SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and...
Transcript of SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and...
![Page 1: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/1.jpg)
SAMSUNG OPEN SOURCE CONFERENCE 2019
SOSCON
Micro-architectural attack and defense on Linux kernel
Spectre and Meltdown
Samsung Research | Security team | Jinbum Park | jinb-park.github.ioSamsung Research | Security team | Joonwon Kang
16-Oct-2019
![Page 2: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/2.jpg)
SAMSUNG OPEN SOURCE CONFERENCE 2019
SOSCON 2019
Overview
Attack 1 : Out-of-bounds attack
Defense 1 : Bounds check
Attack 2 : Bounds check bypass (Spectre v1)
Defense 2 : Index sanitization
Attack 3 : Indirect branch poisoning (Spectre v2)
Defense 3 : Retpoline
Attack 4 : Meltdown
Defense 4 : Page Table Isolation
Attack 5 : L1 Terminal Fault
Defense 5 : PTE Inversion
01
02
03
04
05
06
07
08
09
10
11
Index
![Page 3: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/3.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
Overview
![Page 4: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/4.jpg)
SOSCON 2019Overview
Meltdown?
Spectre?
Intel hardware vulnerabilities?
Micro-architecture attacks?
![Page 5: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/5.jpg)
SOSCON 2019Software - Architecture - Micro-architecture
int *ptr = …;
void func(void){
int a = *ptr; }
mov %ebx, (%eax)
// eax == ptr
pa = convert_va_to_pa(%eax);read pa;
Software
Architecture(Intel / ARM …)
Micro-architecture(i7-1, i7-2, i5-3, A12, …)
![Page 6: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/6.jpg)
SOSCON 2019Software - Architecture - Micro-architecture
int *ptr = NULL;
void func(void){
int a = *ptr; }
mov %ebx, (%eax)
// eax == ptr (NULL)
pa = convert_va_to_pa(%eax);if (is_valid_address(pa))
read pa;else
error;
Software
Architecture(Intel / ARM …)
Micro-architecture(i7-1, i7-2, i5-3, A12, …)
Segmentation fault (core dumped)
![Page 7: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/7.jpg)
SOSCON 2019Software - Architecture - Micro-architecture
int *ptr = &obj;
void func(void){
int a = *ptr; }
mov %ebx, (%eax)
// eax == ptr (NULL)
pa = convert_va_to_pa(%eax);if (is_valid_address(pa))
read pa;else
error;
Software
Architecture(Intel / ARM …)
Micro-architecture(i7-1, i7-2, i5-3, A12, …)
Checking on every memory access makes CPU very slow!
How can we make it better?
![Page 8: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/8.jpg)
SOSCON 2019Software - Architecture - Micro-architecture
int *ptr = &obj;
void func(void){
int a = *ptr; }
mov %ebx, (%eax)
// eax == ptr (NULL)
pa = convert_va_to_pa(%eax);if (is_valid_address(pa))
read pa;else
error;
Software
Architecture(Intel / ARM …)
Micro-architecture
pa = convert_va_to_pa(%eax);read pa;if (is_invalid_address(pa))
error;
Slower CPU
Faster CPU
Speculate “pa” is not NULLRead “pa” first!It called “Speculative execution”
![Page 9: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/9.jpg)
SOSCON 2019Software - Architecture - Micro-architecture
int *ptr = &obj;
void func(void){
int a = *ptr; }
mov %ebx, (%eax)
// eax == ptr (NULL)
pa = convert_va_to_pa(%eax);if (is_valid_address(pa))
read pa;else
error;
Software
Architecture(Intel / ARM …)
Micro-architecture
pa = convert_va_to_pa(%eax);read pa;if (is_invalid_address(pa))
error;
Slower CPU
Faster CPUSecurity implication in it
:: Even though it occurs a fault,
We can read an invalid memory before the fault!
