Given the attack plan above, how many addresses need to be flushed in the first step?
Copy your code in run_attacker from attacker-part1.c to attacker-part2.c. Does your Flush+Reload attack from Part 1 still work? Why or why not?
In our example, the attacker tries to leak the values in the array secret_part2. In a real-world attack, attackers can use Spectre to leak data located in an arbitrary address in the victim's space. Explain how an attacker can achieve such leakage.
Experiment with how often you train the branch predictor. What is the minimum number of times you need to train the branch (i.e. if offset < part2_limit) to make the attack work?
Describe the strategy you employed to extend the speculation window of the target branch in the victim.
Assume you are an attacker looking to exploit a new machine that has the same kernel module installed as the one we attacked in this part. What information would you need to know about this new machine to port your attack? Could it be possible to determine this infomration experimentally? Briefly describe in 5 sentences or less.