

### RIDL Rogue In-flight Data Load

Stephan van Schaik

Sebastian Österlund

https://cyberweek.ae https://mdsattacks.com

### **RIDL** Rogue In-flight Data Load

<u>Stephan van Schaik</u> - Alyssa Milburn <u>Sebastian Österlund</u> - Pietro Frigo - Giorgi Maisuradze\*

Kaveh Razavi - Herbert Bos - Cristiano Guiffrida







# New speculative execution bug leaks data from Intel chips' internal buffers

Intel-specific vulnerability was found by researchers both inside and outside the company.

PETER BRIGHT - 5/14/2019, 8:10 PM



### Protecting your computer against Intel's latest security flaw is easy, unless it isn't

Spectre is going to haunt us for a very long time

By Dieter Bohn | @backlon | May 17, 2019, 9:12am EDT

Intel-specific vulnerability was found by researchers both inside and outside the company.

iks data

PETER BRIGHT - 5/14/2019, 8:10 PM



### Protecting your computer against Intel's latest security flaw is easy, unless it isn't

Spectre is going to haunt us for a very long time

By Dieter Bohn | @backlon | May 17, 2019, 9:12am EDT

iks data

Intel-specific vulnerability was found by researchers both inside and outside the

RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown @@@@@@

by Hilbert Hagedoorn on: 05/14/2019 08:38 PM | source: volkskrant.nl | 158 comment(s)



| Protecting<br>against In | Buffer the Intel flayer: Chipzilla,<br>Microsoft, Linux world, etc emit fixes<br>for yet more data-leaking processor<br>flaws<br>Intel CPUs dating back a decade are vulnerable to<br>latest cousin of Spectre |          |       |
|--------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------|
|                          |                                                                                                                                                                                                                | iks data |       |
| compone                  | vulnerability was found by researchers b<br>ry hits Intel - new Side Channe                                                                                                                                    |          | se th |







| RIP Hyper-Threading? ChromeOS axes                                                                        | ayer: Chipzilla,                     |  |
|-----------------------------------------------------------------------------------------------------------|--------------------------------------|--|
| key Intel CPU feature over data-leak                                                                      | world, etc emit fixes                |  |
| flaws – Microsoft, Apple suggest snub                                                                     | t-leaking processor                  |  |
| Plug pulled on SMT tech as software makers put                                                            | k a decade are vulnerable to         |  |
| security ahead of performance                                                                             | e                                    |  |
| By Thomas Claburn in San Francisco 14 May 2019 at 21:14 71 C SHARE V                                      | to 14 May 2019 at 17:00 55 ♀ SHARE ▼ |  |
| Spectre is going to haunt us for a very long time<br>By Dieter Bohn   @backlon   May 17, 2019, 9:12am EDT | e aks data                           |  |
| Updates against MDS attacks                                                                               | el microcode                         |  |
| Microsoft releases standalone updates containing Intermitigations for recently disclosed MDS attacks.     | k potentially is worse than          |  |



### Speculative execution attacks

- Modern CPUs speculate on data for optimization
- Invisible to the user



inp??

**Speculate** on branch condition based on previous branching behavior



### Let's first talk about cache attacks



### BACKGROUND





### BACKGROUND





### BACKGROUND





#### 1 FLUSH

Probe Array for (i = 0; i < 256; ++i) { \_mm\_clflush(probe + i \* 4096); VICTIM char byte = table[secret]; RELOAD 3 for (i = 0; i < 256; ++i) {  $t0 = \__rdtsc();$ \*(volatile char \*)(probe + i \* 4096);  $dt = \__rdtsc() - t0;$ 



#### 1 <u>FLUSH</u>

| <pre>for (i = 0; i &lt; 256; ++i) {     _mm_clflush(probe + i * 4096); }</pre>                                          | Probe Array |
|-------------------------------------------------------------------------------------------------------------------------|-------------|
| <ol> <li>уістім</li> </ol>                                                                                              |             |
| <pre>char byte = table[secret];</pre>                                                                                   |             |
| ③ RELOAD                                                                                                                |             |
| <pre>for (i = 0; i &lt; 256; ++i) {    t0 =rdtsc();    *(volatile char *)(probe + i * 4096);    dt =rdtsc() - t0;</pre> |             |
| 3                                                                                                                       |             |



#### 1 FLUSH







#### 1 <u>FLUSH</u>





#### 1 FLUSH





#### 1 <u>FLUSH</u>

| for | <pre>(i = 0; i &lt; 256; ++i) {   _mm_clflush(probe + i * 4096);</pre>                                           | Probe Array |
|-----|------------------------------------------------------------------------------------------------------------------|-------------|
| 2 v | истім                                                                                                            |             |
| cha | r byte = table[secret];                                                                                          |             |
| 3 R | ELOAD                                                                                                            | -           |
| for | <pre>(i = 0; i &lt; 256; ++i) {   t0 =rdtsc();   *(volatile char *)(probe + i * 4096);   dt =rdtsc() - t0;</pre> |             |