![Page 10: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/10.jpg)
SOSCON 2019Software - Architecture - Micro-architecture
int *ptr = &obj;
void func(void){
int a = *ptr; }
mov %ebx, (%eax)
// eax == ptr (NULL)
pa = convert_va_to_pa(%eax);if (is_valid_address(pa))
read pa;else
error;
Software
Architecture(Intel / ARM …)
Micro-architecture
pa = convert_va_to_pa(%eax);read pa;if (is_invalid_address(pa))
error;
Slower CPU
Faster CPU
If you can exploit this implementation,
we call this “Hardware Vulnerability”
Call the attack on this “Micro-architecture attack”
![Page 11: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/11.jpg)
SOSCON 2019Vulnerable Micro-architectures
![Page 12: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/12.jpg)
SOSCON 2019What we’ll discuss
4 Hardware Vulnerabilities
- Spectre Variant1, Variant2, Meltdown, L1TF
How to exploit them for user to read kernel-memory?
How does Linux kernel defend against them?
![Page 13: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/13.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
Spectre Attack & Defense
![Page 14: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/14.jpg)
SOSCON 20192. Attack 1: Out-of-bounds attack
Intuition
Q. What if execute it with idx = -100 ?
A. var == ‘T’
address value
100 ‘T’
101 ‘h’
... ...
200 ary1[0]
Can access out of ary with the attacker chosen index
without crash!
![Page 15: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/15.jpg)
SOSCON 20192. Attack 1: Out-of-bounds attack (Cont.)
Attack steps
Shared memory between processes.
Goal: What is in victim’s ary1[-100] ?
![Page 16: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/16.jpg)
SOSCON 20192. Attack 1: Out-of-bounds attack (Cont.)
Attacker VictimCache
Shared memory
1. Flush ary2[0...255].
ary2[0]
...
ary2[‘T’]
...
ary2[255]
3. var = ary2[ary1[-100]]
...
ary2[‘T’]
...
4. Cached!2. Set idx = -100 and Execute the victim.
5. Access ary2[0...255].
6. Find idx which takes the shortest time.Found! ary1[-100] == ‘T’.
address variable
100 ‘T’
101 ‘h’
... ...
200 ary1[0]
Called “Flush+Reload” analysis.
![Page 17: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/17.jpg)
SOSCON 20192. Attack 1: Out-of-bounds attack (Cont.)
How can we defend against this attack?
Let’s check bounds here!
![Page 18: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/18.jpg)
SOSCON 20193. Defense 1: Bounds check
Check bounds before the gadget.
Out-of-bounds attack is blocked!
Really..?
![Page 19: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/19.jpg)
SOSCON 20194. Attack 2: Bounds check bypass (Spectre v1)
Yes! but we have to make
likely_taken(if) == true.
if (idx < size)
var = ary2[ary1[idx]];
Software read idxread sizeres = idx < sizeif ( res )
read ary2[ary1[idx]]
Micro-architecture
if ( likely_taken(if) )read ary2[ary1[idx]]
read idxread sizeres = idx < sizeif ( res == likely_taken(if) )
commitelse
revert...
Faster CPU
Can we bypass bounds check?
Slower CPUNope...
![Page 20: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/20.jpg)
SOSCON 20194. Attack 2: Bounds check bypass (Cont.)
Attack steps
if (idx < size)
var = ary2[ary1[idx]];
SoftwareMicro-architecture
if ( likely_taken(if) )read ary2[ary1[idx]]
read idxread sizeres = idx < sizeif ( res == likely_taken(if) )
commitelse
revert...
Goal: What is in victim’s ary1[-100] ?
![Page 21: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/21.jpg)
SOSCON 20194. Attack 2: Bounds check bypass (Cont.)
Attack steps
if (idx < size)
var = ary2[ary1[idx]];
SoftwareMicro-architecture
1. Execute victim with legitimate idx multiple times.
Conditional branch predictor will learn that
likely_taken(if) == true.
if ( likely_taken(if) )read ary2[ary1[idx]]
read idxread sizeres = idx < sizeif ( res == likely_taken(if) )
commitelse
revert...
![Page 22: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/22.jpg)
SOSCON 20194. Attack 2: Bounds check bypass (Cont.)
Attack steps
if (idx < size)
var = ary2[ary1[idx]];
SoftwareMicro-architecture
2. Execute victim with idx = -100.
ary2[ary1[-100]] will be read and cached!
if ( likely_taken(if) )read ary2[ary1[idx]]
read idxread sizeres = idx < sizeif ( res == likely_taken(if) )
commitelse
revert...
