? for help,
p for next and previous slide)
Before you explore the interesting facts about the Meltdown securtiy vulnerability, you should aquire a basic knowledge about the topics listed below
Page Table with User Space and Kernel Space
by Jonas Jostmann under CC BY-SA 4.0;
Please answer the following question:
Why are Page Tables devided into entries for User Space and Kernel Space?
What is our goal?
How do we do that?
What do we need?
Reserved address space for a ProbeArray
ProbeArray by Jonas Jostmann under CC BY-SA 4.0;
Iteration over ProbeArray and measure time needed for reading blocks
Meltdown - Read privileged address space by Jonas Jostmann under CC BY-SA 4.0;
Assembler Code of the Meltdown Attack:
;rcx = kernel address ;rbx = probe array retry: mov al, byte [rcx] shl rax, 0xc jz retry mov rbx, qword [rbx + rax]
Further information about assembler codes, see http://ref.x86asm.net/coder32.html
mov al, byte [rcx]
shl rax, 0xc
mov rbx, qword [rbx + rax]
Please answer the following questions:
Why has the ProbeArray 256 blocks?
Why is the read value multiplied with 4096?
Except where otherwise noted, this work, “Meltdown”, is © 2017, 2018 by Jonas Jostmann, published under the Creative Commons license CC BY-SA 4.0.
In particular, trademark rights are not licensed under this license. Thus, rights concerning third party logos (e.g., on the title slide) and other (trade-) marks (e.g., “Creative Commons” itself) remain with their respective holders.