maybe, it is really some timing problem. Secondly I changed your original code, but while reading one bit, I load the file only once in buf, there are already random changes/mistakes in output.
So could be hard to exploit the bug in real world. Maybe it is also very cpu / architecture depending as you told.
Tried on "Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz"
(your given example is working fine)

from meltdown-exploit.

I updated the code, it now reads whole bytes and uses a different approach to see what is the value read (a histogram).

If you read the /proc/version and run new code it from the same CPU it should work (use taskset). Don't forget to disable the pread().

$ cat readversion.c 

#include <unistd.h>
#include <fcntl.h>

int main()
{
	char buf[256];
	int fd;

	fd = open("/proc/version", O_RDONLY);
	while (1)
		(void) pread(fd, buf, sizeof(buf), 0);
	close(fd);
}

from meltdown-exploit.

@sebeka Please, next time just show the code by forking original and commiting in your fork. It is easy and it improves sociability. Git is a wonderful thing for this ability.

from meltdown-exploit.