![Page 23: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/23.jpg)
SOSCON 20194. Attack 2: Bounds check bypass (Cont.)
Attack steps
if (idx < size)
var = ary2[ary1[idx]];
SoftwareMicro-architecture
3. Do Flush+Reload analysis on ary2.
ary2[‘T’] will take the shortest time.
Thus, ary1[-100] == ‘T’ !!
if ( likely_taken(if) )read ary2[ary1[idx]]
read idxread sizeres = idx < sizeif ( res == likely_taken(if) )
commitelse
revert...
![Page 24: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/24.jpg)
SOSCON 20194. Attack 2: Bounds check bypass (Cont.)
How can we defend against this attack?
if (idx < size)
var = ary2[ary1[idx]];
SoftwareMicro-architecture
Let’s sanitize idx here!if ( likely_taken(if) )
read ary2[ary1[idx]]read idxread sizeres = idx < sizeif ( res == likely_taken(if) )
commitelse
revert...
![Page 25: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/25.jpg)
SOSCON 20195. Defense 2: Index sanitization
How can we defend against this attack?
if (idx < size)
sanitize(idx, size)
var = ary2[ary1[idx]];
SoftwareMicro-architecture
if ( likely_taken(if) )sanitize(idx, size)read ary2[ary1[idx]]
read idxread sizeres = idx < sizeif ( res == likely_taken(if) )
commitelse
revert...
Clamp idx in [0, size).
![Page 26: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/26.jpg)
SOSCON 20195. Defense 2: Index sanitization
Example: idx sanitization in Linux kernel.
-
linux/include/linux/nospec.h
![Page 27: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/27.jpg)
SOSCON 2019
How can we defense against this attack?
if (idx < size)
sanitize(idx, size)
var = ary2[ary1[idx]];
SoftwareMicro-architecture
Out-of-bounds attack is blocked!
You sure…?
if ( likely_taken(if) )sanitize(idx, size)read ary2[ary1[idx]]
read idxread sizeres = idx < sizeif ( res == likely_taken(if) )
commitelse
revert...
5. Defense 2: Index sanitization
![Page 28: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/28.jpg)
SOSCON 20196. Attack 3: Indirect branch poisoning (Spectre v2)
Can we execute the gadget only?
if (idx < size)
sanitize(idx, size)
var = ary2[ary1[idx]];
SoftwareMicro-architecture
if ( likely_taken(if) )sanitize(idx, size)read ary2[ary1[idx]]
read idxread sizeres = idx < sizeif ( res == likely_taken(if) )
commitelse
revert...
Yes, if we can jump to the gadget like ROP.
But.. How can we make jump?
Maybe through function pointer?
![Page 29: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/29.jpg)
SOSCON 20196. Attack 3: Indirect branch poisoning (Cont.)
Can we jump to the gadget?
void (*fp)(void);
void func(void){
fp(); ← VA: 10}
Software
Yes! but we have to make
likely_target(10) == gadget addr.
Faster CPU
Slower CPUread fpjump fp
jump likely_target(10)read fpif ( fp == likely_target(10) )
commitelse
revertjump fp
Nope.
Micro-architecture
![Page 30: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/30.jpg)
SOSCON 20196. Attack 3: Indirect branch poisoning (Cont.)
Attack steps
void (*fp)(void);
void func(void){
fp(); ← VA: 10}
Software
Faster CPU
Micro-architecture
jump likely_target(10)read fpif ( fp == likely_target(10) )
commitelse
revertjump fp
Goal: What is in victim’s ary1[-100] ?
![Page 31: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/31.jpg)
SOSCON 20196. Attack 3: Indirect branch poisoning (Cont.)
Attack steps
void (*fp)(void);
void func(void){
fp(); ← VA: 10}
Victim
1. Allocate the same memory as victim’s and
Modify fp() to jump gadget.
void (*fp)(void);
void func(void){
jump gadget; ← VA: 10}
Attacker
Faster CPU
Micro-architecture
jump likely_target(10)read fpif ( fp == likely_target(10) )
commitelse
revertjump fp
![Page 32: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/32.jpg)
SOSCON 20196. Attack 3: Indirect branch poisoning (Cont.)
