News Serious security flaw in Intel processors

[Linguofreak]

I'm wondering why an OS (or 3rd party antimalware program) can't just flag and/or kill processes that excessively try to read protected memory. The OS has that sort of info, doesn't it? Sure, you want to allow a few bits/bytes every so often due to innocent software bugs, but at least you would stop an attacker from systematically reading your memory at max rate.

Well, by default, a program *will* crash on the first such attempted access, but there's generally a way for programs to be notified instead of killed so that they can attempt to recover, and this generally isn't rate limited

But the broader problem is that it can be rather tricky to determine what "trying to read protected memory" actually means.

Does the following code attempt to read protected memory?

if(never_happens)
{
    int i = array[*pointer_to_kernel * cache_line_size];
}

Now, if never_happens is obviously false, the compiler will simply not compile the whole if statement, and even if the inside of the if statement is present in the compiled code (or the programmer writes assembly code directly), the CPU will never waste time trying to execute the instructions inside the if statement. However, cleverly written code can make the CPU think that never_happens will usually be true while ensuring that it is actually always false. The result will be that the CPU will run that code provisionally while it waits for never_happens to be evaluated, and will then roll those instructions back when it figures out that never_happens is false, so in terms of the architectural state of the machine, the program never actually tried to dereference *pointer_to_kernel.

The Meltdown bug is that, on Intel CPUs, as well as some (but not all) ARM CPUs, the CPU will start dereferencing pointer_to_kernel, fetch the value at that memory location, and execute subsequent instructions that depend on that value, before checking that the program has permission to access that address. If the dereference falls on a code path that is actually taken, an exception will be thrown (the permission check does take place by the time that the CPU determines that the execution of the instruction will no longer be provisional), and whether or not it falls on a code path that is actually taken, the value at that address will not be directly accessible by the program. However, whenever the CPU reads a value from memory, it stores it in a cache on chip in case it needs it later, as accessing RAM takes some time. So when we evaluate

int i = array[*pointer_to_kernel * cache_line_size];

The value at array[*pointer_to_kernel * cache_line_size] is read from memory and stored in the variable "i", thus causing array[*pointer_to_kernel * cache_line_size] to be pulled into the cache, even though the store into "i" is eventually rolled back (either by the exception or by the branch into the if statement taking the "false" route rather than the "true" route). It takes longer to access a value that isn't in the cache than one that is, so after doing this, we can step through the array in increments of the cache line size, timing each access, and we'll find that one access to the array is faster than all the others. We take the index for that access, divide it by the cache line size, and that gives us the value at pointer_to_kernel.

And the thing is, this doesn't even need to all happen in the same process. Even if we don't pull shenanigans with branch prediction, and even if the OS kills the process on every segfault with no option for the process to handle the fault, the kernel is mapped in the same place in every process (when it's mapped at all, which is how the KPTI patch and the related Windows and MacOS patches deal with it, they unmap the kernel except when programs make system calls), so we can always do something like this:

childpid = fork();
if(childpid == -1)
{
    //fork failed, retry or exit with an error, whatever we want to do
}
else if (childpid == 0) //we're the child process
{
        int i = array[*pointer_to_kernel * cache_line_size]; //this will kill us, but will load a value into the cache
}
else //we're the parent process
{
     wait(NULL); //wait until the child process has died. We don't need the status value (we just need to know when the child is dead) so we pass a null pointer.
     exfiltrated_secret = get_data_from_cache_timings(array);
}

In other words, we just start a new process, which attempts the access and dies, but still loads data into the cache. This might fail if the parent process isn't the first one to be scheduled after the child dies, but if other programs aren't loading the CPU heavily (which is the case most of the time on desktop machines) this may not be much of an issue. The code above is written for a Unix-type system, process creation semantics will be different on Windows, and array will likely need to be in a shared memory region (whereas with fork() on Unix the parent and child share their whole memory copy-on-write).

 

[Face]

I don't really know what Windows' patch was meant to do, nor the inner workings of your Spectre.exe, but your program still shows me the 'secret' even with KB4056892 now on my PC.

Well, Spectre.exe is not my work, it is just a compile of the code given in the academic paper. Also it does not look like the patch mentioned has something to do with the Meltdown exploit. EDIT: most sources say that KB405689X (X being 2,4,7,8,9 depending on OS) should be the patch, but description of it does not give a hint beyond generic "security fixes for..". Why the heck do they make a secret out of it instead of clearly labeling it "Meltdown fix"?

