0

I have been trying to implement a Cache Side Channel attack on ARM. Since ARM doesn't have any instruction or function (similar to cflush) defined to flush the cache contents, I am trying to achieve this by Evict+Reload method. This method requires the eviction set to be placed in the same cache set as the data trying to be replaced, what would be the way to find out the cache set the data is present in and also how can I force my eviction set to be placed on the same cache set?

Balvansh Heerekar
  • 85
  • 1
  • 13
  • Create a large array and put the data at locations spaced through the array corresponding to the cache geometry. This does not control where the array starts, but you mostly do not care about that, just the relationships between the various data items. – Eric Postpischil Apr 25 '20 at 18:19
  • @EricPostpischil how will this help me flush the contents of the cache? – Balvansh Heerekar Apr 25 '20 at 20:25
  • All lines in a cache set map to addresses that have the same residue modulo x, for some x that depends on the cache configuration. If array element k, measured in bytes, is in cache and cache is n-way associative, then accessing the array elements at k+i•x for 1≤i≤n will map to the same set and thus force element k out of cache. – Eric Postpischil Apr 25 '20 at 20:43
  • @EricPostpischil I'm sorry if my question wasn't clear. I am trying to flush out the value of a variable using another variable. That is I'm trying to flush out X by using another variable Y. (Not particular about the data type of Y) – Balvansh Heerekar Apr 25 '20 at 21:05
  • Given `&X`, create an array the size of cache, use casts to `uintptr_t` to determine which elements of the array map to the cache set as `X`. Then access them. – Eric Postpischil Apr 25 '20 at 21:24
  • why cant you flush and/or evict in arm. is this the aarch64 and are caches handled differently than aarch32 based cores? and reading the comments not sure what the real question is just do the thing you want to do based on the cache you have. – old_timer Apr 25 '20 at 22:01
  • @old_timer in order to flush the cache in arm I would have to be in EL1. Or if I want to do it from EL0 then the **SCTLR_EL1.UCI** has to be set to 1. In my case it isn't set, hence I'm trying to achieve this by evict method. – Balvansh Heerekar Apr 25 '20 at 22:21

0 Answers0