Unable to compile on Debian 9.3, i686 (as in 32 bit) - Githubissues

raphaelsc / Am-I-affected-by-Meltdown

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

https://meltdownattack.com/

BSD 2-Clause "Simplified" License

542 stars 71 forks source link

Unable to compile on Debian 9.3, i686 (as in 32 bit) #19

Closed seefood closed 6 years ago

seefood commented 6 years ago

# make
g++ -I. --std=c++11 -O0 --no-pie -fPIC -mrtm -DHAS_COMPILER_RTM_SUPPORT -c -o meltdown_checker.o meltdown_checker.cc 
meltdown_checker.cc: In function ‘void transaction_trap_mitigation(int, siginfo_t*, void*)’:
meltdown_checker.cc:82:32: error: ‘REG_RIP’ was not declared in this scope
     context->uc_mcontext.gregs[REG_RIP] = (uintptr_t)__speculative_byte_load_exit;
                                ^~~~~~~
meltdown_checker.cc: In function ‘bool validate_syscall_table_entry(const void*, const std::unordered_map<unsigned int, std::__cxx11::basic_string<char> >&)’:
meltdown_checker.cc:165:57: error: invalid cast from type ‘uint64_t {aka long long unsigned int}’ to type ‘uintptr_t {aka unsigned int}’
     uintptr_t ptr = reinterpret_cast<uintptr_t>(entry[0]);
                                                         ^
Makefile:12: recipe for target 'meltdown_checker.o' failed

gcc version 6.3.0 20170516 (Debian 6.3.0-18), Debian 9.3

raphaelsc commented 6 years ago

oops. thanks for pointing it out @seefood

seefood commented 6 years ago

:bowing_man:

seefood commented 6 years ago

Only problem now: I already upgraded the kernel on that machine, now I'm not sure if that CPU was vulnerable (it's not in the lists I've searched, it's an 11 YO model of Xeon) or if I should turn off the protection. hmm!

raphaelsc commented 6 years ago

If you want to confirm it without compromising security, reboot with pti disabled and run the test offline. Good luck!

seefood commented 6 years ago

yeah, the point is I didn't want to reboot it too much... it's an old server but people still rely on it... oddly enough, it's a Debian kernel that's supposed to include the KPTI patch but /boot/config-4.9.0-5-686-pae has no CONFIG_PAGE_TABLE_ISOLATION

weirder and weirder. for now I'll assume that old machine has no kernel patch but no CPU vulnerability either. I'll try to find some answers on IRC or something. Also, I'm no able to build the sources they offer in the original whitepaper on any machine and my C is rusty. Hmm :)

seefood commented 6 years ago

the IRC people said the 32 bit kernel isn't patched because meltdown only affects CPUs working in 64bit mode. I'll go read more on that. sounds weird to me.