Attack steps
void (*fp)(void);
void func(void){
fp(); ← VA: 10}
Victim
2. Execute the attacker’s program multiple times.
Indirect branch predictor will learn that
likely_target(10) == gadget addr.
void (*fp)(void);
void func(void){
jump gadget; ← VA: 10}
Attacker
Faster CPU
Micro-architecture
jump likely_target(10)read fpif ( fp == likely_target(10) )
commitelse
revertjump fp
![Page 33: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/33.jpg)
SOSCON 20196. Attack 3: Indirect branch poisoning (Cont.)
Attack steps
void (*fp)(void);
void func(void){
fp(); ← VA: 10}
Victim
Faster CPU
Micro-architecture
jump likely_target(10)read fpif ( fp == likely_target(10) )
commitelse
revertjump fp
3. Execute the victim program with idx = -100.
ary2[ary1[-100]] will be read and cached!
ary2[ary1[-100]] is executed!
![Page 34: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/34.jpg)
SOSCON 20196. Attack 3: Indirect branch poisoning (Cont.)
Attack steps
void (*fp)(void);
void func(void){
fp(); ← VA: 10}
Victim
Faster CPU
Micro-architecture
jump likely_target(10)read fpif ( fp == likely_target(10) )
commitelse
revertjump fp
4. Do Flush+Reload analysis on ary2.
ary2[‘T’] will take the shortest time.
Thus, ary1[-100] == ‘T’ !!
![Page 35: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/35.jpg)
SOSCON 20196. Attack 3: Indirect branch poisoning (Cont.)
How can we defend against this attack?
void (*fp)(void);
void func(void){
fp(); ← VA: 10}
Victim
Faster CPU
Micro-architecture
jump likely_target(10)read fpif ( fp == likely_target(10) )
commitelse
revertjump fp
How about making it like this?
User func Gadget Dummy
![Page 36: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/36.jpg)
SOSCON 2019
jmp *%rax
Indirect call replacement with retpoline.
call load_label
capture_ret_spec:
pause ; lfence
jmp capture_ret_spec
load_label:
mov %rax, (%rsp)
ret
7. Defense 3: Retpoline
![Page 37: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/37.jpg)
SOSCON 20197. Defense 3: Retpoline (Cont.)
Goal: Capture speculative execution for indirect branch into a dummy loop.
Details are hard to understand for beginner.
To get more details, please refer to
- Appendix-D: Retpoline details
- intel's guidance
![Page 38: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/38.jpg)
SOSCON 20197. Defense 3: Retpoline (Cont.)
- linux/arch/x86/Kconfig
- linux/arch/x86/include/asm/nospec-branch.h
Example: Retpoline in Linux kernel.
![Page 39: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/39.jpg)
SOSCON 2019Wrap up Spectre attacks
For actual v1, v2 attacks, there are more prerequisites.
- Additional cache miss for successful speculative execution.
- Control over specific registers.
- Run programs on the same core to share BTB.
- etc..
To get more details, please refer to
- Spectre Attacks: Exploiting Speculative Execution
- Google project zero blog
![Page 40: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/40.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
Attack4: Meltdown
![Page 41: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/41.jpg)
SOSCON 2019Two phases of Meltdown
Goal : Reading kernel memory from user-space
1. Speculatively read kernel memory into register.2. Stick the register to the leak gadget.
![Page 42: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/42.jpg)
SOSCON 2019Speculatively read kernel memory
int *ptr = Kernel_Addr;
void func(void){
int a = *ptr; }
Software (User)
Segmentation
fault!
1. Segmentation Fault
2. Die orRun signal handler
1. int a = *ptr; (a == kernel value)
2. Segmentation Fault
3. a = 0; (clear kernel value)
4. Die or Run signal handler
What we expect
Actually happens
We can read kernel-memory!!
![Page 43: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/43.jpg)
SOSCON 2019Speculatively read kernel memory (Zoom in)
int *ptr = Kernel_Addr;
void func(void){
int a = *ptr; }
pa = convert_va_to_pa(ptr);if (is_kernel_address(pa))
error;else
read pa;
Software
Micro-architecture
pa = convert_va_to_pa(ptr);read pa;if (is_kernel_address(pa))
error;Vulnerable-to-Meltdown
Let’s turn our focus to this!
