From 8544adc05476d76e345e84b7f35b7fd4bf0742c5 Mon Sep 17 00:00:00 2001 From: Yuheng Yang Date: Wed, 7 Feb 2024 09:23:56 -0500 Subject: [PATCH] 2024 release --- .gitignore | 1 + Bonus-DeadDrop/.gitignore | 3 + {Part2-DeadDrop => Bonus-DeadDrop}/Makefile | 0 Bonus-DeadDrop/receiver.c | 29 ++++++ Bonus-DeadDrop/sender.c | 47 +++++++++ Bonus-DeadDrop/util.c | 102 ++++++++++++++++++++ {Part2-DeadDrop => Bonus-DeadDrop}/util.h | 0 Part1-Timing/.gitignore | 3 + Part1-Timing/Makefile | 9 +- Part1-Timing/main.c | 48 +++++---- Part1-Timing/reference | Bin 14312 -> 0 bytes Part1-Timing/run.py | 7 +- Part1-Timing/utility.h | 6 +- Part2-DeadDrop/receiver.c | 29 ------ Part2-DeadDrop/sender.c | 45 --------- Part2-DeadDrop/util.c | 102 -------------------- Part2-FlushReload/.gitignore | 3 + Part2-FlushReload/Makefile | 26 +++++ Part2-FlushReload/attacker.c | 24 +++++ Part2-FlushReload/gen_file.py | 11 +++ Part2-FlushReload/util.c | 98 +++++++++++++++++++ Part2-FlushReload/util.h | 31 ++++++ Part2-FlushReload/victim | Bin 0 -> 14472 bytes Part3-PrimeProbe/.gitignore | 2 + {Part3-CTF => Part3-PrimeProbe}/Makefile | 3 + {Part3-CTF => Part3-PrimeProbe}/attacker.c | 2 +- {Part3-CTF => Part3-PrimeProbe}/util.c | 0 {Part3-CTF => Part3-PrimeProbe}/util.h | 0 Part3-PrimeProbe/victim-16 | Bin 0 -> 14472 bytes {Part3-CTF => Part3-PrimeProbe}/victim-2 | Bin {Part3-CTF => Part3-PrimeProbe}/victim-3 | Bin {Part3-CTF => Part3-PrimeProbe}/victim-4 | Bin README.md | 2 +- report.md | 38 ++++++++ update.sh | 48 --------- 35 files changed, 463 insertions(+), 256 deletions(-) create mode 100644 .gitignore create mode 100644 Bonus-DeadDrop/.gitignore rename {Part2-DeadDrop => Bonus-DeadDrop}/Makefile (100%) create mode 100755 Bonus-DeadDrop/receiver.c create mode 100755 Bonus-DeadDrop/sender.c create mode 100755 Bonus-DeadDrop/util.c rename {Part2-DeadDrop => Bonus-DeadDrop}/util.h (100%) create mode 100644 Part1-Timing/.gitignore delete mode 100755 Part1-Timing/reference delete mode 100755 Part2-DeadDrop/receiver.c delete mode 100755 Part2-DeadDrop/sender.c delete mode 100755 Part2-DeadDrop/util.c create mode 100644 Part2-FlushReload/.gitignore create mode 100644 Part2-FlushReload/Makefile create mode 100644 Part2-FlushReload/attacker.c create mode 100644 Part2-FlushReload/gen_file.py create mode 100755 Part2-FlushReload/util.c create mode 100755 Part2-FlushReload/util.h create mode 100755 Part2-FlushReload/victim create mode 100644 Part3-PrimeProbe/.gitignore rename {Part3-CTF => Part3-PrimeProbe}/Makefile (89%) rename {Part3-CTF => Part3-PrimeProbe}/attacker.c (81%) rename {Part3-CTF => Part3-PrimeProbe}/util.c (100%) rename {Part3-CTF => Part3-PrimeProbe}/util.h (100%) create mode 100755 Part3-PrimeProbe/victim-16 rename {Part3-CTF => Part3-PrimeProbe}/victim-2 (100%) rename {Part3-CTF => Part3-PrimeProbe}/victim-3 (100%) rename {Part3-CTF => Part3-PrimeProbe}/victim-4 (100%) create mode 100644 report.md delete mode 100644 update.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ea050e9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +._* diff --git a/Bonus-DeadDrop/.gitignore b/Bonus-DeadDrop/.gitignore new file mode 100644 index 0000000..44c320d --- /dev/null +++ b/Bonus-DeadDrop/.gitignore @@ -0,0 +1,3 @@ +/*.o +/sender +/receiver diff --git a/Part2-DeadDrop/Makefile b/Bonus-DeadDrop/Makefile similarity index 100% rename from Part2-DeadDrop/Makefile rename to Bonus-DeadDrop/Makefile diff --git a/Bonus-DeadDrop/receiver.c b/Bonus-DeadDrop/receiver.c new file mode 100755 index 0000000..cf60232 --- /dev/null +++ b/Bonus-DeadDrop/receiver.c @@ -0,0 +1,29 @@ + +#include"util.h" +// mman library to be used for hugepage allocations (e.g. mmap or posix_memalign only) +#include + +int main(int argc, char **argv) +{ + // [Bonus] TODO: Put your covert channel setup code here + + printf("Please press enter.\n"); + + char text_buf[2]; + fgets(text_buf, sizeof(text_buf), stdin); + + printf("Receiver now listening.