### 1 FLUSH





### 1 FLUSH





#### 1 FLUSH

Probe Array for (i = 0; i < 256; ++i) { \_mm\_clflush(probe + i \* 4096); VICTIM SECRET char byte = table[secret]; RELOAD for (i = 0; i < 256; ++i) {  $t0 = \__rdtsc();$ \*(volatile char \*)(probe + i \* 4096);  $dt = \__rdtsc() - t0;$ 



#### 1 FLUSH

for (i = 0; i < 256; ++i) {
 \_mm\_clflush(probe + i \* 4096);</pre>

### VIСТІМ

char byte = table[secret];

#### 3 RELOAD





#### 1 FLUSH

for (i = 0; i < 256; ++i) {
 \_mm\_clflush(probe + i \* 4096);</pre>

### VIСТІМ

char byte = table[secret];

#### 3 RELOAD





#### 1 FLUSH

for (i = 0; i < 256; ++i) {
 \_mm\_clflush(probe + i \* 4096);</pre>

### VIСТІМ

char byte = table[secret];

#### 3 RELOAD





#### 1 FLUSH

for (i = 0; i < 256; ++i) {
 \_mm\_clflush(probe + i \* 4096);
}</pre>

#### VIСТІМ

char byte = table[secret];

#### 3 RELOAD





#### 1 FLUSH

for (i = 0; i < 256; ++i) {
 \_mm\_clflush(probe + i \* 4096);
}
2 VICTIM
Char byte = table[secret];
3 RELOAD</pre>





#### 1 FLUSH

for (i = 0; i < 256; ++i) { \_mm\_clflush(probe + i \* 4096); VICTIM char byte = table[secret]; RELOAD 3 for (i = 0; i < 256; ++i) {  $t0 = \__rdtsc();$ \*(volatile char \*)(probe + i \* 4096);  $dt = \__rdtsc() - t0;$ 





### **PREVIOUS ATTACKS**









#### viстiм



\_\_\_\_\_









 $dt = \__rdtsc() - t0;$ 







dt = \_\_rdtsc() - t0; }





 $dt = \__rdtsc() - t0;$ 



#### VICTIM (1)



#### (4

for  $(i = 0; i < 256; ++i) \{$  $t0 = \_rdtsc();$ \*(volatile char \*)(probe + i \* 4096);  $dt = \__rdtsc() - t0;$ 





for (i = 0; i < 256; ++i) {
 t0 = \_\_rdtsc();
 \*(volatile char \*)(probe + i \* 4096);
 dt = \_\_rdtsc() - t0;
}</pre>





 $dt = \__rdtsc() - t0;$ 





dt = \_\_rdtsc() - t0;



































# Mitigations

- Kernel Page Table Isolation
- Array index masking
- XOR masking



## KPTI



### **Problem:** leak kernel data from virtual addresses



## KPTI



**Solution**: unmap kernel addresses



### So we have a system with all mitigations in-place







### What can we still do as an attacker?



### Takes around 24 hours



### Meet Rogue In-flight Data Load or RIDL

### A new **class** of speculative execution attacks

that knows no boundaries



### Privilege levels are just a social construct





### We can leak between hardware threads!





### But can we leak across other security domains?





#### Yes, we can!





### We leak from the kernel...





#### ... across VMs...





### ... from the hypervisor...





### ... and from SGX enclaves!



### We leak across all security domains!



### Can we leak from the browser?





66

Turns out we can!

- We reproduced RIDL in Mozilla Firefox
- No need for special instructions



### We leak across security domains, even from the browser!



### Memory addresses are a social construct too



## **Previous Attacks**



Previous attacks show we can speculatively leak from **addresses** 



## **Previous Attacks**



Current mitigations depend on masking/isolating addresses



## **Previous Attacks**

- **Spectre**: access out-of-bounds addresses
- Meltdown: leak kernel data from virtual addresses
- Foreshadow: leak from physical addresses



## **Previous Attacks**

Mitigations:

- **Spectre**: mask array index to limit address range
- Meltdown: unmap kernel from userspace
- Foreshadow: invalidate physical address