![Page 44: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/44.jpg)
SOSCON 2019Speculatively read kernel memory (Zoom in more)
int *ptr = Kernel_Addr;
void func(void){
int a = *ptr; }
SoftwareMicro-architecture
(1) pa = convert_va_to_pa(ptr);
(2) read pa;
(3) if (is_kernel_address(pa))
error;
Page Table Entry
Page Table Entry
Page Table Entry
ptr (Kernel_Addr)
(Virtual Address)
Page Table
Physical Address User/Kernel
[1]: User
[0]: Kernel
![Page 45: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/45.jpg)
SOSCON 2019Stick it to the leak gadget
int *ptr = Kernel_Addr;
void func(void)
{
int a = *ptr; // (1) a = kernel-value
var = ary1[a]; // (2) [leak gadget] kernel-value dependent access → Cache loading
// (3) invalid access! fault!
}
void fault_handler(....)
{
for (i=0; i<SIZE; i++) {
if (time_to_access(ary[i]) < CONSTANT)
// (4) i is kernel-value!;
}
}
Leak gadget + FLUSH-RELOAD + Meltdown = Kernel memory leak!
![Page 46: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/46.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
Defense4: Page Table Isolation
![Page 47: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/47.jpg)
SOSCON 2019Micro-architecural fix
int *ptr = Kernel_Addr;
void func(void){
int a = *ptr; }
pa = convert_va_to_pa(ptr);if (is_kernel_address(pa))
read pa;else
error;
Software
Micro-architecture
pa = convert_va_to_pa(ptr);read pa;if (is_kernel_address(pa))
error;
Fix
(1) It’s infeasible to update a lot of deployed CPUs..
(2) then.. what is the root cause in the view of software?
(3) Figure out solution to fix Meltdown with software fix! (Linux kernel)
![Page 48: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/48.jpg)
SOSCON 2019Software root cause
int *ptr = Kernel_Addr;
void func(void){
int a = *ptr; }
SoftwareMicro-architecture
(1) pa = convert_va_to_pa(ptr);
(2) read pa;
(3) if (is_kernel_address(pa))
error;
Page Table Entry
Page Table Entry
Page Table Entry
ptr (Kernel_Addr)
(Virtual Address)
Page Table
pa (physical address)
Why does it allow User to access Kernel??
![Page 49: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/49.jpg)
SOSCON 2019Software root cause
int *ptr = Kernel_Addr;
void func(void){
int a = *ptr; }
SoftwareMicro-architecture
(1) pa = convert_va_to_pa(ptr); ⇒ Fail!
(2) read pa;
(3) if (is_kernel_address(pa))
error;
Page Table Entry
-
Page Table Entry
ptr (Kernel_Addr)
(Virtual Address)
Page Table
If no Page Table Entry for Kernel?
Managed by Software (Linux)!
![Page 50: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/50.jpg)
SOSCON 2019Page Table Isolation
Unmapping Kernel Space in User Mode
![Page 51: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/51.jpg)
SOSCON 2019Implementation of Page Table Isolation
- Too difficult details for a beginner to understand...
- Links to get more details
- https://gruss.cc/files/kaiser.pdf
- https://jinb-park.blogspot.com/2019/06/deep-dive-into-page-table-isolation.html
![Page 52: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/52.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
Attack5: L1TF (L1 Terminal Fault)
![Page 53: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/53.jpg)
SOSCON 2019Revisit Micro-architecture code
int *ptr = Not_Exist_Addr;
void func(void){
int a = *ptr; }
pa = convert_va_to_pa(ptr);
if (!is_present(pa))error;
read pa;
Software
Micro-architecture
pa = convert_va_to_pa(ptr);
read pa;
if (!is_present(pa))error;
Vulnerable-to-L1TF
![Page 54: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/54.jpg)
SOSCON 2019From Zero Address
int *ptr = Not_Exist_Addr;
void func(void){
int a = *ptr; }
Software Micro-architecture
(1) pa = convert_va_to_pa(ptr);
(2) read pa;
(3) if (!is_present(pa))
error;
Page Table Entry
Page Table Entry
Page Table Entry
ptr (Not_Exist_Addr)
(Virtual Address)
Page Table
Normally Zero
(Physical Address)
Present Bit
[1]: Present
[0]: Not ...