\n"); + + bool listening = true; + while (listening) { + + // [Bonus] TODO: Put your covert channel code here + + } + + printf("Receiver finished.\n"); + + return 0; +} + + diff --git a/Bonus-DeadDrop/sender.c b/Bonus-DeadDrop/sender.c new file mode 100755 index 0000000..ebbb973 --- /dev/null +++ b/Bonus-DeadDrop/sender.c @@ -0,0 +1,47 @@ + +#include"util.h" +// mman library to be used for hugepage allocations (e.g. mmap or posix_memalign only) +#include + +// [Bonus] TODO: define your own buffer size +#define BUFF_SIZE (1<<21) +//#define BUFF_SIZE TODO + +int main(int argc, char **argv) +{ + // Allocate a buffer using huge page + // See the handout for details about hugepage management + void *buf= mmap(NULL, BUFF_SIZE, PROT_READ | PROT_WRITE, MAP_POPULATE | + MAP_ANONYMOUS | MAP_PRIVATE | MAP_HUGETLB, -1, 0); + + if (buf == (void*) - 1) { + perror("mmap() error\n"); + exit(EXIT_FAILURE); + } + // The first access to a page triggers overhead associated with + // page allocation, TLB insertion, etc. + // Thus, we use a dummy write here to trigger page allocation + // so later access will not suffer from such overhead. + *((char *)buf) = 1; // dummy write to trigger page allocation + + + // [Bonus] TODO: + // Put your covert channel setup code here + + printf("Please type a message.\n"); + + bool sending = true; + while (sending) { + char text_buf[128]; + fgets(text_buf, sizeof(text_buf), stdin); + + // [Bonus] TODO: + // Put your covert channel code here + + } + + printf("Sender finished.\n"); + return 0; +} + + diff --git a/Bonus-DeadDrop/util.c b/Bonus-DeadDrop/util.c new file mode 100755 index 0000000..0c44ebb --- /dev/null +++ b/Bonus-DeadDrop/util.c @@ -0,0 +1,102 @@ + +#include "util.h" + +/* Measure the time it takes to access a block with virtual address addr. */ +CYCLES measure_one_block_access_time(ADDR_PTR addr) +{ + CYCLES cycles; + + asm volatile("mov %1, %%r8\n\t" + "lfence\n\t" + "rdtsc\n\t" + "mov %%eax, %%edi\n\t" + "mov (%%r8), %%r8\n\t" + "lfence\n\t" + "rdtsc\n\t" + "sub %%edi, %%eax\n\t" + : "=a"(cycles) /*output*/ + : "r"(addr) + : "r8", "edi"); + + return cycles; +} + +/* + * CLFlushes the given address. + * + * Note: clflush is provided to help you debug and should not be used in your + * final submission + */ +void clflush(ADDR_PTR addr) +{ + asm volatile ("clflush (%0)"::"r"(addr)); +} + +/* + * Converts a string to its binary representation. + */ +char *string_to_binary(char *s) +{ + if (s == NULL) + return 0; /* no input string */ + + size_t len = strlen(s); + + // Each char is one byte (8 bits) and + 1 at the end for null terminator + char *binary = malloc(len * 8 + 1); + binary[len] = '\0'; + + for (size_t i = 0; i < len; ++i) + { + char ch = s[i]; + for (int j = 7; j >= 0; --j) + { + if (ch & (1 << j)) + { + strcat(binary, "1"); + } + else + { + strcat(binary, "0"); + } + } + } + + return binary; +} + +/* + * Converts a binary string to its ASCII representation. + */ +char *binary_to_string(char *data) +{ + // Each char is 8 bits + size_t msg_len = strlen(data) / 8; + + // Add one for null terminator at the end + char *msg = malloc(msg_len + 1); + msg[msg_len] = '\0'; + + for (int i = 0; i < msg_len; i++) + { + char tmp[8]; + int k = 0; + + for (int j = i * 8; j < ((i + 1) * 8); j++) + { + tmp[k++] = data[j]; + } + + msg[i] = strtol(tmp, 0, 2); + } + + return msg; +} + +/* + * Converts a string to integer + */ +int string_to_int(char* s) +{ + return atoi(s); +} diff --git a/Part2-DeadDrop/util.h b/Bonus-DeadDrop/util.h similarity index 100% rename from Part2-DeadDrop/util.h rename to Bonus-DeadDrop/util.h diff --git a/Part1-Timing/.gitignore b/Part1-Timing/.gitignore new file mode 100644 index 0000000..578ca3c --- /dev/null +++ b/Part1-Timing/.gitignore @@ -0,0 +1,3 @@ +/main +/main-visual +/data \ No newline at end of file diff --git