Comments (6)
Should it not also work, if /proc/version is read for some seconds by an other process
I'm not sure and must be depending on the environment.
I put the read file stuff into an other file and recompiled both
I can't tell without the source code.
from meltdown-exploit.
As quick example, something like:
comment lines 163 to 167:
ret = pread(fd, buf, sizeof(buf), 0);
if (ret < 0) {
perror("pread");
break;
}
and in an other terminal run:
while [ 1 ]; do cat /proc/version > /dev/null; done
Maybe I miss understood the whole thing but in my opinion the code is accessing data for which it has permission anyways. Is it possible to output /proc/version without
fd = open("/proc/version", O_RDONLY);
in the same process?
So thanks for your test, but I don't get it at the moment.
from meltdown-exploit.
The kernel has the access to this memory, but not the userspace. But userspace can "read" it via cache accesses.
Try playing with processes affinities. Maybe try change the criteria of the success (I believe checking that hist[i] > 2 may be enough). Try enabling debug and show the results again.
from meltdown-exploit.
OK, I played with the thresholds
Now, even with reading /proc/version in a C loop and enabling DEBUG:
#ifdef DEBUG
for (i = 0; i < BITS_BY_READ; i++) {
if (hist[i] > 0)
printf("addr %lx hist[%x] = %d\n", addr, i, hist[i]);
}
#endif
There are only zeros.
Maybe, it is really some timing problem. Secondly I changed your original code, but while reading one bit, I load the file only once in buf, there are already random changes/mistakes in output.
So could be hard to exploit the bug in real world. Maybe it is also very cpu / architecture depending as you told.
Tried on "Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz"
(your given example is working fine)
from meltdown-exploit.
I updated the code, it now reads whole bytes and uses a different approach to see what is the value read (a histogram).
If you read the /proc/version
and run new code it from the same CPU it should work (use taskset
). Don't forget to disable the pread()
.
$ cat readversion.c
#include <unistd.h>
#include <fcntl.h>
int main()
{
char buf[256];
int fd;
fd = open("/proc/version", O_RDONLY);
while (1)
(void) pread(fd, buf, sizeof(buf), 0);
close(fd);
}
from meltdown-exploit.
@sebeka Please, next time just show the code by forking original and commiting in your fork. It is easy and it improves sociability. Git is a wonderful thing for this ability.
from meltdown-exploit.
Related Issues (20)
- root cause of the meltdown and spectre vulnerability HOT 8
- Not Vulnerable HOT 1
- Suggestion: add another standard location of System.map HOT 1
- Question regarding making and running on 32-bit CPU HOT 3
- Is there another way to fully cache the target memory without using pread()? HOT 1
- continue.... root cause... HOT 2
- Confusion about part of the assembly code. HOT 1
- Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
- Core(TM)2 Duo CPU T5800 @ 2.00GHz
- Meltdown as KASLR bypass
- Thank you! paboldin
- Intel(R) Celeron(R) M CPU 530 @ 1.73GHz VULNERABLE ON
- CPU
- Not Vulnerable
- i7-9750H
- what does the pread() function do
- Intel(R) Celeron(R) CPU N2830 @ 2.16GHz
- AMD Athlon(tm) Neo X2 Dual Core Processor L325
- Test on Windows ?
- 5.19.0-41-generic | Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from meltdown-exploit.