Hi Jason, Thanks for your reply. The suggested pointers are very useful!
I tried the new patches and played with the example config files. It worked in SE mode using the two_level.py config in your tutorial (not working with default se.py). In FS mode, the code doesn't work well using default fs.py, only several characters can be revealed. I guess the configs need to be modified to make the attack happen. I'm learning these configurations and will update what I find. One observation is that in FS mode the code is less likely to work with new Linux kernel (e.g. 4.8.13 in my experiment). I use 3.2.1 instead and some of the characters can be revealed. Li On Thu, Mar 22, 2018 at 4:16 PM, Jason Lowe-Power <[email protected]> wrote: > Hi Li, > > This patch (https://gem5-review.googlesource.com/c/public/gem5/+/9042/ > <https://gem5-review.googlesource.com/c/public/gem5/+/9042/3>) and a few > after it should solve the problem. > > Interestingly, the reason I found this issue was for exactly the same > reason that you did. I was trying to run the spectre code. I got it > "working" perfectly in gem5. Here's a couple of pointers: > > 1) Make sure to use the O3 CPU > 2) If your branch predictor is better, it's more likely to be vulnerable to > spectre. Using TAGE makes it happen much faster than the default Tournament > predictor. > 3) Make sure to compile spectre *without* -O3. GCC's optimizations make is > less likely to happen. Also, older GCCs seem to work "better" as well. > > Finally, I have a tag in my gem5 repo for which all of the code is already > set up. See https://github.com/jlpresearch/gem5/tree/spectre-test. Some > documentation here: > https://github.com/jlpresearch/gem5/blob/spectre-test/spectre.rst > > Now that I've written this, I realize I should write up a blog post. I'll > do that soon. > > One last note: The code above will accomplish what you want, but you should > make sure to fully understand everything that's going on and *why*. > > Cheers, > Jason > > > On Thu, Mar 22, 2018 at 12:01 PM Li Zhou <[email protected]> wrote: > > > Hi all (specifically Gabe and Jason), > > > > > > I'm trying to use gem5 to reproduce the results of Spectre code ( > > https://github.com/crozone/SpectrePoC) in FS mode. It uses RDTSC/RDTSCP > to > > measure the timing of a load operation. I have exactly the same issue > with > > one previous post, the gem5 simply returns a fixed number for all the > > loads. > > > > > > I noticed that two patches were recently updated which implemented > > serialized RDTSC and RDTSCP (I assume RDTSCP wouldn't work correctly > since > > the behavior of TSC_AUX hasn't been well defined, but RDTSC should > work?). > > However, in my experiments, it still returns a fixed number for all loads > > for both RDTSC and RDTSCP. I also tried Jason's method, added a flag in > > decoder-ns.cc.inc and it didn't work (I may do it wrong. What I did was > add > > the line of code/recompile/run with a script). > > > > I would like to know if I want RDTSC or RDTSCP work as expected what > > changes should I make to the gem5 code? Before I found the related post, > > I'm thinking to replace RDTSC/RDTSCP with curTick() inside the testing > > code, > > but also I didn't figure out how to do this and not sure if this would > > work. I'm new to gem5 so sorry if some questions don't make sense. > > > > -Li > > > > I newly joined the mailing list, so was not able to reply to the previous > > posts. > > > > FYI. The related post is: > > https://www.mail-archive.com/[email protected]/msg24602.html > > > > The related patches are: > > https://www.mail-archive.com/[email protected]/msg24671.html > > https://www.mail-archive.com/[email protected]/msg24670.html > > https://www.mail-archive.com/[email protected]/msg24668.html > > _______________________________________________ > > gem5-dev mailing list > > [email protected] > > http://m5sim.org/mailman/listinfo/gem5-dev > _______________________________________________ > gem5-dev mailing list > [email protected] > http://m5sim.org/mailman/listinfo/gem5-dev _______________________________________________ gem5-dev mailing list [email protected] http://m5sim.org/mailman/listinfo/gem5-dev
