Hi Robin, This may be helpful: http://www.lowepower.com/jason/visualizing-spectre-with-gem5.html
For `warn: instruction 'palignr_Vdq_Wdq_Ib' unimplemented`, this is an AVX (or SSE) instruction that gem5 doesn't implement. Overall, I'm not sure if gem5 is vulnerable to meltdown. I think that the instruction is squashed when the TLB detects a page table fault and it does not proceed to memory. You can check the O3 code to be sure, though. Cheers, Jason On Thu, Jul 20, 2023 at 2:52 AM reverent.green--- via gem5-users < gem5-users@gem5.org> wrote: > Hello everyone, > > I am currently working on a meltdown simulation & analysis using the fs.py > script. Using se.py is not possible, because there is no kernel space > mapping. > As for the meltdown test code, I'm using this repo: > https://github.com/IAIK/meltdown > > After playing a bit with the multiple parameter options, my current > command line call is: > "./build/X86/gem5.opt configs/example/fs.py --cpu-type=X86O3CPU > --bp-type=LTAGE --caches --l2cache -n 8 --kernel=fs_stuff/vmlinux-5.4.49 > --disk-image=fs_stuff/x86-ubuntu.img --script=fs_stuff/test" > > As you can see here, I am using the X86O3CPU and the branch predictor > LTAGE (mainly because spectre only works using LTAGE). In theory, this > should work and the test binary is executed in the simulation, but > unfortunately the simulation either stops right before the leak or during > the leakage (not at an exact point everytime, sometimes 1 char, sometimes 4 > chars). The simulation does not abort by itself but looks like it's stuck > somewhere. I waited for over one hour, but there was no extra char leaked. > First I thought something is missing to even leak anything here, but after > some tries do in fact leak some parts of the secret before stopping, there > should be another problem. > > When the meltdown code is executed, the console log is spammed with "warn: > instruction 'palignr_Vdq_Wdq_Ib' unimplemented"". At first I thought this > could be the missing piece, but even with these warnings, some parts of the > secret were leaked in some tries. > My first goal is to get the complete leak in the result including a normal > exit of the gem5 simulation. > > Does anyone here have an idea or experience at this topic? It would be > very helpful to discuss possible problems and solutions. > > Thank you very much in advance. > > Kind regards > Robin > _______________________________________________ > gem5-users mailing list -- gem5-users@gem5.org > To unsubscribe send an email to gem5-users-le...@gem5.org >
_______________________________________________ gem5-users mailing list -- gem5-users@gem5.org To unsubscribe send an email to gem5-users-le...@gem5.org