### **Previous Attacks**

- Previous attacks exploit addressing
- Mitigated by isolating/masking addresses



### RIDL

RIDL does not depend on addressing

- Bypass all address-based security checks
- Makes RIDL hard to mitigate



### What CPUs are affected by RIDL?



# We bought Intel and AMD CPUs from almost every generation since 2008



#### ... and sent the invoices to our professor Herbert Bos







#### RIDL works on all mainstream Intel CPUs since 2008



Intel Xeon Silver 4110 (Skylake SP) - 2017 Intel Core i7-8700K (Coffee Lake) - 2017 Intel Core i7-7800X (Skylake X) - 2017 Intel Core i7-7700K (Kaby Lake) - 2017 Intel Core i7-6700K (Skylake) - 2015 Intel Core i7-5775C (Broadwel) - 2015 Intel Core i7-4790 (Haswell) - 2014 Intel Core i7-3770K (Ivy Bridge) - 2012 Intel Core i7-2600 (Sandy Bridge) - 2011 Intel Core i3-550 (Westmere) - 2010 Intel Core i7-920 (Nehalem) - 2008





Appoint Health ( Mitched Mit )

#### Side-channel Vulnerability and Mitigation Methods

The security of numbershifts is one of our east important priorities.

The the set environment continues to evolve, which is committed to investing to the second y and reliability at the postants, and to avoiding to safeguard over 7 sensitive information.

Specific to side-chennel vulnerabilities, mitigations have been provided for all variants noted below through a combination of updates for

4 Hittesare

+ Operating while re-

\* Verbal Machine Nanager"

System manufacturers have incorporated these updates. Some intel products may contain hardware in tigations. See the table below for mitigation details.

| Processer Model                                  | Vulnerability and Mitigation Nethod                              |                                                                    |                                                                   |                                                                           |                                              |                                      |  |  |
|--------------------------------------------------|------------------------------------------------------------------|--------------------------------------------------------------------|-------------------------------------------------------------------|---------------------------------------------------------------------------|----------------------------------------------|--------------------------------------|--|--|
|                                                  | Verlent 1<br>(Bounds Check<br>Bypess; else terson<br>as Spectra) | Verlant 2<br>(Branch Target<br>Jejection; obe known<br>as Spectre) | Variant 3<br>(Rague Data Cache<br>Load; ebo known a<br>Neticiowa) | Vortant 34<br>(Rague System Register<br>Brack also known es<br>Mattelows) | Variant 4<br>(Bogue System<br>Register Read) | Variant S<br>(1.1 Terminal<br>Fault) |  |  |
| Intel" Core"<br>(3-99005                         | OS/VIM Elimetere + OS                                            |                                                                    | Hardware                                                          | Firmwaie                                                                  | Firmware +05                                 | Handware                             |  |  |
| Intel <sup>®</sup> Core <sup>®</sup><br>17-9700k | 05/VPN                                                           | Firmeane + 05                                                      | Hardware                                                          | Ermanes                                                                   | Firmware +06                                 | Hardware                             |  |  |

#### 9 8

Decementation

Content Type Protect Information & Cocumentation

Article 10 000031501

Last Reviewed 11/21/2018



- Firmware
- Operating systems
- Virtual Machine Manager\*

System manufacturers have incorporated these updates. Some Intel products may contain hardware mitigations. See the table below for mitigation details:

| Processor<br>Model       | Vulnerability and Mitigation Method                                   |                                                                           |                                                                       |                                                                             |                                                       |                                           |  |  |
|--------------------------|-----------------------------------------------------------------------|---------------------------------------------------------------------------|-----------------------------------------------------------------------|-----------------------------------------------------------------------------|-------------------------------------------------------|-------------------------------------------|--|--|
|                          | Variant 1<br>(Bounds<br>Check<br>Bypass; also<br>known as<br>Spectre) | Variant 2<br>(Branch<br>Target<br>Injection; also<br>known as<br>Spectre) | Variant 3<br>(Rogue Data<br>Cache Load;<br>also known as<br>Meltdown) | Variant 3a<br>(Rogue System<br>Register Read;<br>also known as<br>Meltdown) | Variant<br>4<br>(Rogue<br>System<br>Register<br>Read) | Variant<br>5<br>(L1<br>Terminal<br>Fault) |  |  |
| Intel⊛ Core™<br>i9-9900k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                                       | Hardware                                  |  |  |
| Intel® Core™<br>i7-9700k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                                       | Hardware                                  |  |  |
| Intel® Core™<br>i5-9600k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                                       | Hardware                                  |  |  |
| Intel® Core™             |                                                                       |                                                                           |                                                                       |                                                                             | Firmware                                              |                                           |  |  |