a/Part1-Timing/Makefile b/Part1-Timing/Makefile index 5bc5f7a..c38e3a6 100644 --- a/Part1-Timing/Makefile +++ b/Part1-Timing/Makefile @@ -1,16 +1,19 @@ include ../cpu.mk -all: main +all: main main-visual run: main @taskset -c $(SENDER_CPU) ./main -run-reference: reference - @taskset -c $(SENDER_CPU) ./reference +run-visual: main-visual + @taskset -c $(SENDER_CPU) ./main-visual main: main.c Makefile @gcc main.c -o main +main-visual: main.c Makefile + @gcc main.c -DVISUAL -o main-visual + .PHONY: clean clean: diff --git a/Part1-Timing/main.c b/Part1-Timing/main.c index 1b6fa97..84e4b4f 100644 --- a/Part1-Timing/main.c +++ b/Part1-Timing/main.c @@ -1,9 +1,17 @@ #include "utility.h" -// TODO: Uncomment the following lines and fill in the correct size -//#define L1_SIZE [TODO] -//#define L2_SIZE [TODO] -//#define L3_SIZE [TODO] +#ifndef VISUAL +#define PRINT_FUNC print_results_plaintext +#else +#define PRINT_FUNC print_results_for_visualization +#endif + +#define LINE_SIZE 64 +// [1.2] TODO: Uncomment the following lines and fill in the correct size +//#define L1_SIZE TODO +//#define L2_SIZE TODO +//#define L3_SIZE TODO +//#define BUFF_SIZE TODO int main (int ac, char **av) { @@ -15,14 +23,12 @@ int main (int ac, char **av) { uint64_t l3_latency[SAMPLES] = {0}; // A temporary variable we can use to load addresses - // The volatile keyword tells the compiler to not put this variable into a - // register- it should always try to load from memory/ cache. - volatile char tmp; + uint8_t tmp; - // Allocate a buffer of 64 Bytes - // the size of an unsigned integer (uint64_t) is 8 Bytes - // Therefore, we request 8 * 8 Bytes - uint64_t *target_buffer = (uint64_t *)malloc(8*sizeof(uint64_t)); + // Allocate a buffer of LINE_SIZE Bytes + // The volatile keyword tells the compiler to not put this variable into a + // register -- it should always try to be loaded from memory / cache. + volatile uint8_t *target_buffer = (uint8_t *)malloc(LINE_SIZE); if (NULL == target_buffer) { perror("Unable to malloc"); @@ -31,11 +37,12 @@ int main (int ac, char **av) { // [1.2] TODO: Uncomment the following line to allocate a buffer of a size // of your chosing. This will help you measure the latencies at L2 and L3. - //uint64_t *eviction_buffer = (uint64_t)malloc(TODO); + //volatile uint8_t *eviction_buffer = (uint8_t *)malloc(BUFF_SIZE); // Example: Measure L1 access latency, store results in l1_latency array for (int i=0; iY;W@H{vEG?b4xuoz~@o8rGErs+H6@iPIRIA2=6C zy8%URyL!RQ+St}f+sJ;Pb*wAd1gJx!q%G8COv9BrEgD73HYyxeMu5Ol2)%v2@7~vU zaniM#_-E3+==}Nqe(!zXkGr#99t^BsSKx3cTnd#N6ygR;42e%F%Bv&+@F_LQe0(la z7AkYW&k-_1?=t{eqjVHZN2in*0?BWm)aT>X(vFc^NJxI?EBmNHD2$5i2l*9|Lh|`o zdkHBOg^~5S`aD9dD0!&L_A^@js41xm!!K1k9d}5-JrdcESn?Z`euL7Fahw{2!pQlg zoY3`xjF*pV$q9v#Y^iKGt+f$d>>+L@Mh&sT$bMgjpG>v1`0v1J-ze)lUtW4-`x#|- zmF3Y$%c|<-(YA_cq^qyLqQ7QU#j0v=Z?|`a=yxfqr#W@gElo<`iWP4h*!;-i`uU3{ zzUSP(=(eGMe3jZwZJ>B$Lxt=){e<&zk>2RnL!b;9;fe4cI|J!CHn|45 zXBPYN^Vn0nW{b1%JaU>gv)QL0_u$GepMhXD`^O;n41(rL`-ap=h+bRk^3PJEp<7wLcVWk938ik?moy80A(95YvL4 zp-7j~9t(#R64FSoQf^vbU$-W>!dsoAR(Mw`!TQFAU|TpA-WuuE!m-ANHPP;_aAT+? zN+Gv)c6Z5;LBn)bL-eHpe-2!QIf^)=5Y-5h=W%HyvVdmL7Afmn7{Lxwpma!kUhlj< z2QM=ed*ym&`JGbk^ci}VGe2^pA*VS>^Oeh}MLv&(z^p~iu}D2`kzZ=DpR~wn{&U$U zt4K5#BV-Iy)t?DpC!ZO%69=x>auh2R}Y^nR1@Rs;p~m7{^1G@>RNGQuUf;FoC9v-E~> zh+ZeuL^|s@r|VFTU~nFpp?v*gq0B&e&kSYSP-dZQoS}RI%5-3ylJd{xXrsDUO_sh$ ztZ0b?4MO$DFmTm)BRfcn?04Z44~#qF_m5xlz{}553$q(VoC(rXoQY|1MpR3jGsPU| z77=FxaVBzcE){VmInLy?I2mi4pXK7r6>%mJXEGP($Q1Q!isMX8i<7m+xg!_n5Paf+ zDa4t|#n}#7>Lp{yXCE%g>l9ireYiHlPmbkZXDC-1N*c=}Gn8e9lE(7!8Oo17y4c~` zh4)QkxZZ$I{&4+N#JQN^s?EiDOvIT!T$@Fliy5x>F-?s2+%DowAFj(qoQoN*U*+Ps zMV#rw_40?g;kp%@?0N zfs>Abz^T=Nld(VSxPQMwyAmozWzV7AL=QA!jEnz7(bR#agKF~X%Sas~b)qmH$Y3I7 zE^+U^4~v$4Up*^mY&7ZYE1*-jpKRJJx08p?