Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Meltdown and Spectre Labs #55

Open
kevin-w-du opened this issue Feb 15, 2021 · 1 comment
Open

Meltdown and Spectre Labs #55

kevin-w-du opened this issue Feb 15, 2021 · 1 comment

Comments

@kevin-w-du
Copy link
Member

We have not ported the Meltdown and Spectre Labs to Ubuntu 20.04. Our initial attempts failed, but we have not invested much time to figure out why. The issues were placed on the back burner. Recently, I got a message from a professor from University of Connecticut, who shed some light on the problem. I am posting his email here, hoping somebody can further look into this:

-------------------- email from the professor -----------------
I tested Spectre Attacks on Ubuntu 20.04 VM. Initially, SpectreAttack and SpectreAttackImproved did not work while the program retreiving the long string worked (a sort). Later I found that if printf() is called before the attack, all programs, including SpectreAttack and SpectreAttackImproved, work very well.

For example, I added printf() in SpectreAttack.c.

  printf("here\n");
  spectreAttack(larger_x);

Without the printf, I cannot get 83. With printf, the chance of seeing 83 is pretty high.

I have only tested the workaround in 20.04 VM on two computers. Probably some other system calls can make it work, too.

I also tested the lab in WSL. Since we are not really dealing with kernel data in this lab, it works in WSL, too.

Hope the information could be helpful to migrate the lab to Ubuntu 20.04 officially.
@kevin-w-du
Copy link
Member Author

kevin-w-du commented Mar 18, 2021
edited

Update on Ubuntu 20.04: I have confirmed on Ubuntu 20.04 that by adding printf("something\n") before calling spectreAttack(larger_x) (in both SpectreAttack.c and SpectreAttackImproved.c), the Spectre attack will be successful. Not sure why. I guess this is a race condition problem, so the timing matters. That extra printf statement might have got the timing correct. On Ubuntu 16.04, there is no need for this extra printf statement. The conclusion is, the Spectre lab can be used on Ubuntu 20.04 without a problem.

For Meltdown attack, everything up to Task 6 will still work on Ubuntu 20.04. However, the actual attack (Task 7 and Task 8) still do not work on Ubuntu 20.04. Meltdown could be mitigated by modifying the OS, and I suspect that is exactly what has been done by the Ubuntu 20.04 OS. In my class, I am asking students to use Ubuntu 20.04. Even though they won't be able to get the final attack to work, they will get the idea from Tasks 1 to 6. This way, students do not need to switch the VM just for this lab.

This week, I am doing a test in my class with 80 students. If everything works fine, I will update the lab description to officially port these two labs to Ubuntu 20.04.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kevin-w-du