From address Zero?
We can’t make sure that what’s in it.
Secret? Dummy value?
![Page 55: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/55.jpg)
SOSCON 2019From Kernel Address
int *ptr = Not_Exist_Addr;
void func(void){
int a = *ptr; }
Software Micro-architecture
(1) pa = convert_va_to_pa(ptr);
(2) read pa;
(3) if (!is_present(pa))
error;
Page Table Entry
Page Table Entry
Page Table Entry
ptr (Not_Exist_Addr)
(Virtual Address)
Page Table
Attacker can control!
Present Bit
[1]: Present
[0]: Not ...
Kernel Memory
![Page 56: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/56.jpg)
SOSCON 2019Feasible?
int *ptr = Not_Exist_Addr;
void func(void){
int a = *ptr; }
Software
Page Table Entry
Page Table Entry
(Kernel Address)
Page Table Entry
Page TableVirtual Address
Physical
Address
: If attackers control the physical address of page table, they can read arbitrary kernel memory!
: But we are user, not kernel. It’s infeasible for user to control page table.
: That’s why L1TF is not as popular as Meltdown.
![Page 57: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/57.jpg)
SOSCON 2019Relying on Luck?
int *ptr = Not_Exist_Addr;
void func(void){
int a = *ptr; }
Software
Page Table Entry
Page Table Entry
(Arbitrary Address)
Page Table Entry
Page TableVirtual Address
User-1 Memory Kernel MemoryOut-Of-RAM
Lucky Case!
: There might still be possibility relying on luck! How can we eliminate such possibility?
User-2 Memory
Lucky Case!
![Page 58: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/58.jpg)
SOSCON 2019Stick it to the leak gadget
int *ptr = Not_Exist_Addr; // Physical address ==> Kernel address
void func(void)
{
int a = *ptr; // (1) a = kernel-value
var = ary1[a]; // (2) [leak gadget] kernel-value dependent access → Cache loading
// (3) invalid access! fault!
}
void fault_handler(....)
{
for (i=0; i<SIZE; i++) {
if (time_to_access(ary[i]) < CONSTANT)
// (4) i is kernel-value!;
}
}
Leak gadget + FLUSH-RELOAD + L1TF = Kernel memory leak!
![Page 59: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/59.jpg)
SOSCON 2019Additional Requirements
- L1TF has some prerequisites,
-- L1 cache must contain entry for target physical address.
- Links to get more details
- https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-van_bulck.pdf
- https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-l1-terminal-fault
![Page 60: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/60.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
Defense5: PTE Inversion
![Page 61: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/61.jpg)
SOSCON 2019Forcing PTE to point to Out-Of-RAM
int *ptr = Not_Exist_Addr;
void func(void){
int a = *ptr; }
Software
Page Table Entry
Page Table Entry
(Arbitrary Address)
Page Table Entry
Page TableVirtual Address
User-1 Memory Kernel MemoryOut-Of-RAM User-2 Memory
![Page 62: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/62.jpg)
SOSCON 2019Making an out-of-RAM address
Out-Of-RAM
: Assume the size of RAM is 16GB. → 0x00 ~ 0x400000000
: Setting one to the top bit. → 0x00 ~ 0x8000000400000000→ Over 1024*1024 TBs (Out-Of-All-Kinds-of-RAM)
Page Table Entry
(Physical Address)
Page Table
: Performing an Inversion!→ Original: 0x0000000000001000→ Inversion: 0x1111111111110111
![Page 63: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/63.jpg)
SOSCON 2019Kernel code of PTE Inversion
Page Table Entry
(Physical Address)
Page Table
For all accesses on PTE,pte_pfn running!
![Page 64: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/64.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
THANK YOU
![Page 65: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/65.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
Appendix-A
![Page 66: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/66.jpg)
SOSCON 2019All attacks so far
: From https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerabilities Discussed here Worth to look at
![Page 67: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/67.jpg)
SOSCON 2019All attacks so far
- The most useful link : A dynamic Tree
- Intel Sandybridge Microarchitecture
worth to further look at
![Page 68: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/68.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
Appendix-B
![Page 69: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/69.jpg)
SOSCON 2019Branch Target Buffer
Used to predict indirect branch target.