+=)9y;<^2_RV1Ds1hlCGbC#A<4cLRK zhSl`0AxK4)>0Jj+a@Zt~n`Fi$M@(|mB(o+tZjzHGsi5t$Hm6CJm}HqrdQ7t1Br8p_ z#w2|vN&CC3VuML;GRZqlvcn{MOtL>m26h;c0(&HiJEfWq?3MhW#C;NnB#N00yJ5*6 zmnh~DA8TGs?xMs!OR}7z+)z*-S>eF2rn7FL2n@2+ zDWqp<8%Z_{s>$z=i<*3zLLxFv0CL-o>0>l|pkcC2y{=fy6Rjxw^MC95OSn_w{^-Bm ze_MUx&;BMqo(+~BS|V=!6@<6?6Cc+nK3Ko(w0Ooj{BdE{4L^0)TbifpRlZ-ZPkgvO z@xj`}+kUJAtQwj{AD7tzOU<#0-Ha;JskMdB;o*<;GVt&-wu=_1{KHljf$hc#IdM& zo-^f`S3+|7&EJXoK2HX+%x;f((3Ab9w{^XTY+WVmTxB=A=iletq1?Fe`p;drl;k{51=1}eg!b+ z-)ZW92k~#9e-i!A=?kB5kOjp*MPlS{HoXVBDO?%k^&Mc&KM*f0c*Cf}1F;9Oe>kD* z8|j-DZew9Xfnj0veJyM<7>_ValsZ?*Hw)@qWsejFT%P2dI#>C_MXIZE_gvLg6Q9@M z^2J;=epjX6RbJ=vzz+6xE~ohY^I^o9L>#KhE_Md&4A>d4Ghk=H&VZc(I|FtG>WX{yDu{ z@brr<3VvP{Wy2f;`K(^0)YDIERDNrKI73ThndGmK$ROR6lsxCh?+__z!0&l{rt#BK zUM4GM`6k&gZuhXX<1>R?KciGD_~}CQ4|x@?_^Mg(&~Z8JQWMh&6PNGsYT+*^8k6>n>I zXJ@!eyHNHntf#ZJw3d0k?~?>0uS1T+>z?_`LD1Z1|NQg)^gW2R$mN<7eHN6}KPv+< zdUBQqk?&s(F<$w*xqhcy0E}Ee?-#r-IqVG}CvtVwR3-cK ze#FT84@^YK&)+SO(%NQ!UeAnN54WG~7&pV8_6p{CzhJC1s-4k(DOT - -int main(int argc, char **argv) -{ - // Put your covert channel setup code here - - printf("Please press enter.\n"); - - char text_buf[2]; - fgets(text_buf, sizeof(text_buf), stdin); - - printf("Receiver now listening.\n"); - - bool listening = true; - while (listening) { - - // Put your covert channel code here - - } - - printf("Receiver finished.\n"); - - return 0; -} - - diff --git a/Part2-DeadDrop/sender.c b/Part2-DeadDrop/sender.c deleted file mode 100755 index d196515..0000000 --- a/Part2-DeadDrop/sender.c +++ /dev/null @@ -1,45 +0,0 @@ - -#include"util.h" -// mman library to be used for hugepage allocations (e.g. mmap or posix_memalign only) -#include - -// TODO: define your own buffer size -#define BUFF_SIZE (1<<21) -//#define BUFF_SIZE [TODO] - -int main(int argc, char **argv) -{ - // Allocate a buffer using huge page - // See the handout for details about hugepage management - void *buf= mmap(NULL, BUFF_SIZE, PROT_READ | PROT_WRITE, MAP_POPULATE | MAP_ANONYMOUS | MAP_PRIVATE | MAP_HUGETLB, -1, 0); - - if (buf == (void*) - 1) { - perror("mmap() error\n"); - exit(EXIT_FAILURE); - } - // The first access to a page triggers overhead associated with - // page allocation, TLB insertion, etc. - // Thus, we use a dummy write here to trigger page allocation - // so later access will not suffer from such overhead. - //*((char *)buf) = 1; // dummy write to trigger page allocation - - - // TODO: - // Put your covert channel setup code here - - printf("Please type a message.\n"); - - bool sending = true; - while (sending) { - char text_buf[128]; - fgets(text_buf, sizeof(text_buf), stdin); - - // TODO: - // Put your covert channel code here - } - - printf("Sender finished.\n"); - return 0; -} - - diff --git a/Part2-DeadDrop/util.c b/Part2-DeadDrop/util.c deleted file mode 100755 index 56bbe0b..0000000 --- a/Part2-DeadDrop/util.c +++ /dev/null @@ -1,102 +0,0 @@ - -#include "util.h" - -/* Measure the time it takes to access a block with virtual address addr. */ -CYCLES measure_one_block_access_time(ADDR_PTR addr) -{ - CYCLES cycles; - - asm volatile("mov %1, %%r8\n\t" - "lfence\n\t" - "rdtsc\n\t" - "mov %%eax, %%edi\n\t" - "mov (%%r8), %%r8\n\t" - "lfence\n\t" - "rdtsc\n\t" - "sub %%edi, %%eax\n\t" - : "=a"(cycles) /*output*/ - : "r"(addr) - : "r8", "edi"); - - return cycles; -} - -/* - * CLFlushes the given address. - * - * Note: clflush is provided to help you debug and should not be used in your - * final submission - */ -void clflush(ADDR_PTR addr) -{ - asm volatile ("clflush (%0)"::"r"(addr)); -} - -/* - * Converts a string to its binary representation. - */ -char *string_to_binary(char *s) -{ - if (s == NULL) - return 0; /* no input string */ - - size_t len = strlen(s); - - // Each char is one byte (8 bits) and + 1 at the end for null terminator - char *binary = malloc(len * 8 + 1); - binary[len] = '\0'; - - for (size_t i = 0; i < len; ++i) - { - char ch = s[i]; - for (int j = 7; j >= 0; --j) - { - if (ch & (1 << j)) - { - strcat(binary, "1"); - } - else - { - strcat(binary, "0"); - } - } - } - - return