2022-01-27 15:36:02 +01:00
# Makefile - CVE-2017-5753 user-to-user sucess rate measurement
2022-01-24 13:58:18 +01:00
#
# Copyright (c) 2022 Samuel AUBERTIN
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
2022-04-12 11:21:57 +02:00
.PHONY : clean dockerclean dockerprune build dockerbuild upload findfalses docker run dockerrun dockerupload help poc
.DEFAULT_GOAL := help
2022-01-23 19:37:24 +01:00
.SILENT :
2022-01-22 15:04:17 +01:00
2022-04-07 11:45:36 +02:00
MAKEFLAGS := -j4
2022-01-29 13:28:10 +01:00
i f e q ( $( shell uname ) , O p e n B S D )
2022-03-01 13:11:25 +01:00
GCC :=
2022-04-12 11:21:57 +02:00
DEPENDENCIES := clang ./uuid
2022-02-24 12:00:22 +01:00
i f n d e f M K U U I D
2022-03-01 13:11:25 +01:00
MKUUID != $( shell stat uuid > /dev/null 2>& 1 || ( make -C uuid_obsd && ln -s uuid_obsd/uuid uuid) )
2022-02-24 12:00:22 +01:00
e n d i f
2022-01-29 13:28:10 +01:00
e l s e
2022-02-24 12:00:22 +01:00
GCC := gcc
2022-04-12 11:21:57 +02:00
DEPENDENCIES := $( GCC) clang uuid lld
2022-02-24 12:00:22 +01:00
LDFLAGS += -fuse-ld= lld
2022-01-29 13:28:10 +01:00
e n d i f
2022-03-01 13:11:25 +01:00
i f d e f M K U U I D
2022-04-12 11:21:57 +02:00
EXECUTABLES = $( DEPENDENCIES)
XXXX := $( foreach exec,$( EXECUTABLES) , $( if $( shell which $( exec ) 2> /dev/null) ,X,$( error " No ' $( exec ) ' in PATH, please install it and restart octopus !\nThe full dependencies are : $( DEPENDENCIES) " ) ) )
2022-03-01 13:11:25 +01:00
e n d i f
2022-01-22 15:04:17 +01:00
2022-01-23 19:37:24 +01:00
### Generic flags
2022-01-27 15:36:02 +01:00
SRCS = spectre_v1 spectre_v2
2022-04-07 11:45:36 +02:00
CFLAGS += -march= native
2022-01-22 15:04:17 +01:00
CFLAGS += -W
CFLAGS += -Wall
2022-01-27 15:36:02 +01:00
CFLAGS += -Werror -Wextra
2022-01-22 15:04:17 +01:00
CFLAGS += -Wno-unused-parameter
CFLAGS += -Wno-missing-field-initializers
2022-04-07 11:45:36 +02:00
# Multiples optimization levels break when inlining victim_function for spectre v2
CFLAGS += -fno-inline-functions
# Debug symbols
#CFLAGS+= -g
2022-04-05 12:45:31 +02:00
2022-01-23 19:37:24 +01:00
### Octopus flags
2022-01-29 13:28:10 +01:00
CCS = clang $( GCC)
2022-01-28 09:53:12 +01:00
OPTIMIZATIONS = 0 1 2 3 fast s
2022-03-01 13:11:25 +01:00
UUID := $( shell uuid 2> /dev/null || uuidgen 2> /dev/null || ./uuid)
2022-01-27 15:36:02 +01:00
RESULTS_FILE := results-$( UUID) .json
2022-01-23 19:37:24 +01:00
SSH_KEY = octoupload
2022-04-07 11:47:17 +02:00
TIMES = 3
2022-01-28 16:33:17 +01:00
OCTOFLAGS = -j
2022-01-22 15:04:17 +01:00
2022-03-01 13:11:25 +01:00
i f e q ( $( shell uname ) , O p e n B S D )
COUNTER = $( shell jot $( TIMES) 1)
e l s e
COUNTER = $( shell seq $( TIMES) )
e n d i f
2022-01-23 19:37:24 +01:00
### Octopus internals
2022-01-27 15:36:02 +01:00
CPU := $( shell LC_ALL = en_US.UTF-8 lscpu | grep "Model name" | cut -d":" -f 2 | sort | uniq | awk '{$$1=$$1;print}' )
2022-03-01 13:11:25 +01:00
