[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-next v2 2/2] xen/arm64: Place a speculation barrier following an ret instruction

  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Fri, 26 Mar 2021 11:13:42 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QuCaZ7gsXzEwZppptp7blhyz5WSWnO/47QN5rSTEGV4=; b=C4wRT1rxMi4GQXMfXywrYk5MRunzMGn99iwWB9IOEcCrMyrcsmfrB5JOf6QgPfQqW1Vbq68nYDSsNy0koERh2Oyf4a5eicnmF98IhBelJBMVaRoqeccPbNlNNyasKmY09DbZ+6MSraTi/iyCXzBuhzm9OscknyB9iNlzQpCM+561Z6F0q9J7wJOydXJ97xr+OoRokCEsQuIDoIYrrTdmNgwTOpqNFEmP54IofIkJoTXhWB5J2SY3+4d92zfhTxc3nUIXEeYBy/Jjg+A8nzBbNeMbBD8+RH1XdoOv5OQKpVGmLCAKNULjP91GxIoXbyn3ZyDTeeFBVvQ75D0V7xTydg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OGC6zjXXKMipGr0Yi/eL3nv+61B9+6UPVpzpHwWNghOCFr6S8E/M2F0DuYi/1qybzMCNcWsL2Ci3FbwMmk/Ln6z9D4mUqKCCFC9rSUeKxZoAKLooFiteFLbUAJ1BCReZ/6EKdGQ/dEFi2L0yx8CWQpoqdOfcvcJ27WQu4+z45ZmaIqYkFgSIRCT1kov8KtH7ogft65i9AmL0Aq3g15IgOXdAFW8lq/VPZlwAKJFPRdBj8c8d4GftD1yhBAfmV1TUmn8J0LSWPiNu3KsMiY4PH2PtH7w6oUYbCYoE1ZjLfllKOxGTnyv/sOyR0aQSJ87Ulu7GlPILSa78EY9wlhLFEg==
  • Authentication-results-original: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Xen.org security team <security@xxxxxxx>
  • Delivery-date: Fri, 26 Mar 2021 11:14:09 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHXGCLUePNZXth41EOpDgjR62uDxqqISyAAgASaOICACUyKAA==
  • Thread-topic: [PATCH for-next v2 2/2] xen/arm64: Place a speculation barrier following an ret instruction
Hi Julien,

(sorry for the delay)

> On 20 Mar 2021, at 13:13, Julien Grall <julien@xxxxxxx> wrote:
> 
> (+ Security)
> 
> 
> On 17/03/2021 14:56, Bertrand Marquis wrote:
>> Hi Julien,
> 
> Hi Bertrand,
> 
>>> On 13 Mar 2021, at 16:06, Julien Grall <julien@xxxxxxx> wrote:
>>> 
>>> From: Julien Grall <jgrall@xxxxxxxxxx>
>>> 
>>> Some CPUs can speculate past a RET instruction and potentially perform
>>> speculative accesses to memory before processing the return.
>>> 
>>> There is no known gadget available after the RET instruction today.
>>> However some of the registers (such as in check_pending_guest_serror())
>>> may contain a value provided by the guest.
>>> 
>>> In order to harden the code, it would be better to add a speculation
>>> barrier after each RET instruction. The performance impact is meant to
>>> be negligeable as the speculation barrier is not meant to be
>>> architecturally executed.
>>> 
>>> Rather than manually inserting a speculation barrier, use a macro
>>> which overrides the mnemonic RET and replace with RET + SB. We need to
>>> use the opcode for RET to prevent any macro recursion.
>>> 
>>> This patch is only covering the assembly code. C code would need to be
>>> covered separately using the compiler support.
>>> 
>>> This is part of the work to mitigate straight-line speculation.
>>> 
>>> Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
>> The macro solution is definitely a great improvement compared to v1 and I 
>> could
>> confirm the presence of the sb in the generated code.
> 
> Thanks for testing! It is indeed a lot nicer and less error-prone. We can 
> thansk Jan for the idea as he originally introduced it on x86 :).
> 
>> I also think that the mitigation on arm32/v7 would be messy to do.
> 
> It is messy but not impossible :). Some of the assembly function could be 
> rewritten in C to take advantage of the compiler mitigations.
> 
> I went through the paper again today. Straight-line mitigation only refers to 
> unconditional control flow change (e.g. RET) on AArch64 Armv8.
> 
> A recent submission to LLVM seems to suggest that Armv7 and AArch32 Armv8 is 
> also affected [2].

Thanks for the pointer :-)

> 
> So I think we only need to care of unconditional return instruction (e.g. mov 
> pc, lr).
> 
> For conditional return instructions, they would be treated as spectre v2 
> which we already mitigate.

That would be a good idea but that would mean lots of invasive changes on armv7 
and this is not the mostly tested architecture with Xen.
Anyway I am happy to help reviewing this if it is done.

> 
>> Shall we mark v7/aarch32 as not security supported ?
> This would have consequence beyond just speculation. There might be processor 
> out which are not affected by straight-line speculation and we would not 
> issue any security update for them. So I am not in favor with this approach.
> 
> What we could consider is mentioning in SUPPORT.MD that speculation attack 
> using Straight-Line speculation are not security support on Arm (the 64-bit 
> is not fully mitigated).

Weird to say “not security supported” maybe saying not mitigated by Xen would 
be more clear.

Anyway I agree with the principle to do this.

Cheers
Bertrand

> 
> Cheers,
> 
> [1] https://reviews.llvm.org/D92395
> 
> -- 
> Julien Grall

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.