#### Intel announces Coffee Lake Refresh



- Firmware
- Operating systems
- Virtual Machine Manager\*

System manufacturers have incorporated these updates. Some Intel products may contain hardware mitigations. See the table below for mitigation details:

| Processor<br>Model       | Vulnerability and Mitigation Method                                   |                                                                           |                                                                       |                                                                             |                                                       |                                           |  |  |
|--------------------------|-----------------------------------------------------------------------|---------------------------------------------------------------------------|-----------------------------------------------------------------------|-----------------------------------------------------------------------------|-------------------------------------------------------|-------------------------------------------|--|--|
|                          | Variant 1<br>(Bounds<br>Check<br>Bypass; also<br>known as<br>Spectre) | Variant 2<br>(Branch<br>Target<br>Injection; also<br>known as<br>Spectre) | Variant 3<br>(Rogue Data<br>Cache Load;<br>also known as<br>Meltdown) | Variant 3a<br>(Rogue System<br>Register Read;<br>also known as<br>Meltdown) | Variant<br>4<br>(Rogue<br>System<br>Register<br>Read) | Variant<br>5<br>(L1<br>Terminal<br>Fault) |  |  |
| Intel⊛ Core™<br>i9-9900k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                                       | Hardware                                  |  |  |
| Intel® Core™<br>i7-9700k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                                       | Hardware                                  |  |  |
| Intel® Core™<br>i5-9600k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                                       | Hardware                                  |  |  |
| Intel® Core™             |                                                                       |                                                                           |                                                                       |                                                                             | Firmware                                              |                                           |  |  |

In-silicon mitigations against Meltdown and Foreshadow



- Firmware
- Operating systems
- Virtual Machine Manager\*

System manufacturers have incorporated these updates. Some Intel products may contain hardware mitigations. See the table below for mitigation details:

| Processor<br>Model       | Vulnerability and Mitigation Method                                   |                                                                           |                                                                       |                                                                             |                                                       |                                           |  |  |
|--------------------------|-----------------------------------------------------------------------|---------------------------------------------------------------------------|-----------------------------------------------------------------------|-----------------------------------------------------------------------------|-------------------------------------------------------|-------------------------------------------|--|--|
|                          | Variant 1<br>(Bounds<br>Check<br>Bypass; also<br>known as<br>Spectre) | Variant 2<br>(Branch<br>Target<br>Injection; also<br>known as<br>Spectre) | Variant 3<br>(Rogue Data<br>Cache Load;<br>also known as<br>Meltdown) | Variant 3a<br>(Rogue System<br>Register Read;<br>also known as<br>Meltdown) | Variant<br>4<br>(Rogue<br>System<br>Register<br>Read) | Variant<br>5<br>(L1<br>Terminal<br>Fault) |  |  |
| Intel⊛ Core™<br>i9-9900k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                                       | Hardware                                  |  |  |
| Intel® Core™<br>i7-9700k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                                       | Hardware                                  |  |  |
| Intel® Core™<br>i5-9600k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                                       | Hardware                                  |  |  |
| Intel® Core™             |                                                                       |                                                                           |                                                                       |                                                                             | Firmware                                              |                                           |  |  |

Let's buy the Intel Core i9-9900K!



#### ... and send another invoice to Herbert





#### We got it the day after we submitted the paper



### RIDL works regardless of these in-silicon mitigations



Intel Core i9-9900K (Coffee Lake R) - 2018 Intel Xeon Silver 4110 (Skylake SP) - 2017 Intel Core i7-8700K (Coffee Lake) - 2017 Intel Core i7-7800X (Skylake X) - 2017 Intel Core i7-7700K (Kaby Lake) - 2017 Intel Core i7-6700K (Skylake) - 2015 Intel Core i7-5775C (Broadwel) - 2015 Intel Core i7-4790 (Haswell) - 2014 Intel Core i7-3770K (Ivy Bridge) - 2012 Intel Core i7-2600 (Sandy Bridge) - 2011 Intel Core i3-550 (Westmere) - 2010 Intel Core i7-920 (Nehalem) - 2008



### AMD

#### We also tried to reproduce it on AMD Turns out AMD is not affected



Intel Core i9-9900K (Coffee Lake R) - 2018 Intel Xeon Silver 4110 (Skylake SP) - 2017 Intel Core i7-8700K (Coffee Lake) - 2017 Intel Core i7-7800X (Skylake X) - 2017 Intel Core i7-7700K (Kaby Lake) - 2017 Intel Core i7-6700K (Skylake) - 2015 Intel Core i7-5775C (Broadwel) - 2015 Intel Core i7-4790 (Haswell) - 2014 Intel Core i7-3770K (Ivy Bridge) - 2012 Intel Core i7-2600 (Sandy Bridge) - 2011 Intel Core i3-550 (Westmere) - 2010 Intel Core i7-920 (Nehalem) - 2008 AMD Ryzen 5 2500U (Raven Ridge) - 2018 AMD Ryzen 7 2600X (Pinnacle Ridge) - 2018 🗶 AMD Ryzen 7 1600X (Summit Ridge) - 2017







#### But where are we actually leaking from?









Previous attacks had it easy, they leak from caches





Caches are well documented and well understood.