Stores recent branch history (source & destination address pairs).
Typically, stores partial src addr and dst addr.
Shared per cpu core.
Ref: Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR
![Page 70: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/70.jpg)
SOSCON 2019
src dst
0x80100 0x56780A00
0x80200 0x56780B00
0x80300 0x56780C00
Code
Data
BTB
0x56780100: jmp [0x56781010]…0x56780200: jmp [0x56781020]…0x56780300: jmp [0x56781030]
0x56781010: 0x56780A00
0x56781020: 0x56780B00
0x56781030: 0x56780C00
Only low 20 bits of src addr are stored!(It depends on the CPU design.)
Branch Target Buffer (Cont.)
![Page 71: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/71.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
Appendix-C
![Page 72: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/72.jpg)
SOSCON 2019
...
jmp [0x56781010]
...
jmp [0x56781020]
...
jmp [0x56781030]
...
var = ary2[ary1[idx]]
...
0x56780100
0x56780200
0x56780300
0x56780F00
Victim
Memorysrc dst
0x80100 0x56780A00
0x80200 0x56780B00
0x80300 0x56780C00
BTB
Gadget address!
Attacker will change this address to
0x56780F00.
Data
addr value
0x56781010 0x56780A00
0x56781020 0x56780B00
0x56781030 0x56780C00 Attacker will flush this memory
for speculative execution.
Spectre v2 detailed steps
![Page 73: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/73.jpg)
SOSCON 2019
...
ret
...
ret
...
ret
...
ret
...
0x56780100
0x56780200
0x56780300
0x56780F00
Attacker: 1. Mistrain BTB.
Memory
1) Allocate memory same as victim’s.
2) Fill up with ret instructions.
src dst
0x80100 0x56780A00
0x80200 0x56780B00
0x80300 0x56780C00
BTB
Spectre v2 detailed steps (Cont.)
![Page 74: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/74.jpg)
SOSCON 2019
...
ret
...
ret
...
ret
...
ret
...
0x56780100
0x56780200
0x56780300
0x56780F00
Attacker: 1. Mistrain BTB.
Memory
src dst
0x80100 0x56780A00
0x80200 0x56780B00
0x80300 0x56780F00
BTBStack
0x56780A00
next code addr 1
0x56780B00
next code addr 2
0x56780F00
next code addr 3
3) Push original dst addrs
and the gadget addr.
4) Jump to original src addrs.
jmp 0x56780100jmp 0x56780200jmp 0x56780300
5) Iterate 3) and 4).
Changed!!
Before: 0x56780300 → 0x56780C00Now: 0x56780300 → 0x56780F00
Spectre v2 detailed steps (Cont.)
![Page 75: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/75.jpg)
SOSCON 2019
...
ret
...
ret
...
ret
...
ret
...
0x56780100
0x56780200
0x56780300
0x56780F00
Attacker: 1. Mistrain BTB.
Attacker
6) Make original jmp slow.flush 0x56781030
...
jmp [0x56781010]
...
jmp [0x56781020]
...
jmp [0x56781030]
...
var = ary2[ary1[idx]]
...
0x56780100
0x56780200
0x56780300
0x56780F00
Victim
Before: 0x56780300 → 0x56780C00Now: 0x56780300 → 0x56780F00
Spectre v2 detailed steps (Cont.)
![Page 76: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/76.jpg)
SOSCON 2019
...
jmp [0x56781010]
...
jmp [0x56781020]
...
jmp [0x56781030]
...
var = ary2[ary1[idx]]
...
0x56780100
0x56780200
0x56780300
0x56780F00
Victim
src dst
0x80100 0x56780A00
0x80200 0x56780B00
0x80300 0x56780F00
BTB
Attacker: 2. Execute victim with malicious idx.
Mistrained to the gadget.
Flushed!
Spectre v2 detailed steps (Cont.)
![Page 77: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/77.jpg)
SOSCON 2019
...
jmp [0x56781010]
...
jmp [0x56781020]
...
jmp [0x56781030]
...
var = ary2[ary1[idx]]
...
0x56780100
0x56780200
0x56780300
0x56780F00
Victim
src dst
0x80100 0x56780A00
0x80200 0x56780B00
0x80300 0x56780F00
BTB
Attacker: 2. Execute victim with malicious idx.