However, I don't think that a Windows patch can do something against the Spectre exploit demonstrated by the executable.

And just to be precise here: the program is not trying to read the protected memory at all. It is just the branch predicted portion that reads the memory.

If you want to detect the exploit, you will have to look after page cache time measurements, but also for other forms of side-channel analysis.

 

[dbeachy1]

Official statement from AMD:

Also, Microsoft posted some performance impact information about the Meltdown patch on Intel processors -- details here: Microsoft tests show Spectre patches drag down performance on older PCs

Microsoft’s summary is as follows:

• With Windows 10 on newer silicon (2016-era PCs with Skylake, Kaby Lake or newer CPUs), benchmarks show single-digit slowdowns. Microsoft doesn’t expect most users to notice a change because the percentages will be reflected in milliseconds.
• With Windows 10 on older silicon (2015-era PCs, with Haswell or older CPUs), some benchmarks show more significant slowdowns, Microsoft says, and the company expects that some users will notice a decrease in system performance.
• With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPUs), Microsoft expects most users to notice a decrease in system performance.

 

[Notebook]

http://www.bbc.co.uk/news/technology-42636415

Intel has admitted that patches to fix the Spectre and Meltdown chip flaws could slow machines "in some cases".
Its own tests suggested performance slowdown could range from 2% to 14%.
It said the impact of the patch, designed to prevent the bug accessing potentially sensitive data, should not be significant for "average computer users".
But gaming platforms and others relying on cloud services do appear to have been feeling the effect of the updates.

 

[Face]

Funny thing around that: yesterday I tried to demonstrate the Spectre technique in the paper to my work colleagues, only to find that the corporate McAfee AV aggressively kills even the VS solution folder if I dare to compile the code. :lol:

It even flagged it "Trojan-spectre". I guess they've added a description based on the blueprint, so it immediately detect the "funny business" in the compiled EXE.

In the end I had to show the program running in a VM.

Now I'm waiting for the company's MIB to show up and guide me out of the room... any minute now... "Mister AAAnderson". :rofl:

 

[4throck]

On my main PC I only notice slower / higher SDD access... and some small lags when large files are opened.
Older PC (working as movie player) shows overall higher HDD usage.

Regarding raw processing power, I notice no change.

 

[Quick_Nick]

nVidia says their GPUs are susceptible to Spectre.

I'm not sure what that really means. I suppose it means that graphics memory can be read by other graphics (or GPU compute) programs. I can't imagine graphics memory typically holds the equivalent of passwords, but maybe you would have something sensitive when working with Big Data.

It doesn't surprise me that speculative execution would come into play with GPUs. While working on OpenGL shaders, I have read multiple tips about avoiding branches because the GPU actually executes every path, maintaining simultaneity between pipelines. (I might have that slightly wrong, but the idea is there)

 

[dbeachy1]

Just found this excellent new utility for Windows to check / verify if your system is patched for Meltdown and Spectre mitigation -- it's called InSpectre. :thumbup:



Also, there is some excellent, detailed information on the Meltdown Wikipedia page about how exactly Meltdown on an unpatched system can read any memory in the system, including kernel memory, by cleverly using indirect memory reads and timing how long each instruction takes. First, Meltdown only affects Intel and some ARM processors, not AMD processors, Intel's continual attempts to conflate the Meltdown and Spectre vulnerabilities notwithstanding:

Affected hardware

The Meltdown vulnerability primarily affects Intel microprocessors,[44] but some ARM microprocessors are also affected.[45] The vulnerability does not affect AMD microprocessors.[19][46][47][48] Intel has countered that the flaws affect all processors,[49] but AMD has denied this, saying "we believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture".[50]

Researchers have indicated that the Meltdown vulnerability is exclusive to Intel processors, while the Spectre vulnerability can possibly affect some Intel, AMD, and ARM processors.[51][52][53][54] However, ARM announced that some of their processors were vulnerable to Meltdown.[45] Google has reported that any Intel processor since 1995 with out-of-order execution is potentially vulnerable to the Meltdown vulnerability (this excludes Itanium and pre-2013 Intel Atom CPUs).[55] Intel introduced speculative execution to their processors with Intel's P6 family microarchitecture with the Pentium Pro IA-32 microprocessor in 1995.[56]