binary; -} - -/* - * Converts a binary string to its ASCII representation. - */ -char *binary_to_string(char *data) -{ - // Each char is 8 bits - size_t msg_len = strlen(data) / 8; - - // Add one for null terminator at the end - char *msg = malloc(msg_len + 1); - msg[msg_len] = '\0'; - - for (int i = 0; i < msg_len; i++) - { - char tmp[8]; - int k = 0; - - for (int j = i * 8; j < ((i + 1) * 8); j++) - { - tmp[k++] = data[j]; - } - - msg[i] = strtol(tmp, 0, 2); - } - - return msg; -} - -/* - * Converts a string to integer - */ -int string_to_int(char* s) -{ - return atoi(s); -} diff --git a/Part2-FlushReload/.gitignore b/Part2-FlushReload/.gitignore new file mode 100644 index 0000000..4c6a43e --- /dev/null +++ b/Part2-FlushReload/.gitignore @@ -0,0 +1,3 @@ +/shared_file +/*.o +/attacker diff --git a/Part2-FlushReload/Makefile b/Part2-FlushReload/Makefile new file mode 100644 index 0000000..567b739 --- /dev/null +++ b/Part2-FlushReload/Makefile @@ -0,0 +1,26 @@ +include ../cpu.mk + +TARGETS=attacker +UTILS=util.o + +all: $(TARGETS) + +$(UTILS): %.o: %.c %.h + $(CC) $(CFLAGS) -c $< + +%.o: %.c util.h + $(CC) $(CFLAGS) -c $< + +$(TARGETS): %:%.o util.o + $(CC) $(CFLAGS) $^ -o $@ + +run_victim: + taskset -c $(SENDER_CPU) ./victim + +run_attacker: attacker + taskset -c $(RECEIVER_CPU) ./attacker + +.PHONY: clean + +clean: + $(RM) *.o $(HELPERS) $(TARGETS) diff --git a/Part2-FlushReload/attacker.c b/Part2-FlushReload/attacker.c new file mode 100644 index 0000000..e85b3a1 --- /dev/null +++ b/Part2-FlushReload/attacker.c @@ -0,0 +1,24 @@ +#include +#include +#include +#include +#include +#include +#include + +#include "util.h" + + +int main() { + int flag = -1; + + // buf is shared between the attacker and the victim + char *buf = allocate_shared_buffer(); + + // [2.1] TODO: Put your capture-the-flag code here + + printf("Flag: %d\n", flag); + + deallocate_shared_buffer(buf); + return 0; +} \ No newline at end of file diff --git a/Part2-FlushReload/gen_file.py b/Part2-FlushReload/gen_file.py new file mode 100644 index 0000000..fc87690 --- /dev/null +++ b/Part2-FlushReload/gen_file.py @@ -0,0 +1,11 @@ +from pathlib import Path + + +def main(): + out_path = Path("shared_file") + with out_path.open(mode="wb"): + out_path.write_bytes(bytearray([0] * 1024 * 128)) + + +if __name__ == '__main__': + main() diff --git a/Part2-FlushReload/util.c b/Part2-FlushReload/util.c new file mode 100755 index 0000000..616ee59 --- /dev/null +++ b/Part2-FlushReload/util.c @@ -0,0 +1,98 @@ +#include +#include +#include +#include +#include +#include +#include + +#include "util.h" + +/* Measure the time it takes to access a block with virtual address addr. */ +CYCLES measure_one_block_access_time(ADDR_PTR addr) +{ + CYCLES cycles; + + asm volatile("mov %1, %%r8\n\t" + "lfence\n\t" + "rdtsc\n\t" + "mov %%eax, %%edi\n\t" + "mov (%%r8), %%r8\n\t" + "lfence\n\t" + "rdtsc\n\t" + "sub %%edi, %%eax\n\t" + : "=a"(cycles) /*output*/ + : "r"(addr) + : "r8", "edi"); + + return cycles; +} + +/* + * CLFlushes the given address. + * + * Note: clflush is provided to help you debug and should not be used in your + * final submission + */ +void clflush(ADDR_PTR addr) +{ + asm volatile ("clflush (%0)"::"r"(addr)); +} + +int fd; +size_t file_size; + +char *allocate_shared_buffer() { + const char *filepath = "shared_file"; + + int fd = open(filepath, O_RDONLY, (mode_t)0600); + + if (fd == -1) + { + perror("Error opening file for writing, please run `python3 gen_file.py` to get the file for shared buf"); + exit(EXIT_FAILURE); + } + + struct stat fileInfo = {0}; + + if (fstat(fd, &fileInfo) == -1) + { + perror("Error getting the file size"); + exit(EXIT_FAILURE); + } + + if (fileInfo.st_size == 0) + { + fprintf(stderr, "Error: File is empty, nothing to do\n"); + exit(EXIT_FAILURE); + } + + if (fileInfo.st_size < SEC_RANGE * ALIGN) { + close(fd); + perror("File is too