meltdown-exploit icon indicating copy to clipboard operation
meltdown-exploit copied to clipboard
verified publisher icon paboldin

Is there another way to fully cache the target memory without using pread()?

Open howardzhang87 opened this issue 7 years ago • 1 comments

In your code, you use pread() to cache the linux_proc_banner. I'm wondering if there is another way to do that? You mentioned that this could work with prefetch or sched_yield. I tried to replace the pread(fd, buf, sizeof(buf), 0) with _mm_prefetch((char*)addr, 0) and it doesn't work.

Can you show me the alternative way? Thanks!

howardzhang87 avatar Feb 01 '18 21:02 howardzhang87

It works with sched_yield. Take a look at the exploit IAIK: https://github.com/IAIK/meltdown Here I use a modified version to read arbitrary process memory: https://www.youtube.com/watch?v=De4rBaAdKNA

paboldin avatar Feb 14 '18 14:02 paboldin