我听说了Meltdown漏洞并阅读了论文,由于我不是母语人士,这有点困难,但我决定制作一个小的概念证明 c++ 程序,如下所示,我想知道原因代码不起作用。我已经在 AMD FX 8350 八核和 Intel I3 处理器上对其进行了测试
/*In this code I wanted to make a PoC for the Meltdown flaw (https://meltdownattack.com/)*/
#include "stdafx.h"
#include <stdlib.h>
#include <iostream>
#include <chrono>
int secretvar = 15; //This is our "unreadable" var wich we "cannot" read but we will have the value exposed via cache attack
int x = rand() % 100; //Used later, importent that it's random
int main()
{
int arr[1000]; //We setup our array
for (int i = 0; i < 100; ++i) { //Fill it with random values
arr[i] = rand() % 10 + 1;
};
if (x == 4) { //Here I want to trigger the Out-of-Order execution so that the cpu executes the code below th if case
int c = arr[secretvar]; //before it really checks if x is actually 4. And with this, the CPU would put the cached variable "c" into
//its cache.
};
/*At this point we dont know th value of secretvar but we know that the CPU has cached some index with the
exact value of secretvar.Therefore we can now iterate over the array and how long it takes the cpu to acess the
diffrent array indexes.The cpu will be faster at acessing one specific element because it is taken from cache
and not from the memory.This index is the value of secretvar.*/
double lowest_val = 500;
int lowest_index = 0;
for (int i = 0; i < 100; i++) {
auto start = std::chrono::high_resolution_clock::now(); //start timer
arr[i]; //acess array
auto finish = std::chrono::high_resolution_clock::now();//end timer
std::chrono::duration<double> elapsed = finish - start;//calculate needed time
double e = elapsed.count();
if (e < lowest_val) {
lowest_val = e;
lowest_index = i;
}
std::cout << i << " : " << e << " s\n"; //show it to the screen
}
std::cout << lowest_index << "Was acessed fastest "<< " with a time of "<< lowest_val << "ms" << std::endl;
system("pause");
return 0;
}