small\n"); + exit(EXIT_FAILURE); + } + + char *buf = mmap(0, fileInfo.st_size, PROT_READ, MAP_SHARED, fd, 0); + if (buf == MAP_FAILED) + { + close(fd); + perror("Error mmapping the file"); + exit(EXIT_FAILURE); + } + file_size = fileInfo.st_size; + return buf; +} + +void deallocate_shared_buffer(char *buf) { + // Don't forget to free the mmapped memory + if (munmap(buf, file_size) == -1) + { + close(fd); + perror("Error un-mmapping the file"); + exit(EXIT_FAILURE); + } + + // Un-mmaping doesn't close the file, so we still need to do that. + close(fd); +} diff --git a/Part2-FlushReload/util.h b/Part2-FlushReload/util.h new file mode 100755 index 0000000..a3217f3 --- /dev/null +++ b/Part2-FlushReload/util.h @@ -0,0 +1,31 @@ + +// You may only use fgets() to pull input from stdin +// You may use any print function to stdout to print +// out chat messages +#include + +// You may use memory allocators and helper functions +// (e.g., rand()). You may not use system(). +#include + +#include +#include +#include + +#ifndef UTIL_H_ +#define UTIL_H_ + +#define SEC_RANGE 1024 +#define ALIGN 128 + +#define ADDR_PTR uint64_t +#define CYCLES uint32_t + +CYCLES measure_one_block_access_time(ADDR_PTR addr); + +void clflush(ADDR_PTR addr); + +char *allocate_shared_buffer(); +void deallocate_shared_buffer(char *buf); + +#endif diff --git a/Part2-FlushReload/victim b/Part2-FlushReload/victim new file mode 100755 index 0000000000000000000000000000000000000000..737b9b7adf5930d3ec5b2dbdfe8fdfed48a96dac GIT binary patch literal 14472 zcmeHOe~c8>9e;bUaw5l`Em#DV(RvhwTR1ofVoncmVKCC13JoT;dvmvQw_Ep@yR&-O zB1f-SHp?Yv8f}~YgEp}>HA-WxKN|HeG@z|%j~XlfVR{-#cPrXsQM0wk^z)s0-(hZg zn>My-(saIL_WQn{@AvcGo9~68w&jU$BU6zfG3 zJ}(!Si3O}ro# zrR~+HEvFEy+3&Qc5E-IapN<}p_s81Jqug}0+VNc-Q}w9iO-ju?GKtqMdEJu7dXhQ> zVa@rZoY1vi=F_WJ5edTD%Zp2%SKnyU1Z!%8JjCKEmD+E*rHt;s~XFwi=%eqHOj_HaHEUTt-O`laBa z$7bu7cM4Q9N|;QeXc)9@u8(~4q@Ut{{Q4*11IND-*l>E|cl%fVXz!oQg9j*v`b`{) zA))&C5h0t(pT|WpRz3pzP!bJ*{G0>$&(8_gS9&WNV8 zL|SM@CL!`UEgciR$xL1snXH}`c_XIhaw3b5Oit(n2}AVVlS>#nY5=+S&S-D^&S;;O zNQ!JOkv957imLB}&k#l;r3-3@rpY?7_2zAxHb+;7*Q{}htHW!Za=TMn(=MXhc5IKL zX}v#@H}u?&?VFRCw7x^@Nm9%GsZ3h-J!*$e8%VPwfEhDW{tGxI8wp^x+9jGlGsQln zj@OB&9(V}TDJV)3D=bXlFUd^tkhJF|5=}H4ACdOYt@sAo?FXr0SfU9Q98mQ1>LGf|&R4Z?rra5BSv{9*6 zjypDOP^y(N$EJ-#wemB^rVT^2@~~smMxk1Hz_DqAP_689Y}y!9D|b0IZFH&?&9P~N zP_5kJ*t9XIRyH~|Z3wEBHpixoK(%tEW77tpTDh2Q-0fTVUJ_b-qp#iI!TjTaFE{MfUk%Zt$4;{KZvGxP#|nuSY29k!^)%1!XTMANDKMU>Rx z2fGnr5uc-7q*{FAjQUdvm#kXU;vb5~%JUIDRI}@PSk^W6DcAJ|O1O^^3{jyK+5XZB zs%q@{t5M~P)EatFlB{1ktcRJ^VVVK4cZuB|8e2e);oyCeal6CFFr#?X4&L}2Di<4z zqt8(*&(p_Cgp{8?izWie74+H)#!UkegHp$?5=g|+Iu4&)z< z{rQr>c#DY%wrso@nS5`Fos~cS4bR50^2<==+op*tMJ9_!k(it8{@JbFi)c8;CT6L< zu5}_AB3cV9br27?ul|BIUE(pL1C7aZ>ysqR5X{9^6+lXh#2WR!eLOD1Q_dg-N9)?Km03+dK>bZtp${Tq~)nDsg#uxQ40JJ138FNNm6 znC1cM%%o`^CL8)?GNH53Z=N>I3Fu(eH0fo{B4`Er*Jn(#6MFfFrrAy3c_92wC2;Sp zA~4V#STtu=;|P3&)63cc)VYKLZ=7YluA#4H?YIU%FwIHA=QeMdyWpnKMfWrgiW?Sg zxMt1OR}oD7ui{eCSBpp>gm42_C-4bq7HaDtuG4651%Z*d&G$EKZn~fs9fC>z$8miM z|0U3lfBSj=tANkI|0LZT^JhF7pa|lh!u2iWLW6ev4ZExg766(9-Vyj8b^EF8i=P2M z1AYel4EP!FGvH^y&w!tS|FI14xi3EFMO$Q&eYO&Fq~?QXP11gMzFoLf+I*gDk+f-V zPO{Keg3p!Few&2-ADuHZWFMw?t`K^)N-{1BeD>;u^jlwg;6H0c34u2Yme4+(M0U$I z@F{7cOP+7yvuIuNM(KM837_Sn^QI(<>>%T+EO5V1*kRW9E-G^SS4f=W@Up|YKQw1S zc<*J|HF;xrk;HzBiLWV^{i^i;RoZ+Xvikp+;&a;G3RlT5XPr`aN!=}VR_Z~iN2ER^ z^ zVB$<{0@0b6W@sX;$D@5YEu}}}G1SJET}M>QVFT%ZsN zi_6VFC?