UCODE := $( shell ( grep microcode /proc/cpuinfo 2> /dev/null || printf unknown) | sort | uniq | awk '{print $$NF}' || printf unknown)
2022-01-27 15:36:02 +01:00
KERN := $( shell uname -svm)
2022-04-12 11:21:57 +02:00
CLANGV := $( shell ( clang -v 2>& 1 | head -n 1) ) || apk info -a clang | head -n1 | awk '{print $$1}' || printf unknown)
GCCV := $( shell ( gcc -v 2>& 1 | grep 'gcc version' ) || apk info -a gcc | head -n1 | awk '{print $$1}' || printf unknown)
2022-03-01 13:11:25 +01:00
VULN1 := $( shell ( cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 2> /dev/null || printf unknown) )
VULN2 := $( shell ( cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 2> /dev/null || printf unknown) )
2022-04-12 11:21:57 +02:00
REVISION := $( shell git rev-parse --short HEAD)
d e f i n e B A N N E R
printf '\033[1m\033[94m________ __\n'
printf '\\_____ \\ _____/ |_ ____ ______ __ __ ______\n'
printf ' / | \\_/ ___\\ __\\/ \033[31m_\033[94m \\\\____ \\| | \\/ ___/\n'
printf '/ | \\ \\___| | ( \033[31m<_> \033[94m) |_> > | /\\___ \\ \n'
printf '\\_______ /\\___ >__| \\____/| __/|____//____ >\n'
printf ' \\/ \\/ |__| \033[0mrev $(REVISION)\033[1m\033[94m \\/\033[0m\n'
printf ' Samuel AUBERTIN - EURECOM\n'
e n d e f
2022-01-27 15:36:02 +01:00
2022-02-24 12:00:22 +01:00
i f n e q ( $( shell uname ) , O p e n B S D )
2022-01-27 15:36:02 +01:00
i f n d e f P R O G R E S S
2022-01-28 16:42:43 +01:00
HIT_TOTAL != $( MAKE) $( MAKECMDGOALS) --dry-run PROGRESS = "HIT_MARK" | grep -c "HIT_MARK"
HIT_COUNT = $( eval HIT_N != expr $( HIT_N) + 1) $( HIT_N)
PROGRESS = echo " [`expr $( HIT_COUNT) '*' 100 / $( HIT_TOTAL) `%] "
2022-01-27 15:36:02 +01:00
e n d i f
2022-02-24 12:00:22 +01:00
e n d i f
2022-01-27 15:36:02 +01:00
SUB_ONE = $( word 1, $( subst -, ,$@ ) )
SUB_TWO = $( word 2, $( subst -, ,$@ ) )
SUB_THREE = $( word 3, $( subst -, ,$@ ) )
SUB_FOUR = $( word 4, $( subst -, ,$@ ) )
2022-01-22 15:04:17 +01:00
2022-01-23 19:37:24 +01:00
### Compilers
2022-01-27 15:36:02 +01:00
CPROGS = $( foreach C, $( CCS) , $( addsuffix -$( C) , $( SRCS) ) )
2022-01-23 19:37:24 +01:00
### Optimizations
2022-04-07 11:45:36 +02:00
OPTIMIZED_PROGRAMS = $( foreach O, $( OPTIMIZATIONS) , $( addsuffix -O$( O) , $( CPROGS) ) )
2022-01-23 19:37:24 +01:00
### Static
2022-04-07 11:45:36 +02:00
STATIC_PROGRAMS = $( addsuffix -static, $( foreach O, $( OPTIMIZATIONS) , $( addsuffix -O$( O) , $( CPROGS) ) ) )
2022-01-22 15:04:17 +01:00
2022-01-27 15:36:02 +01:00
##### V1
### Masking mitigation
2022-04-07 11:45:36 +02:00
MASKING_PROGRAMS = $( addsuffix -mask, $( filter spectre_v1%, $( OPTIMIZED_PROGRAMS) ) )
MASKING_STATIC_PROGRAMS = $( addsuffix -mask, $( filter spectre_v1%, $( STATIC_PROGRAMS) ) )
2022-01-27 15:36:02 +01:00
### Lfence mitigation
2022-04-07 11:45:36 +02:00
LFENCE_PROGRAMS = $( addsuffix -fence, $( filter spectre_v1%, $( OPTIMIZED_PROGRAMS) ) )
2022-04-12 11:21:57 +02:00