But RIDL does not leak from caches!





But what else is there to leak from?





There exist other internal CPU buffers





Line Fill Buffers, Store Buffers, and Load Ports





#### But there is more!





#### Uncached memory



#### We can leak from various internal CPU buffers!



### RIDL is a **class** of speculative execution attacks also known as **M**icro-architectural **D**ata **S**ampling



### Let's focus on one particular instance: Line Fill Buffers



### Manuals

MEM\_LOAD\_UOPS\_RETIRED.HIT\_LFB\_PS - Counts demand loads that hit in the line fill buffer (LFB). A LFB entry is allocated every time a miss occurs in the L1 DCache. When a load hits at this location it means that a previous load, store or hardware prefetch has already missed in the L1 DCache and the data fetch is in progress. Therefore the cost of a hit in the LFB varies. This event may count cache-line split loads that miss in the L1 DCache but do not miss the LLC.

On 32-byte Intel AVX loads, all loads that miss in the L1 DCache show up as hits in the L1 DCache or hits in the LFB. They never show hits on any other level of memory hierarchy. Most loads arise from the line fill buffer (LFB) when Intel AVX loads miss in the L1 DCache.

- We first read the manuals
- Some references to internal CPU buffers
- But no further explanation
- Where would you even start?



#### That's why we started reading patents instead!



| - citizati - sector                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | Land Same Land Same P     | The second     | - Andrea Sana                                | "Billing and  | · monthly and    | 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 19900 - 19900 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - 1990 - |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------|----------------|----------------------------------------------|---------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | - Carlos - Secondario     | Come sole - ra | Canal Andrew<br>Canal Andrew<br>Canal Andrew | Tana Martan   | Anna Anna Anna - | Land Gass Faire                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| and the first of the second se |                           |                | - 100                                        | · Contraction | - 100 100 100    |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | Sand San fe - Land San fe | - 21-          | - <u>Lang</u> and -<br>- <u>Net 172</u>      |               | Langhorden -     |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |                           |                | Languero Pr                                  |               |                  |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |                           |                |                                              |               |                  |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |

#### We read a lot of patents, and survived!



## So today I can tell you a bit more about internal **CPU buffers**



## But wait, what are these Line Fill Buffers?



















Multiple roles:

- Asynchronous memory requests
- Load squashing
- Write combining
- Uncached memory



Multiple roles:

- <u>Asynchronous memory requests</u>
- Load squashing
- Write combining
- Uncached memory



**CPU design**: what to do on a cache miss?

- 1. Send out memory request
- 2. Wait for completion
- 3. Blocks other loads/stores



• Solution: keep track of address in LFB

- 1. Send out memory request
- 2. Allocate LFB entry
- 3. Store address in LFB
- 4. Serve other loads/stores
- 5. Pending request eventually completes



• Solution: keep track of address in LFB

- 1. Send out memory request
- 2. <u>Allocate LFB entry</u>
- 3. Store address in LFB
- 4. Serve other loads/stores
- 5. Pending request eventually completes



- Allocate LFB entry
- May contain data from previous load
- **RIDL exploits this**



### Experiments



#### Conclusion: our primary RIDL instance leaks from Line Fill Buffers



#### Cool... so how do we actually mount a RIDL attack?



### Ideas

- We can leak in-flight data
- Let's get some sensitive data in-flight



### **Confused Deputy**

- Observation: invoking passwd utility reads /etc/shadow contents
- We can control the **affinity** of the process with taskset
- Try to leak from the other Hyper-Thread when /etc/shadow is in-flight
- Not so easy...





### Challenges

### X Getting data in flight



### Challenges

# Getting data in flightLeaking data



#### What does this program look like?



























































### Challenges

# Getting data in flightLeaking data



### Challenges

# Getting data in flightLeaking data





#### RIDL is like drinking from a fire hose





You just get whatever data is in flight!



### Challenges

Getting data in flight
 Leaking data
 Filtering data



# Filtering

We need to **synchronize** or do some **post-processing** 

- Synchronize: not possible, we cannot change passwd binary
- <u>Post-processing</u>: we can repeat measurements, stitch them together, filter measurements



How can we filter data?