^*D3to?;=D%YIvBW$62Z6fzisZ4L zlss0R>c#gw{ARfhI+}@6d-;bvd`0qEPe>jsFaI$QU+|${so(be!C^kv_oRo<`vKOx zPvCfO{+^b69)F?8NU57Bxh~=HW9S7GD1`a-ewV}X-u8dv;m5DEBUvx~C+)wE@VU4+ zO}zi%-|cw&%Qow`!40|iyg%B76G0>#XItlO#@~m7o?ULA|BmzTu=w{@H2+AL$K&`z zV04Sj=lxOFN{YsQ%vR1P^I3lkkDD(#W#}qfb2}1s+Gm^AC#s9vS2}G^v*atb>3n)^ l`UxPlFTbFBlunN+{tmu4=dJ(% literal 0 HcmV?d00001 diff --git a/Part3-PrimeProbe/.gitignore b/Part3-PrimeProbe/.gitignore new file mode 100644 index 0000000..5723c0a --- /dev/null +++ b/Part3-PrimeProbe/.gitignore @@ -0,0 +1,2 @@ +/*.o +/attacker diff --git a/Part3-CTF/Makefile b/Part3-PrimeProbe/Makefile similarity index 89% rename from Part3-CTF/Makefile rename to Part3-PrimeProbe/Makefile index 39e47ad..1f51279 100644 --- a/Part3-CTF/Makefile +++ b/Part3-PrimeProbe/Makefile @@ -23,6 +23,9 @@ run_victim-3: run_victim-4: taskset -c $(SENDER_CPU) ./victim-4 +run_victim-16: + taskset -c $(SENDER_CPU) ./victim-16 + run_attacker: attacker taskset -c $(RECEIVER_CPU) ./attacker diff --git a/Part3-CTF/attacker.c b/Part3-PrimeProbe/attacker.c similarity index 81% rename from Part3-CTF/attacker.c rename to Part3-PrimeProbe/attacker.c index 7679cea..f90d437 100644 --- a/Part3-CTF/attacker.c +++ b/Part3-PrimeProbe/attacker.c @@ -5,7 +5,7 @@ int main(int argc, char const *argv[]) { int flag = -1; - // Put your capture-the-flag code here + // [3.2] TODO: Put your capture-the-flag code here printf("Flag: %d\n", flag); return 0; diff --git a/Part3-CTF/util.c b/Part3-PrimeProbe/util.c similarity index 100% rename from Part3-CTF/util.c rename to Part3-PrimeProbe/util.c diff --git a/Part3-CTF/util.h b/Part3-PrimeProbe/util.h similarity index 100% rename from Part3-CTF/util.h rename to Part3-PrimeProbe/util.h diff --git a/Part3-PrimeProbe/victim-16 b/Part3-PrimeProbe/victim-16 new file mode 100755 index 0000000000000000000000000000000000000000..e8f9310d3a8777077d37c8c944f7c25410294a4c GIT binary patch literal 14472 zcmeHOYit}>6~4R9!%dy+77}QZwpoRwP1<_wb)DcQHF4ssGe%8Gi!D?^*p9txdtqOi zolTue37c+Az1muGL;)lIr2HYMNDUQ52_n=c&lXWRKPnlaNG?jGHEF;sr3zp&oHO^F z>1414qLuhF$C~->d3^WWIXiQA#&h=@k;gmyKA&Kz5uX#Nh3=A;Hgc$8Y5=r}7O@=m z_lkSO63`b}HtBDZ0A49m{@byZ>@|SMyBizx;62g|8Km$C5s|l$WS2@0qX zn&8$#$Kl3C@S!lec>~0A<8Db4jF4uI=T|XGpzI5OU#^AV-gE1)BAD<$q zW4jJEjFI&?0xfAnyc~Z!g}9Jl|DTx0*$1}JJofEin=ih30sHy|?9YQe1e;shz%XC` zn-;J)EMPwd_7H4t`3xB5>)!`<9P7VHG}=3;Mf(zIEtz;OE}~I55qhIJL(`3DN=u|g zPS?^gk&WwmMi=qHgdwteB5m}ER7%SVBaw;=q~NKtRqT1Zb60z`Noi8H*zHG}MYOYP zZ!{Ly`c$e0b#Eku^Oqw!AW$3(tFmykh2Q}8;?TF`xUqm2+uY>%W z#2t7xeSvI0J@y?qef;9fQ~;izcwXS5jne$X_Hp`NsBM!(wzEF9L)!7T|qJM4H4 zvs4^*c|J?eti!&Hg8^?k?06lp949+Y|9lOi?}WpS*B8r4hu!*KAjc_(oxVye&$z?R z$Bd3k4m%XsmPv>GPTT4=yb5>~@G9U{z^i~)0j~o8{|fviaNpn6;(N7fdGT-I-dY_R zH~i+LT0B>K)*76-5WZ`gxar z#-+dR)WbJAOP9Z@mVU1mug>o4iiF3*Z>l4$55QrYtG)%1@AoNzbw^>)P{5Ja(_m3Y z7Qcq@=uKl4l=c9&p|p3H(}8sbj5|vR@g*yM%kv1EZ>gnOb>fdZ)QOuls_%k&`IfN~ zI*3pQwdQo6b==Iy`WIT!E%Fa_tHsv!*i=i`j5@X4dOs+Y)3;2s5`$u1SbQ(&zWu

kEs-&+&x$B|gx-fu71zI0CgaGys0Jcm~1DuZ9x0FUKw}RvrNV8+Z~{ z>M^oxMP3j-YN@3Q5WGPKpR#&9|4(38t=~Zlx;O_=F=6+;i9dYGH@VS-A#9#34Po8N z*52ym20U{>M%hUL!qxJ(aXjS_3{*#kvH+#GaZsFf?#@>iSz)E$f=JuR`p>6R!eZ1-uG)74RzHRluu&R{^gAUIn}g ze6$MSdm?;swP|z6dZV>W^yK?OS}dk-3vJ9U6CFvdA6hYd2jg2?v%LinAJ5gJD;sBh#hOTJ^085>-8P-zXID7#PPc>3`e^G z+a%btXduB{FT!>gjBh{MA}fO5^tUfx;_reH!FmKR;c+|xegz*X*$+)myb5>~@G9U{ zz^i~)0j~mH1-uG)74RzXu~dK-Df0R{eDpxUHGC*_66^(i@G{Gimp&_c9IcFX36dfPD zd$V+|J3NkB`Y*`;H`4hysQZr%czw6K!$x|jZ6n-A_zYo|us}FU=AZe(PkZ~e z(5CL5eA>u|!eOOZX{-y zdIpxr8V4Pwo_qq9Qzv3%+PSN<-q8Am6+WQl280qjn9dzcNi=lnIS|)#iA?%7B?>-0 zp45;)t!&c3QNU_k1)55Kh8nqeuTYHmAgHjWHv!R^m}Y1~i4R2kbS)K+4#c20)?^=1 zP1iLTIx@HoskBrAI+OICTuvyxnN%vC#(y(>WWnnP&po~_+`o(9>y;DndCEFY19*)v zf1&mN9M9JU>-fJHC*S=$0Q`T9Qx-WDXg>;@lm8-JD2yRjyqmuV{2#zI#^dLCh>`R2 zJmen#lfcIsGN0!u#uh3VjuD&8=lSAku;GxI&+{H5&vOuBiM#$9SaA+vKF=GBJpc0e zIgT+6e4LY5=Xr^-QKq$O>>NLt#UW^5O_^`claz3r0y)3?_+KFYE{fxMm+^#yk2Q1i zas54xi~F}1p3{89-$&GqHCApT;{W8F{1EXN3mD`Op5_?83qB|RI5`+Oj=Nx;@wkhB zk{pa#CK57_@kcH`|9*q-yWo{9l8|$sY*GP{vC(Q#SbgVe>oCSOFVz>% literal 0 HcmV?d00001 diff --git a/Part3-CTF/victim-2 b/Part3-PrimeProbe/victim-2 similarity index 100% rename from Part3-CTF/victim-2 rename to Part3-PrimeProbe/victim-2 diff --git a/Part3-CTF/victim-3 b/Part3-PrimeProbe/victim-3 similarity index 100% rename from Part3-CTF/victim-3 rename to Part3-PrimeProbe/victim-3 diff --git a/Part3-CTF/victim-4 b/Part3-PrimeProbe/victim-4 similarity index 100% rename from Part3-CTF/victim-4 rename to Part3-PrimeProbe/victim-4 diff --git a/README.md b/README.md index c368efa..2f20c53 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,6 @@ This repository contains all the starting code you will need for the lab. ## Starting the Lab -As stated on the lab handout, you must first change the `SENDER_CPU` and `RECEIVER_CPU` variables in the Makefile to your assigned CPUs. These will be emailed to you along with your lab machine password when the lab is released. **Double check that you have set these values correctly.