ansaurus

Question

Disable L2/L1 caches

Answer 1

A:

I would be surprised if any code running in user mode would be able to do that - that would be one hell of a DoS attack.

Pavel Minaev 2009-07-10 08:59:38

The very same effect can be definitely achieved by a carefully constructed user mode program, for example a program that allocates 64MB of memory and keeps reading/writing to random pages within it.

DrJokepu 2009-07-10 09:41:01

A user-mode program like DrJokepu describes would not be nearly as devastating as disabling the cache. Each active process gets a timeslice on the CPU that is measured in milliseconds, which is millions of nanoseconds and many millions of CPU cycles. That's plenty of time to get some useful content into the cache before that malicious process kicks it back out.

ScottJ 2009-11-07 01:06:58

Answer 2

+3 A:

That should be "or eax,40000000h" to set bit 30. But a user process won't be allowed to change control registers anyways. You'll need to make the change in the kernel. I wouldn't doubt that there's some system call or device interface to do what you want.

George Phillips 2009-07-10 09:05:20

Answer 3

+3 A:

I found this document on the control register at wikipedia. That confirms what you say:

The CR0 register is 32 bits long on the 386 and higher processors. On x86-64 processors in long mode, it (and the other control registers) are 64 bits long. CR0 has various control flags that modify the basic operation of the processor. Bit Name Full Name Description 31 PG Paging If 1, enable paging and use the CR3 register, else disable paging 30 CD Cache disable

This led me to the Intel 64 and IA-32 Architectures Software Developer’s Manual. It says, and I quote here again:

Most systems restrict access to system registers (other than the EFLAGS register) by application programs. Systems can be designed, however, where all programs and procedures run at the most privileged level (privilege level 0). In such a case, appli- cation programs would be allowed to modify the system registers.

~~Probably your program is semantically correct~~Your code has a bug that will probably lock up the machine, but even fixed it would need to run in supervisor mode. Note that you need to or the value in so as not to affect the other registers (as others have noted).

1800 INFORMATION 2009-07-10 09:06:40

Answer 4

+2 A:

You would need to do this from a driver on windows or linux as only the kernel runs in rung 0 and I don't think you could do it for one process, you would have to do it for all of them.

I'm assuming that you're trying to do memory writes without caching?

Perhaps you want to look into cache flush instructions if your trying to do scary threading code?

Spence 2009-07-10 09:08:20

Answer 5

A:

I think you have to log in as root to do that. I was wondering why would you want to disable the cache, in all likelyhood disabling the L1 and L2 will cause the computer to lock up.

2009-07-10 09:12:02

Answer 6

+4 A:

Please note that even if you're in ring 0 because you're in the kernel or run your tool on DOS in protected mode etc, moving 0x40000000 to cr0 will definitely cause a disaster. You see, the control register (cr0) controls all sorts of things that effect the way the processor operates, such as enabling paging, protected mode (not directly) etc. If you unset all those bits, you will end up in a totally different environment and getting a segmentation fault is not surprising at all if you had paging enabled previously.

You should do this instead:

mov eax,cr0
or eax, 40000000H ;set bit 30 without clearing the others
mov cr0,eax

DrJokepu 2009-07-10 09:25:43

He's saying it seg faults on "mov eax, cr0".

RCIX 2009-07-10 09:59:27

@RCIX: Your psychic debugging skills are great. The only thing I see is "...when I try to run exe file,it Seg Faults..."

erikkallen 2009-09-25 16:04:49

Answer 7

A:

Actually, it seems to Seg fault at the second instruction (mov eax,cr0), I've just tried to comment all other instructions, and it did seg faults.... But I still don't know why??

I've tryed also to compile/run it in runlevel 0 (telinit 1 command line as root) but it still seg faults...

I'm wondering if the Control Register 0 (cr0) is not write-protected then...?

2009-07-10 09:43:55

runlevel 0 is not the same as ring 0; ring 0 is being the operating system kernel itself. your code must run as part of the operating system kernel (such as a driver for instance), otherwise, you are likely to run in ring 3 which means you can't access control registers. runinit 0 won't solve the issue as your execution environment will still remain in the userspace.

DrJokepu 2009-07-10 11:17:25

well, you were right, from http://www.masm32.com/board/index.php?PHPSESSID=f2a136993584c80c051a3819890cb87btopic=11584.0 it is said that Ring 0 should be a way to set cr0 (they are using same mov eax,cr0 programme...)does anyone knows how to run a file in Ring 0 mode ?

2009-07-10 12:43:13

Moho - normally, you can't. Assuming that you want to do that on linux, you need to put it into a kernel module: http://dirac.org/linux/writing/lkmpg/2.6/lkmpg-2.6.0.html

DrJokepu 2009-07-10 14:22:21

Answer 8

A:

Hi everybody,

I could finally disable the cache by running the code as Ring0, Thank you DrJokepu, the link you gave me was exactly what I needed.. but I have new problem, cause when I insert the new module who disables the cache, that works grate, I just have to insmod my .ko file, and the procedure init where my code is written is called. but now I would like to re-enable the cache programmatically again, It should work with writing a clean procedure witch reset the cr0, and call it when remove the module by rmmod it, but actually it does nothing...I can check at cat /proc/modules and it really removed it, but apparently, it hasn't called my clean procedure before removing it....

help?

2009-07-22 08:23:08

New problem, new question! Also, mark the answer that helped you.

Bombe 2009-09-25 14:37:36

ansaurus

tags:

views:

answers:

Disable L2/L1 caches

related questions