LFENCE_STATIC_PROGRAMS = $( addsuffix -fence, $( filter spectre_v1%, $( STATIC_PROGRAMS) ) )
2022-01-27 15:36:02 +01:00
2022-04-07 11:45:36 +02:00
###### V2
2022-01-23 19:37:24 +01:00
### Retpoline
## clang
# dynamic
2022-04-07 11:45:36 +02:00
RETPOLINE_CLANG_PROGRAMS = $( addsuffix -retpoline, $( filter spectre_v2-clang%, $( OPTIMIZED_PROGRAMS) ) )
2022-01-23 19:37:24 +01:00
# static
2022-04-12 11:21:57 +02:00
RETPOLINE_STATIC_CLANG_PROGRAMS = $( addsuffix -retpoline, $( filter spectre_v2-clang%, $( STATIC_PROGRAMS) ) )
2022-01-23 19:37:24 +01:00
## gcc
# dynamic
2022-04-12 11:21:57 +02:00
RETPOLINE_GCC_PROGRAMS = $( addsuffix -retpoline, $( filter spectre_v2-gcc%, $( OPTIMIZED_PROGRAMS) ) )
2022-01-23 19:37:24 +01:00
# static
2022-04-07 11:45:36 +02:00
RETPOLINE_STATIC_GCC_PROGRAMS = $( addsuffix -retpoline, $( filter spectre_v2-gcc%, $( STATIC_PROGRAMS) ) )
# Add GCC's specific flag
2022-04-12 11:21:57 +02:00
V2_GCC_PROGRAMS = $( filter spectre_v2-gcc%, $( STATIC_PROGRAMS) ) $( filter spectre_v2-gcc%, $( OPTIMIZED_PROGRAMS) ) $( RETPOLINE_GCC_PROGRAMS) $( RETPOLINE_STATIC_GCC_PROGRAMS)
2022-04-07 11:45:36 +02:00
$(V2_GCC_PROGRAMS) : CFLAGS +=-fno -inline -small -functions
PROGS = $( OPTIMIZED_PROGRAMS)
PROGS += $( STATIC_PROGRAMS)
PROGS += $( MASKING_PROGRAMS)
PROGS += $( MASKING_STATIC_PROGRAMS)
PROGS += $( LFENCE_PROGRAMS)
PROGS += $( LFENCE_STATIC_PROGRAMS)
PROGS += $( RETPOLINE_CLANG_PROGRAMS)
PROGS += $( RETPOLINE_STATIC_CLANG_PROGRAMS)
PROGS += $( V2_GCC_PROGRAMS)
2022-04-05 12:45:31 +02:00
2022-03-01 13:17:38 +01:00
all : upload
2022-01-29 13:28:10 +01:00
printf "\033[1mThank you for helping science today !\033[0m\n"
2022-01-23 19:37:24 +01:00
upload : $( RESULTS_FILE )
2022-01-29 13:28:10 +01:00
printf " \033[4mUploading $^ to www.sk4.nz\033[0m\n "
2022-01-24 13:58:18 +01:00
chmod 600 $( SSH_KEY)
2022-01-29 13:28:10 +01:00
printf 'put $^\n' | sftp -b - -i $( SSH_KEY) \
-o BatchMode = yes -o StrictHostKeyChecking = no -o UserKnownHostsFile = /dev/null \
octoupload@www.sk4.nz:
2022-01-23 19:37:24 +01:00
2022-04-05 12:45:31 +02:00
findfalses : $( RESULTS_FILE )
cat *.json | jq -c '.[].results[] | select(.[] == false)' | sort | uniq
2022-01-23 19:37:24 +01:00
build : $( PROGS )
2022-04-12 11:21:57 +02:00
run : $( RESULTS_FILE )
printf " \033[1mResults file: $( RESULTS_FILE) \033[0m\n "
help :
$( BANNER)
printf '\nmake [all|poc|dockerpoc|build|dockerbuild|run|dockerrun]\n\n'
printf '\tall\t\tbuilds, runs and uploads the experiment results\n'
printf '\tpoc\t\tbuilds and runs a v1/v2 PoC\n'
printf '\tdockerpoc\t\tbuilds and runs a v1/v2 PoC\n'
printf '\tbuild\t\tbuilds the experiment programs\n'
printf '\tdockerbuild\tbuilds the experiment programs within a container\n'
printf '\trun\t\texecute the experiment\n'
printf '\tdockerrun\texecute the experiment within a container\n'
printf '\n\tFurther CFLAGS can be declared using `CFLAGS=XYZ make`\n'
dockerbuild :
docker build -t " octopus: $( REVISION) " .
