I'm investigating whether it is possible to do row hammering and cause bit flips through normal cached memory accesses, without CLFLUSH.
An important step in doing that is being able to pick addresses that map to the same L3 cache set. For testing purposes, we can do that quickly if we know how physical addresses map to L3 cache sets, and if we know which physical addresses we have access to (e.g. via /proc/PID/pagemap on Linux).
Here is a building block for doing that:
Cheers,
Mark