Uses Intel TSX/RTM (Restricted Transactional Memory) cache side-channel to get the kernel offset.
Link libkaslr.a to your exploit and call get_kaslr_offset() to get the
offset. The return value is either the kernel offset or (uint64_t)-1 on error.
$ gcc example.c libkaslr.a -static -lm -lpthread
Might try running get_kaslr_offset() in a loop to make sure the return value
is stable.