- We want to leak from /etc/shadow
- First line is for root
  - Starts with "root:"



root:\$6\$gfjkk3Hi\$DBZMdRUPaR0/StaKaEIME3LQLBVP67.ax7TdZUuuTgxRPAc0CZQBsV/JkgcAbWC 6/E3DvzvMAckTTcRG/Q6.i0:18089:0:999999:7:::

bin:\*:17737:0:99999:7::: sys:\*:17737:0:99999:7:::: sync:\*:17737:0:999999:7::: aames:\*:17737:0:99999:7:::: man:\*:17737:0:99999:7::: lp:\*:17737:0:99999:7:::: mail:\*:17737:0:99999:7::: news:\*:17737:0:999999:7::: uucp:\*:17737:0:999999:7:::: proxy:\*:17737:0:99999:7:::: www-data:\*:17737:0:99999:7::: backup: \*: 17737: 0: 99999: 7: :: list:\*:17737:0:999999:7::: irc:\*:17737:0:99999:7::: anats:\*:17737:0:999999:7::: nobody:\*:17737:0:99999:7:::: systemd-network:\*:17737:0:99999:7::: systemd-resolve:\*:17737:0:99999:7::: syslog:\*:17737:0:99999:7:::: messagebus:\*:17737:0:99999:7::: \_apt:\*:17737:0:999999:7:::: uuidd:\*:17737:0:99999:7::::



- We want to leak from /etc/shadow
- First line is for root
  - Starts with "root:"
- Use prefix matching:
  - Match ⇒ we learn a new byte
  - No match  $\Rightarrow$  discard



Known Prefix





Known Prefix







Known Prefix



No Match

| h | t | t | р | s | : | 1 | 1 |
|---|---|---|---|---|---|---|---|
|---|---|---|---|---|---|---|---|



Known Prefix



No Match

| h | t | t | р | s | : | 1 | 1 |
|---|---|---|---|---|---|---|---|
|---|---|---|---|---|---|---|---|

| r o o | t | : | S | р | 1 |
|-------|---|---|---|---|---|
|-------|---|---|---|---|---|



Known Prefix



No Match



Match

| r | о | 0 | t |  | S | р | 1 |
|---|---|---|---|--|---|---|---|
|---|---|---|---|--|---|---|---|



Known Prefix



No Match



Match

| r | 0 | 0 | t | : | s | р | 1 |
|---|---|---|---|---|---|---|---|
|---|---|---|---|---|---|---|---|





Known Prefix



No Match



Match

| r | 0 | 0 | t | : | S | р | 1 |
|---|---|---|---|---|---|---|---|
|---|---|---|---|---|---|---|---|

No Match

| R E A | D | М | Е | • | Т |
|-------|---|---|---|---|---|
|-------|---|---|---|---|---|



Known Prefix



No Match



Match

| r | 0 | 0 | t | : | S | р | 1 |
|---|---|---|---|---|---|---|---|
|---|---|---|---|---|---|---|---|

No Match

| R | Е | А | D | М | Е | • | Т |
|---|---|---|---|---|---|---|---|
|---|---|---|---|---|---|---|---|



Known Prefix



No Match



Match

| r | о | 0 | t | : | S | р | 1 |
|---|---|---|---|---|---|---|---|
|---|---|---|---|---|---|---|---|

No Match

| R | Е | А | D | М | Е | • | Т |
|---|---|---|---|---|---|---|---|
|---|---|---|---|---|---|---|---|

Match

| r o o | t : | S | p / |
|-------|-----|---|-----|
|-------|-----|---|-----|



### Challenges

Getting data in flight
 Leaking data
 Filtering data



### **Attack scenarios**

# We can leak the **root password hash** from an **unprivileged user**

Let's extend this a bit... to the **cloud**!







#### Victim VM in the cloud



45.1 163





#### We get an attacker VM in the cloud





#### We make sure they are co-located





#### The victim runs an SSH server





### How do we get data in-flight?





#### We launch an SSH client on the attacker





#### ... that keeps connecting to the SSH server





#### The SSH server loads /etc/shadow into the LFB





#### The contents from /etc/shadow are now in-flight



# Leaking



#### Now that the data is in-flight, we want to leak it



# Leaking



#### Run RIDL program on the attacker



# Leaking



#### Which leaks the data from the LFB



### More examples

More examples in the paper:

- Leaking internal CPU data (e.g. page tables)
- Arbitrary kernel read
- Leaking in the browser



# Arbitrary kernel leak

- We can use **Spectre** in combination with **RIDL**
- Use **gadgets** to pull data into LFB
- Train branch predictor to allow arbitrary OOB read