dockerrun : dockerbuild
docker run --rm " octopus: $( REVISION) " make run
dockerupload : dockerbuild
docker run --rm " octopus: $( REVISION) " make upload
dockerpoc : dockerbuild
docker run --rm " octopus: $( REVISION) " make poc
docker : dockerupload
dockerclean :
-docker image rm -f octopus
dockerprune :
-docker image prune -af
poc : spectre_v 1-clang -O 0 spectre_v 2-clang -O 0
$( BANNER)
printf 'SPECTRE V1\n'
./spectre_v1-clang-O0
printf 'SPECTRE V2\n'
./spectre_v2-clang-O0
2022-01-27 15:36:02 +01:00
$(RESULTS_FILE) : build
2022-04-12 11:21:57 +02:00
$( BANNER)
2022-01-29 13:28:10 +01:00
printf " \033[4mUUID\033[0m\t\t $( UUID) \n "
printf " \033[4mCPU\033[0m\t\t $( CPU) \n "
printf " \033[4mMicrocode\033[0m\t $( UCODE) \n "
printf " \033[4mKernel\033[0m\t\t $( KERN) \n "
printf " \033[4mClang\033[0m\t\t $( CLANGV) \n "
printf " \033[4mGCC\033[0m\t\t $( GCCV) \n "
printf " \033[4mSpectre v1\033[0m\t $( VULN1) \n "
printf " \033[4mSpectre v2\033[0m\t $( VULN2) \n "
printf " { \" $( UUID) \": {\n " >> $@
printf " \"cpu\": \" $( CPU) \",\n " >> $@
printf " \"microcode\": \" $( UCODE) \",\n " >> $@
printf " \"kernel\": \" $( KERN) \",\n " >> $@
printf " \"clang\": \" $( CLANGV) \",\n " >> $@
printf " \"gcc\": \" $( GCCV) \",\n " >> $@
printf " \"spectre_v1\": \" $( VULN1) \",\n " >> $@
printf " \"spectre_v2\": \" $( VULN2) \",\n " >> $@
printf "\"results\": [\n" >> $@
2022-01-22 15:04:17 +01:00
for p in $( PROGS) ; do \
2022-03-01 13:11:25 +01:00
for t in $( COUNTER) ; do \
2022-01-27 15:36:02 +01:00
sleep 0.1; \
2022-01-29 14:00:20 +01:00
( ./$$ p $( OCTOFLAGS) || printf " { \" $$ p\": false } " ) >> $@ ; \
2022-01-27 15:36:02 +01:00
if ! [ " $$ p " = " $( lastword $( PROGS) ) " ] ; \
2022-01-29 13:28:10 +01:00
then printf ',\n' >> $@ ; \
2022-01-27 15:36:02 +01:00
else if ! [ $$ t -eq $( TIMES) ] ; \
2022-01-29 13:28:10 +01:00
then printf ',\n' >> $@ ; fi ; \
2022-01-27 15:36:02 +01:00
fi ; \
2022-01-23 19:37:24 +01:00
done \
done
2022-01-29 13:28:10 +01:00
printf "\n]}}\n" >> $@
2022-01-23 19:37:24 +01:00
2022-04-07 11:45:36 +02:00
$(OPTIMIZED_PROGRAMS) :
2022-01-27 15:36:02 +01:00
@$( PROGRESS) $( SUB_TWO) $( CFLAGS) $( LDFLAGS) -$( SUB_THREE) -o $@ $( SUB_ONE) .c
$( SUB_TWO) $( CFLAGS) $( LDFLAGS) -$( SUB_THREE) -o $@ $( SUB_ONE) .c
2022-01-23 19:37:24 +01:00
2022-04-07 11:45:36 +02:00
$(STATIC_PROGRAMS) :
2022-01-27 15:36:02 +01:00
@$( PROGRESS) $( SUB_TWO) $( addprefix -, $( SUB_FOUR) ) $( CFLAGS) -$( SUB_THREE) -o $@ $( SUB_ONE) .c
$( SUB_TWO) $( addprefix -, $( SUB_FOUR) ) $( CFLAGS) -$( SUB_THREE) -o $@ $( SUB_ONE) .c
2022-04-07 11:45:36 +02:00
$(MASKING_PROGRAMS) :
2022-01-27 15:36:02 +01:00
@$( PROGRESS) $( SUB_TWO) $( CFLAGS) -DMASKING_MITIGATION $( LDFLAGS) -$( SUB_THREE) -o $@ $( SUB_ONE) .c
