raphaelsc / Am-I-affected-by-Meltdown

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
https://meltdownattack.com/
BSD 2-Clause "Simplified" License
542 stars 71 forks source link

Illegal hardware instruction #18

Open IsaacJT opened 6 years ago

IsaacJT commented 6 years ago

Hello,

I get an "illegal hardware instruction" when running this on Debian 8.

Linux *snip* 4.9.0-0.bpo.5-amd64 #1 SMP Debian 4.9.65-3+deb9u2~bpo8+1 (2017-01-05) x86_64 GNU/Linux

Strace output:

$ strace ./meltdown-checker
execve("./meltdown-checker", ["./meltdown-checker"], [/* 24 vars */]) = 0
brk(0)                                  = 0x159f000
brk(0x15a0200)                          = 0x15a0200
arch_prctl(ARCH_SET_FS, 0x159f8c0)      = 0
uname({sys="Linux", node="graveyard", ...}) = 0
readlink("/proc/self/exe", "/home/*snip*/meltdown-checke"..., 4096) = 33
brk(0x15c1200)                          = 0x15c1200
brk(0x15c2000)                          = 0x15c2000
--- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPN, si_addr=0x459778} ---
+++ killed by SIGILL +++
zsh: illegal hardware instruction  strace ./meltdown-checker

Gdb:

Starting program: /home/*snip*/meltdown-checker 

Program received signal SIGILL, Illegal instruction.
0x0000000000459778 in std::ctype<wchar_t>::_M_initialize_ctype() ()
(gdb) bt
#0  0x0000000000459778 in std::ctype<wchar_t>::_M_initialize_ctype() ()
#1  0x0000000000424cee in std::locale::_Impl::_Impl(unsigned long) ()
#2  0x0000000000425654 in std::locale::_S_initialize_once() ()
#3  0x0000000000425756 in std::locale::locale() ()
#4  0x0000000000420741 in std::ios_base::Init::Init() ()
#5  0x00000000004197ba in __static_initialization_and_destruction_0(int, int) ()
#6  0x0000000000419825 in _GLOBAL__sub_I_meltdown_checker.cc ()
#7  0x00000000004fa7ec in __libc_csu_init ()
#8  0x00000000004fa00d in __libc_start_main ()
#9  0x000000000041837a in _start ()
IsaacJT commented 6 years ago

More info:

Compiled on Gentoo with "-static" added to the CFLAGS.

gcc --v:

Using built-in specs.
COLLECT_GCC=/usr/x86_64-pc-linux-gnu/gcc-bin/7.2.0/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/7.2.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /var/tmp/portage/sys-devel/gcc-7.2.0/work/gcc-7.2.0/configure --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/7.2.0 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/7.2.0/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/7.2.0 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/7.2.0/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/7.2.0/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/7.2.0/include/g++-v7 --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/7.2.0/python --enable-languages=c,c++,fortran --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 7.2.0 p1.1' --enable-esp --enable-libstdcxx-time --disable-libstdcxx-pch --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --disable-multilib --with-multilib-list=m64 --disable-altivec --disable-fixed-point --enable-targets=all --disable-libgcj --enable-libgomp --disable-libmudflap --disable-libssp --disable-libcilkrts --disable-libmpx --enable-vtable-verify --enable-libvtv --enable-lto --without-isl --disable-libsanitizer --enable-default-pie --enable-default-ssp
Thread model: posix
gcc version 7.2.0 (Gentoo Hardened 7.2.0 p1.1) 

It runs fine on the Gentoo machine.

file meltdown-checker:

meltdown-checker: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, for GNU/Linux 3.2.0, not stripped
raphaelsc commented 6 years ago

thanks for the detailed report @IsaacJT. I'll work on that ASAP