# **RIDL + Spectre**

- copy\_from\_user() can access arbitrary user-supplied pointer
- Repeatedly call setrlimit() with valid user pointer to train branch predictor
- After training, we supply it a kernel pointer we want to leak
- Will be executed **speculatively**, pulled into **LFB** 
  - At the same time we **leak using RIDL**



















































### What next?

### We attacked the **cloud** and have an **arbitrary kernel read**. We still need a local account on the target...







### Portability

Some environments do not have **TSX clflush** might also not be available





### Portability

- No clflush
  - Use EVICT + RELOAD
- No **TSX** 
  - Use demand paging to generate valid page faults (error suppression)





```
/* Evict buffer from cache. */
evict(buffer);
/* Speculatively load the secret. */
char value = *(new_page);
/* Calculate the corresponding entry. */
```

```
char *entry_ptr = buffer + (1024 * value);
```

#### We can generate this code from WebAssembly!

```
/* Time the reload of each buffer entry to
see which entry is now cached. */
for(k=0;k<256;++k){
  t0 = cycles();
  *(buffer + 1024 * k);
  if(cycles - t0 < 100) ++results[k];
}</pre>
```



./otback.sh [sebastion/serek Offenel9 ]S ./otback.sh Press ony wey to do RIDL SpiderMonkey attack... + toskset -c 7 ./js ridL-shell.js [ 105 ] - Gare nott! [ 105 ] - Gare nott! [ 105 ] - [0x48] = 31 H [ 105 ] - [0x48] = 31 H [ 105 ] - [0x48] = 38 n [ 105 ] - [0x66] = 69 l ./victim.sh [sebastian@samek OfFzanz10 JS ./victim.sh + taskset -c 1 ./victim

### FROM THE BROWSER

|       | lude string to                                                                                                  |     |      |
|-------|-----------------------------------------------------------------------------------------------------------------|-----|------|
|       | lude exidin ha                                                                                                  |     |      |
| 3 int | main(int arge, than **argv) {                                                                                   |     |      |
|       | <pre>charattribute((aligned(4896))) buffer[84*04];</pre>                                                        |     |      |
|       | chur wol[32] = "Hello World! Ti's ne Warist",                                                                   |     |      |
|       |                                                                                                                 |     |      |
|       | nenset(buffer, Ex11, 64*64);                                                                                    |     |      |
| 8     | asa valatile("vrowija (WD: ?Wyar?"):"r"(ual):"yand");                                                           |     |      |
| 9     | <pre>dsm volgtile('nop'm"::"r"(buffer));</pre>                                                                  |     |      |
| 19    | while (1) {                                                                                                     |     |      |
| 11    |                                                                                                                 |     |      |
| 12    | <pre>aam volatile('vrownids %00yrrf9, 8(40)'s:"#"(suffer):"yrrf9");</pre>                                       |     |      |
| 13    | dam volctila('mfencs');                                                                                         |     |      |
| 14    |                                                                                                                 |     |      |
| 15    | )                                                                                                               |     |      |
| 16    | No. And Anna |     |      |
| 17    | return +1;                                                                                                      |     |      |
| 18 ]  |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       |                                                                                                                 |     |      |
|       | c" 18L, 4210                                                                                                    | 1,1 | . 61 |



1:sarek.clients.vu.nl:vin





## **Existing mitigations**

Three mechanisms:

- Inhibit trigger (stop speculation, fences, retpoline)
- Hide secret (KPTI, array index masking, L1d flush)
- Disrupt channel of leakage (disable timers)



### Why they fail

# Existing mitigations **fail** because they **assume addressing**





- Same-thread:
  - verw overwrites affected buffers



#### • Same-thread:

- verw overwrites affected buffers
- Special Assembly snippets



```
xorl %eax, %eax
1: clflushopt 5376(%0, %rax, 8)
   addl %eax, $8
   cmpl $8*12, %eax
   jb 1
  movl $6144, %ecx
   xorl %eax, %eax
   rep stosb
   mfence
```



#### • Same-thread:

- verw overwrites affected buffers
- Special Assembly snippets
- Cross-thread:
  - Complex scheduling and synchronization









#### • Same-thread:

- verw overwrites affected buffers
- Special Assembly snippets
- Cross-thread:
  - Complex scheduling and synchronization
  - Disable Intel Hyper-Threading®



### **Future of mitigations**

Looking at the diagram, there might be other issues...





### **Future of mitigations**

Yet another **spot** mitigation!