1) Speculatively execute jmp using BTB.
2) Execute the gadget with malicious idx.
Cache
...
ary2[ary1[idx]]
...
3) Cached!
Spectre v2 detailed steps (Cont.)
![Page 78: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/78.jpg)
SOSCON 2019
Attacker: 3. Retrieve value via Flush + Reload analysis.
Cache
...
ary2[ary1[idx]]
...
ary2[0]
...
ary2[65]
...
ary2[255]
Shared memory
1) Access ary2[0...255].
2) Find idx with the shortest access time.Found!!ary1[idx] == 65.
Spectre v2 detailed steps (Cont.)
![Page 79: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/79.jpg)
SOSCON 2019SAMSUNG OPEN SOURCE CONFERENCE 2019
Appendix-D
![Page 80: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/80.jpg)
SOSCON 2019Retpoline details
Goal: Avoid predictions which use the BTB.
Steps
1. Change indirect jmp to ret.
When predicting ret’s destination, RSB(Return Stack Buffer) is used ahead of BTB.
2. Capture speculative execution into a fake infinite loop.
![Page 81: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/81.jpg)
SOSCON 2019
jmp *%rax
Indirect call replacement with retpoline.
call load_label
capture_ret_spec:
pause ; lfence
jmp capture_ret_spec
load_label:
mov %rax, (%rsp)
ret
Retpoline details (Cont.)
![Page 82: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/82.jpg)
SOSCON 2019
call load_label
capture_ret_spec:
pause ; lfence
jmp capture_ret_spec
load_label:
mov %rax, (%rsp)
ret
Original path
<--
capture_ret_spec
Original jmp dst
rax register
Stack
Retpoline details (Cont.)
![Page 83: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/83.jpg)
SOSCON 2019
call load_label
capture_ret_spec:
pause ; lfence
jmp capture_ret_spec
load_label:
mov %rax, (%rsp)
ret
Original path
<--
Original jmp dst
Original jmp dst
rax register
Stack
Retpoline details (Cont.)
![Page 84: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/84.jpg)
SOSCON 2019Retpoline details (Cont.)
call load_label
capture_ret_spec:
pause ; lfence
jmp capture_ret_spec
load_label:
mov %rax, (%rsp)
ret
Original path
<--
Original jmp dst
Original jmp dst
rax register
Stack
Jump to the original dst.
![Page 85: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/85.jpg)
SOSCON 2019Retpoline details (Cont.)
call load_label
capture_ret_spec:
pause ; lfence
jmp capture_ret_spec
load_label:
mov %rax, (%rsp)
ret
Speculative path
<--
capture_ret_spec
Original jmp dst
rax register
RSB (Return Stack Buffer)
![Page 86: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/86.jpg)
SOSCON 2019Retpoline details (Cont.)
call load_label
capture_ret_spec:
pause ; lfence
jmp capture_ret_spec
load_label:
mov %rax, (%rsp)
ret
Speculative path
capture_ret_spec
Original jmp dst
rax register
RSB (Return Stack Buffer)
<--
![Page 87: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/87.jpg)
SOSCON 2019Retpoline details (Cont.)
call load_label
capture_ret_spec:
pause ; lfence
jmp capture_ret_spec
load_label:
mov %rax, (%rsp)
ret
Speculative path
capture_ret_spec
Original jmp dst
rax register
RSB (Return Stack Buffer)
<-- Jump to capture_ret_spec.
![Page 88: SOSCON 1_1630_2.pdf · SAMSUNG OPEN SOURCE CONFERENCE 2019 SOSCON Micro-architectural attack and defense on Linux kernel ... address variable 100 ‘T ... Segmentation fault! 1. Segmentation](https://reader034.fdocuments.in/reader034/viewer/2022042102/5e7f60852e810a4a522838cd/html5/thumbnails/88.jpg)
SOSCON 2019Retpoline details (Cont.)
call load_label
capture_ret_spec:
pause ; lfence
jmp capture_ret_spec
load_label:
mov %rax, (%rsp)
ret
Speculative path
Original jmp dst
rax register
RSB (Return Stack Buffer)
<--
Captured in the infinite loop!