** +As stated on the lab handout, you must first change the `SENDER_CPU` and `RECEIVER_CPU` variables in the `cpu.mk` to your assigned CPUs. **Double check that you have set these values correctly.** After completing these steps, you are now ready to start the lab. Good luck! diff --git a/report.md b/report.md new file mode 100644 index 0000000..422e468 --- /dev/null +++ b/report.md @@ -0,0 +1,38 @@ +## 1-1 + +**Fill in the blanks in the following table using the information you gathered about the cache configuration of the lab machine.** + +| Cache | Cache Line Size | Total Size | Associativity | Number of Sets | Raw Latency | +| ----- | --------------- | ---------- | ------------- | -------------- | ----------- | +| L1-D | 64 | | | | | +| L2 | | | | | | +| L3 | | | | | | + +## 1-3 + +**After completing your code, generate the histogram pdf file and include it in the lab report.** + + + +## 1-4 + +**Based on the generated histogram, report two thresholds, one to distinguish between L2 and L3 latency and the other to distinguish between L3 and DRAM latency.** + +L2-L3 threshold: + +L3-DRAM threshold: + +## 2-2 + +**If the victim want to read the kth byte of a file, where k is a secret, how can he/she avoid leaking the secret to the attacker?** + +## 3-1 + +**Given a 64-bit virtual address, fill in the table below.** + +| Page Size | 4KB | 2MB | +| ------------------------------------- | ------- | ------- | +| Page Offset Bits | | | +| Page Number Bits | | | +| L2 Set Index Bits | | | +| L2 Set Index Bits Fully Under Control | | | diff --git a/update.sh b/update.sh deleted file mode 100644 index c5fe63d..0000000 --- a/update.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Updates repository to latest starter code -# -# Adapted from Oliver Beckstein's ASU-CompMethodsPhysics-PHY494 course 2016-2020 placed into the public domain - -# With GitHub template repositories one needs to use --allow-unrelated-histories -# at least once. https://help.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-from-a-template - -progname="$0" -REMOTE_NAME="startercode" -REMOTE_URL="https://github.com/CSAIL-Arch-Sec/SHD-CacheAttackLab.git" - -# progname, from top dir -UPDATESH="./deploy/$(basename $progname)" - -CONTACT_MESSAGE="Contact the instructor and TA with a screen shot of ALL output from running $0." - -function die () { - local msg="$1" err=${2:-1} - echo "ERROR: ${msg}." - exit $err -} - -# ensure everything relative to top dir -topdir="$(git rev-parse --show-toplevel)" || die "Failed to get rootdir" -cd "${topdir}" || die "Failed to get to the git root dir ${rootdir}" - - -# first time -# 1. set remote repo -# 2. merge histories between student (template) and remote skeleton - -if ! git remote get-url ${REMOTE_NAME} >/dev/null 2>&1; then - echo "Adding remote repository '${REMOTE_NAME}'." - git remote add ${REMOTE_NAME} ${REMOTE_URL} - - echo "Merging histories for the first time..." - set -x - git pull --allow-unrelated-histories -s recursive -X theirs --no-edit ${REMOTE_NAME} main || \ - { git rev-list -1 MERGE_HEAD >/dev/null 2>&1 && git merge --abort ; \ - git remote rm ${REMOTE_NAME}; \ - die "Failed to merge histories. ${CONTACT_MESSAGE}" $?; } - - set +x -fi - -echo "updating repository... git pull from ${REMOTE_NAME}" -git pull --no-edit ${REMOTE_NAME} main || die "Failed to pull from ${REMOTE_NAME}. ${CONTACT_MESSAGE}"