### Is the attack realistic??









| - | - | - | - Maria 👘 |  |
|---|---|---|-----------|--|
| • |   | • | ici       |  |

≍ [thels@cutlesky: ~/sync]

jtheis@cutiesky:~/sync\$

|theis@cutlesky:-/sync

theis@eutlesky:

jtheis@cutiesky:~/sync/victim\$ cat passwd.sh #1/bin/bash

MINMEZ # CPU NODE SOCKET CORE L1d:L1i:L2:L3 ONLINE MAXMHZ 4203,0303 803,0303 10 E 0:0:0:0:0 5 8 11 1:1:1:0 4268,0000 868,0000 <u>ہ</u> 2:2:2:0 4200,0000 800,0000 12 0 # 3 3:3:3:0 4200,0000 800,0000 • yes 24 4203,0303 803,0303 8 8 0:0:0:0 \$ 5 1:1:1:0 4203,0303 803,0303 2:2:2:0 4268,0869 568,0869 16 0 yes. 4203,0000 503,0000 #7 0

if [ ! -z "\$1" ] && [ \$1 -- 'cat' ]

then

then

echo "while: taskset -c 7 passwd -S jtheis > /dev/null;"
while true;

do taskset -c 7 passwd -S jtheis > /dev/null;

#### done;

else echo 'call with: ./passwd catipasswd' fijtheisëcutiesky:-/sync/victimG ./passwd.sh passwd while: taskset -c 7 passwd -S jtheis > /dev/null;

∠ jtheis\$culiesky: - \_\_\_\_\_

jtheis@cutiesky:~\$ sudo head -n 1 /etc/shadow [sudo] passward for jtheis: root:\$6\$gfjkk3Hi\$DB2MdRUPaR&/StaKaEIME3LQ1BVP67.ax7TdZUvuTgxRPAc0CZQBsV/JkgoAbWC6/E3DvzvMAckTTcR6/Q6.i0:18069:0:99999:7::: jtheis@cutiesky:-\$ ||

210

### **Take-home message**

#### These issues **need to be fixed** at a **fundamental level** before attackers start abusing these in the wild!



#### Disclosure Process







| S     | ep 12   | 2 - Rep | ortec | l to Ir | ntel |     |     |     |
|-------|---------|---------|-------|---------|------|-----|-----|-----|
|       |         |         | 2018  | 2019    | )    |     |     |     |
| Sep   | Oct     | Nov     | Dec   | Jan     | Feb  | Mar | Apr | May |
| 2 - X | 22 - 32 | 04 e    |       |         |      | - × |     | 0   |



























### **MDS Tool**

#### Stephan wrote a tool to verify your system:

| T GER IN A                |                                             | - | E |  |
|---------------------------|---------------------------------------------|---|---|--|
| System                    |                                             |   |   |  |
| Operating system:         | Wie claws 10 free gates                     |   |   |  |
| Precision                 | ms (REConstM) 7-87000090/093700Hz           |   |   |  |
| Wiproardkite-thank        | Coffee Lake                                 |   |   |  |
| Vicrocede                 | DxD00000000                                 |   |   |  |
| Versory                   | DSA GB                                      |   |   |  |
| Circul Energy Space Mile  |                                             |   |   |  |
| Interest Frank Specula    | den                                         |   |   |  |
| Speculative Stone Syper   | heir an |   |   |  |
| Metaloren                 |                                             |   |   |  |
| Raban                     | voltorable                                  |   |   |  |
| CPTI Present:             | Ym                                          |   |   |  |
| <b>CPTI Enuisled:</b>     | Vm                                          |   |   |  |
| PCID Accelerated          | Yin                                         |   |   |  |
| PCID Invel detion:        | Yea                                         |   |   |  |
| L1 Terminal Fasts         |                                             |   |   |  |
| Beleve                    | wheeshite .                                 |   |   |  |
| 111F Presenti             | Ve-                                         |   |   |  |
| PTS levies lies           | Ve-                                         |   |   |  |
| 3/17.                     | When del                                    |   |   |  |
| Util Resk Presents        | Su .                                        |   |   |  |
| Utal Rask.                | Secul date                                  |   |   |  |
| Milera-and Iboctaral Dete | lemping                                     |   |   |  |
| Lise Fill Deffort (WDDS)  | Weinerable                                  |   |   |  |
| :(2002M) onMed anot?      | Andreadala.                                 |   |   |  |
| Lond Perts (ML7DS):       | Wahanabia                                   |   |   |  |
| Unceched Memory           | while while                                 |   |   |  |
| SVT:                      | -Wultyenable                                |   |   |  |
| VD_CLEAT:                 | Not Available                               |   |   |  |



## Conclusion

- Spectre and Meltdown, just one mistake?
- New **class** of speculative execution attacks
- Many more buffers other than caches to leak from
- Does not rely on address => hard to mitigate across security domains, and in the browser



<u>@themadstephan</u> <u>@sirmc</u> <u>@vu5ec</u>

mdsattacks.com

