| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Aug 2020 09:54:57 -0700
From: Andy Lutomirski <luto@...nel.org>
To: Dave Hansen <dave.hansen@...el.com>
Cc: Andy Lutomirski <luto@...nel.org>, Mike Rapoport <rppt@...nel.org>,
LKML <linux-kernel@...r.kernel.org>,
Alan Cox <alan@...ux.intel.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Christopher Lameter <cl@...ux.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
James Bottomley <jejb@...ux.ibm.com>,
"Kirill A. Shutemov" <kirill@...temov.name>,
Matthew Wilcox <willy@...radead.org>,
Peter Zijlstra <peterz@...radead.org>,
"Reshetova, Elena" <elena.reshetova@...el.com>,
Thomas Gleixner <tglx@...utronix.de>,
Tycho Andersen <tycho@...ho.ws>,
Linux API <linux-api@...r.kernel.org>,
Linux-MM <linux-mm@...ck.org>
Subject: Re: [RFC PATCH] mm: extend memfd with ability to create "secret"
memory areas
On Fri, Aug 14, 2020 at 11:09 AM Dave Hansen <dave.hansen@...el.com> wrote:
>
> On 8/14/20 10:46 AM, Andy Lutomirski wrote:
> > I'm a little unconvinced about the security benefits. As far as I
> > know, UC memory will not end up in cache by any means (unless
> > aliased), but it's going to be tough to do much with UC data with
> > anything resembling reasonable performance without derived values
> > getting cached.
>
> I think this is much more in the category of raising the bar than
> providing any absolute security guarantees.
The problem here is that we're raising the bar in a way that is
weirdly architecture dependent, *extremely* nonperformant, and may not
even accomplish what it's trying to accomplish.
>
> Let's say you have a secret and you read it into some registers and then
> spill them on the stack. You've got two cached copies, one for the
> primary data and another for the stack copy. Secret areas don't get rid
> of the stack copy, but they do get rid of the other one. One cache copy
> is better than two. Bar raised. :)
If we have two bars right next to each other and we raise one of them,
did we really accomplish much? I admit that having a secret in its
own dedicated cache line seems like an easier target than a secret in
a cache line that may be quickly overwritten by something else. But
even user registers right now aren't specially protected -- pt_regs
lives is cached and probably has a predictable location, especially if
you execve() a setuid program.
>
> There are also some stronger protections, less in the bar-raising
> category. On x86 at least, uncached accesses also crush speculation.
> You can't, for instance, speculatively get wrong values if you're not
> speculating in the first place. I was thinking of things like Load
> Value Injection[1].
This seems genuinely useful, but it doesn't really address the fact
that requesting UC memory via PAT apparently has a good chance of
getting WB anyway.
>
> I _believe_ there are also things like AES-NI that can get strong
> protection from stuff like this. They load encryption keys into (AVX)
> registers and then can do encrypt/decrypt operations without the keys
> leaving the registers. If the key was loaded from a secret memory area
> right into the registers, I think the protection from cache attacks
> would be pretty strong.
>
Except for context switches :)
>
> 1.
> https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
Powered by blists - more mailing lists