And from the Exploit Details section:

5. Ordinarily this has no effect and security is enforced, because the read data is never made available in any way, until the privilege check has completed. However even when the instruction fails, the data has already been requested by the execution unit and fetched by the memory controller, in order to be ready to process it, and although the execution unit discards the data upon privilege check failure, the CPU cache was in fact updated as an automatic part of fetching the data from memory, in case the same data might be needed shortly a second time. At this point, Meltdown intervenes:[35]

6. The CPU cache is not readable by an unauthorized process, because it is internal to the CPU. But by using a cache timing attack (a form of side channel attack), it is possible for a rogue process to determine whether data from a specific address is held within the CPU cache, even if it cannot itself read the actual data from that address. If data from some address has been cached by the CPU then a second instruction to read that address will use the CPU cache for the purpose (fast), if not then the CPU would have to request the data to be read from memory (slower). The rogue process can use this difference in timing to detect which of these took place, and whether the address was already in the CPU cache. Usually this wouldn't be an insurmountable vulnerability on its own, but Meltdown can use it combined with other features of the CPU instruction set to gain full access to all mapped memory...

7. When an instruction asks for memory to be read, it can specify the address to read from, in many different ways. These include indirect addressing modes – instructions that tell the CPU to read from memory X, use the value stored at X to calculate a second address Y, and the "answer" (or returned value) is the value stored in address Y. Meltdown uses this as part of the basis of a side-channel attack to determine the content of the memory at any given address. Suppose the address at 2000 is not directly readable by the process, but could have any value from 1 to 5, and suppose we ignore privilege checking. One could execute an instruction "Read the value of memory at an address given by (5000 plus the value of memory at address 2000)". If address 2000 contains 1, then the CPU will try to return the value of memory at address 5001; if address 2000 contains 2 it will try to return the value of memory at address 5002, and so on. If we then execute a timing attack, and it shows that the CPU was slower to read from addresses 5001, 5002, 5003 and 5005, but faster for address 5004, then we can conclude that the reason is that it has cached data from address 5004, and that this is because it has recently accessed that address. So we can deduce that address 2000 contained the value "4".

8. If 2000 is an unauthorized address, then this attempt should fail and the process should learn nothing from it, because of the privilege check.

9. But the problem – as shown by Meltdown – is that, in order to be efficient, the CPU has already started to prepare itself by accessing the memory locations that may be needed, in parallel with the privilege check. That means, when the privilege check fails and the execution unit (correctly) discards the data and abandons the read instruction, address 2000 has already been read and its contents already used to read address 5004, even if the read was abandoned and the in-progress data was discarded by the CPU's execution unit. Moreover, when the memory controller was told by the execution unit to access address 5004 in preparation for the instruction, it automatically put a copy of that data into the CPU cache as usual, in case of a future request for the same data, and that copy is still present in the CPU cache. (It isn't expected to be detectable without authorization, and will often be needed again quite soon when it's been needed a first time.) So even though the instruction itself failed, and even though the process cannot directly read the contents of address 2000 or the cached content of any of addresses 5001 to 5005, the rogue process can still use its side-channel attack to identify that address 5004 is in the cache and the other addresses between 5001 and 5005 are not, so it can still determine that the address that the instruction would have tried to read is 5004, and therefore that the content of unauthorized address 2000 is "4".

 

[Xyon]

nVidia says their GPUs are susceptible to Spectre.

I'm not sure what that really means. I suppose it means that graphics memory can be read by other graphics (or GPU compute) programs. I can't imagine graphics memory typically holds the equivalent of passwords, but maybe you would have something sensitive when working with Big Data.

