[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <141870fac344a671029e2684f84bc828@overdrivepizza.com>
Date: Tue, 17 May 2022 01:32:31 -0700
From: Joao Moreira <joao@...rdrivepizza.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Kees Cook <keescook@...omium.org>,
Sami Tolvanen <samitolvanen@...gle.com>,
linux-kernel@...r.kernel.org, Josh Poimboeuf <jpoimboe@...hat.com>,
x86@...nel.org, Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Sedat Dilek <sedat.dilek@...il.com>,
Steven Rostedt <rostedt@...dmis.org>,
linux-hardening@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, llvm@...ts.linux.dev
Subject: Re: [RFC PATCH v2 20/21] x86: Add support for CONFIG_CFI_CLANG
>> Cons:
>> - FineIBT does callee-based hash verification, which means any
>> attacker-constructed memory region just has to have an endbr and
>> nops at
>> "shellcode - 9". KCFI would need the region to have the hash at
>> "shellcode - 6" and an endbr at "shellcode". However, that hash is
>> well
>> known, so it's not much protection.
>
> How would you get the ENDBR there anyway? If you can write code it's
> game over.
>
+1 here. If you can't keep W^X, both approaches are equally doomed.
Yet, there is a relevant detail here. ENDBR has a pre-defined/fixed
opcode, which means that it is predictable from the binary perspective.
Because of that, compilers already do security optimizations and prevent
for example the emission of ENDBR's opcode as immediate operands. This
very same approach can be used by JIT stuff, preventing ENDBRs to be
emitted as unintended gadgets. Because KCFI hashes aren't predictable,
you can't (or at least I can't think of a way to) prevent these from
being emitted as operands, which means that if you have an IBT-able
machine, you will want to enable it even if you have KCFI.
With this said, the instrumentation for KCFI on IBT-enabled machines
should be of at least 9 bytes (5 for the hash/mov and 4 for ENDBR, not
counting the additional 4 bytes we asked for).
>> - Potential performance hit due to making an additional "call" outside
>> the cache lines of both caller and callee.
>
> That was all an effort to shrink and simplify, all this CFI stuff is
> massive bloat :/
>
> If we use %eax instead of %r10d for the hash transfer (as per Joao),
> and
> use int3 instead of ud2, then we can shrink the fineibt sequence to:
>
> __cfi_\func:
> endbr # 4
> xorl $0x12345678, %eax # 5
> jz 1f # 2
> int3 # 1
> \func:
> ...
>
> Which is 12 bytes, and needs a larger preamble (up from 9 in the
> current
> proposal).
As per the above-analysis, if we can make FineIBT instrumentation fit in
12 bytes, this means that the 9 bytes required for KCFI+IBT plus three
bytes would suffice for having FineIBT (again, if we can make it fit).
And this would make that call go away.
>
> If we do the objtool/linker fixup, such that direct calls/jumps will
> *never* hit ENDBR, then we can do something ugly like:
>
> kCFI FineIBT
>
> __cfi_\func: __cfi_\func:
> int3 endbr
> movl $0x12345678, %rax xorl $0x12345678, %eax
> int3 jz 1f
> int3 int3
> \func:
> endbr
> __direct_\func: __direct_\func:
> ... ...
>
> which is 12 bytes on both sides and shrinks the preaamble to 8 bytes
> while additionally also supporting kCFI+IBT for those few people that
> don't care about speculation based attacks much.
>
> But now it's complicated again and requires significant tools work :/
> (also, using int3 isn't ideal).
>
>> Pros:
>> - FineIBT can be done without read access to the kernel text, which
>> will
>> be nice in the exec-only future.
>
> - Mostly kills SpectreBHB (because it has the hash check *after*
> ENDBR).
- Callee-side checks allow you to make an specific function
coarse-grained without making an indirect call instruction
coarse-grained. I.e: If you have a binary blob or some function that for
whatever reason can't have a hash, you just disable the check in this
function, making it reachable by every indirect call in the binary but
being reasonably able to measure the risks behind it. If you make an
indirect call coarse-grained, this means that now this indirect call can
reach all functions in the binary, including functions like
"disable_cet" and "disable_super_nice_security_feature". The risk
impacts of these latter relaxations are much harder to measure, imho
(yet, I would enjoy hearing counter-arguments, if any).
>
> So were IBT limits speculation to all sites that have ENDBR, you can
> still target any of them. With FineIBT you loose all sites that don't
> match on hash value, significantly reducing the options.
>
>> I'd kind of like the "dynamic FineIBT conversion" to be a config
>> option,
>> at least at first. We could at least do performance comparisons
>> between
>> them.
>
> Why would you need a config option for that? Since it is dynamic anyway
> a boot option works fine.
>
>
> Also, regardless of all this, it probably makes sense to add an LTO
> pass
> to remove all unused __cfi_ symbols and endbr instructions, less viable
> targets is more better :-)
We have that for IBT in clang already (I implemented and upstreamed it
back when you were trying ibt-seal in objtool). I did not find the time
to test it with the final IBT support but it is in my todo list to take
a look and perhaps send a RFC here. FWIIW,
https://reviews.llvm.org/D116070
>
> I've been doing that with objtool for the IBT builds.
Powered by blists - more mailing lists