$( SUB_TWO) $( CFLAGS) -DMASKING_MITIGATION $( LDFLAGS) -$( SUB_THREE) -o $@ $( SUB_ONE) .c
2022-04-07 11:45:36 +02:00
$(MASKING_STATIC_PROGRAMS) :
2022-01-27 15:36:02 +01:00
@$( PROGRESS) $( SUB_TWO) $( addprefix -, $( SUB_FOUR) ) $( CFLAGS) -DMASKING_MITIGATION -$( SUB_THREE) -o $@ $( SUB_ONE) .c
$( SUB_TWO) $( addprefix -, $( SUB_FOUR) ) $( CFLAGS) -DMASKING_MITIGATION -$( SUB_THREE) -o $@ $( SUB_ONE) .c
2022-04-07 11:45:36 +02:00
$(LFENCE_PROGRAMS) :
2022-01-27 15:36:02 +01:00
@$( PROGRESS) $( SUB_TWO) $( CFLAGS) -DLFENCE_MITIGATION $( LDFLAGS) -$( SUB_THREE) -o $@ $( SUB_ONE) .c
$( SUB_TWO) $( CFLAGS) -DLFENCE_MITIGATION $( LDFLAGS) -$( SUB_THREE) -o $@ $( SUB_ONE) .c
2022-04-07 11:45:36 +02:00
$(LFENCE_STATIC_PROGRAMS) :
2022-01-27 15:36:02 +01:00
@$( PROGRESS) $( SUB_TWO) $( addprefix -, $( SUB_FOUR) ) $( CFLAGS) -DLFENCE_MITIGATION -$( SUB_THREE) -o $@ $( SUB_ONE) .c
$( SUB_TWO) $( addprefix -, $( SUB_FOUR) ) $( CFLAGS) -DLFENCE_MITIGATION -$( SUB_THREE) -o $@ $( SUB_ONE) .c
2022-04-07 11:45:36 +02:00
$(RETPOLINE_CLANG_PROGRAMS) :
2022-01-27 15:36:02 +01:00
@$( PROGRESS) $( SUB_TWO) $( CFLAGS) -mretpoline $( LDFLAGS) -z retpolineplt -$( SUB_THREE) -o $@ $( SUB_ONE) .c
$( SUB_TWO) $( CFLAGS) -mretpoline $( LDFLAGS) -z retpolineplt -$( SUB_THREE) -o $@ $( SUB_ONE) .c
2022-01-22 15:04:17 +01:00
2022-04-07 11:45:36 +02:00
$(RETPOLINE_STATIC_CLANG_PROGRAMS) :
2022-01-27 15:36:02 +01:00
@$( PROGRESS) $( SUB_TWO) $( addprefix -, $( SUB_FOUR) ) $( CFLAGS) -mretpoline -$( SUB_THREE) -o $@ $( SUB_ONE) .c
$( SUB_TWO) $( addprefix -, $( SUB_FOUR) ) $( CFLAGS) -mretpoline -$( SUB_THREE) -o $@ $( SUB_ONE) .c
2022-01-22 15:04:17 +01:00
2022-04-07 11:45:36 +02:00
$(RETPOLINE_GCC_PROGRAMS) :
2022-01-27 15:36:02 +01:00
@$( PROGRESS) $( SUB_TWO) $( CFLAGS) -mfunction-return= thunk -mindirect-branch= thunk -mindirect-branch-register $( LDFLAGS) -z retpolineplt -$( SUB_THREE) -o $@ $( SUB_ONE) .c
$( SUB_TWO) $( CFLAGS) -mfunction-return= thunk -mindirect-branch= thunk -mindirect-branch-register $( LDFLAGS) -z retpolineplt -$( SUB_THREE) -o $@ $( SUB_ONE) .c
2022-01-22 15:04:17 +01:00
2022-04-07 11:45:36 +02:00
$(RETPOLINE_STATIC_GCC_PROGRAMS) :
2022-01-27 15:36:02 +01:00
@$( PROGRESS) $( SUB_TWO) $( addprefix -, $( SUB_FOUR) ) $( CFLAGS) -mfunction-return= thunk -mindirect-branch= thunk -mindirect-branch-register -$( SUB_THREE) -o $@ $( SUB_ONE) .c
$( SUB_TWO) $( addprefix -, $( SUB_FOUR) ) $( CFLAGS) -mfunction-return= thunk -mindirect-branch= thunk -mindirect-branch-register -$( SUB_THREE) -o $@ $( SUB_ONE) .c
2022-01-22 15:04:17 +01:00
clean :
2022-01-27 15:36:02 +01:00
rm -rf $( PROGS) *.json
2022-03-01 13:16:22 +01:00
i f e q ( $( shell uname ) , O p e n B S D )
-make -C uuid_obsd clean
e n d i f