It doesn't surprise me that speculative execution would come into play with GPUs. While working on OpenGL shaders, I have read multiple tips about avoiding branches because the GPU actually executes every path, maintaining simultaneity between pipelines. (I might have that slightly wrong, but the idea is there)

Nvidia have clarified their earlier confusion; they are not suceptible.

https://techcrunch.com/2018/01/10/n...re-absolutely-immune-to-meltdown-and-spectre/

 

[boogabooga]

Official statement from AMD:

Also, Microsoft posted some performance impact information about the Meltdown patch on Intel processors -- details here: Microsoft tests show Spectre patches drag down performance on older PCs

Microsoft’s summary is as follows:

• With Windows 10 on newer silicon (2016-era PCs with Skylake, Kaby Lake or newer CPUs), benchmarks show single-digit slowdowns. Microsoft doesn’t expect most users to notice a change because the percentages will be reflected in milliseconds.
• With Windows 10 on older silicon (2015-era PCs, with Haswell or older CPUs), some benchmarks show more significant slowdowns, Microsoft says, and the company expects that some users will notice a decrease in system performance.
• With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPUs), Microsoft expects most users to notice a decrease in system performance.

I'm the third case. :facepalm:

How do I opt out of the patch? I'm way more worried about loss of system performance that I am about the Meltdown.

 

[AssemblyLanguage]

Just found this excellent new utility for Windows to check / verify if your system is patched for Meltdown and Spectre mitigation -- it's called InSpectre.

While you are visiting Gibson Research Corporation https://www.grc.com, check out some of the other free utilities provided by Steve Gibson. Steve does a weekly podcast on computer security called Security Now. He does this with profits from SpinRite, an old but really excellent disk repair utility which has saved me from disaster several times.

 

[Notebook]

http://www.bbc.co.uk/news/technology-42788169

Software patches issued to fix serious security flaws on Intel chips should no longer be applied, the company has said.
The patches tried to tackle flaws called Meltdown and Spectre that, if exploited, could expose important data.
Many reported that their machines slowed down or stopped working when they applied Intel's updates.
Intel said it now knew what caused these problems and was developing fresh patches that would work better.

 

[Quick_Nick]

http://www.bbc.co.uk/news/technology-42788169

Linus Torvalds has some especially harsh words about the patches:

All of this is pure garbage.
Is Intel really planning on making this **** architectural? Has anybody talked to them and told them they are ****ing insane?
Please, any Intel engineers here - talk to your managers.
[...]
As it is, the patches are COMPLETE AND UTTER GARBAGE.
They do literally insane things. They do things that do not make sense. That makes all your arguments questionable and suspicious. The patches do things that are not sane.
WHAT THE **** IS GOING ON?

https://techcrunch.com/2018/01/22/l...-meltdown-spectre-complete-and-utter-garbage/

 

[Notebook]

Way beyond my level of understanding, but he really sounds annoyed...!

N.

 

[Urwumpe]

Way beyond my level of understanding, but he really sounds annoyed...!

N.

I can really understand this. I translated the suggested patches already as "Please buy a new computer".

 

[Notebook]

That I understand!

But, would that help? As I understand it, the problem is in the chips design, or are the newer ones immune?( I haven't followed this carefully, above my concentration level)

N.

 

[Urwumpe]

That I understand!

But, would that help? As I understand it, the problem is in the chips design, or are the newer ones immune?( I haven't followed this carefully, above my concentration level)

N.

Not sure if they are really immune, but one of the vulnerabilities is not possible with CPUs made from 2017 on, because they used a different faster mechanism to identify table entries belonging to a specific process rather than reloading the whole table when a process is switched.

 

[Notebook]

Beyond me, but I can see speed being traded off for security.

Bit annoying, I used to be into ray-tracing years ago. Had the machine on for days...sometimes it worked. Sometimes it was a bit Picasso, not in a good sense.
Now we have fast machines that somebody want to basically FU. Disgraceful.

 

[Urwumpe]

Beyond me, but I can see speed being traded off for security.

Bit annoying, I used to be into ray-tracing years ago. Had the machine on for days...sometimes it worked. Sometimes it was a bit Picasso, not in a good sense.
Now we have fast machines that somebody want to basically FU. Disgraceful.

Reminds me on the old days when we used povray to make some elder mechanical engineers get respect for us IT guys... We ordered 4 new standard office PCs (Pentium 4 era) for our new apprentices a few months earlier than needed, installed a second network adapter and created a cluster for running povray with some huge CAD data that the engineers gave us for testing (an aircraft fuselage). Just a day later, we gave them a nice video file with some camera fly-bys around their model... The 4 hours of work of one of my coworkers that time was mostly converting the model and creating a good looking scene, doing some test renders...

 

[Notebook]

I did a lot of glass spheres(various indexes!) on a chess board, don't know why, seemed a good idea at the time.

N.