Wikipedia

Kernel page-table isolation

Workaround für Sicherheitslücke in Prozessoren von Intel
Dies ist eine alte Version dieser Seite, zuletzt bearbeitet am 4. Januar 2018 um 09:36 Uhr durch en>Intgr (Background on KAISER: Improve sourcing, clarifications). Sie kann sich erheblich von der aktuellen Version unterscheiden.

Vorlage:Redirect Kernel page-table isolation (KPTI, previously called KAISER)[1] is mitigation for the Meltdown security vulnerability in Intel's x86 CPUs. It works by better isolating user space and kernel space memory.[2][3] KPTI was merged into Linux kernel version 4.15,[4] to be released in early 2018, and backported to Linux kernel 4.14.11.[5] Windows[6] and macOS[7] released similar updates. KPTI does not address the related Spectre vulnerability.[8]

Background on KAISER

The KPTI patches were based on KAISER, an earlier mitigation for a much less severe issue, published in June 2017 back when Meltdown was not known yet.

Without KPTI enabled, whenever executing user-space code (applications), Linux would also keep its entire kernel memory mapped in page tables, although protected from access. The advantage is that when the application makes a system call into the kernel or an interrupt is received, kernel page tables are always present, so most context switching-related overheads (TLB flush, page-table swapping, etc) can be avoided.[2]

In 2005, the Linux kernel adopted kernel address space layout randomization (KASLR), which makes it more difficult to exploit other kernel vulnerabilities,[9][10] which relies on kernel addresses remaining hidden from user space. Despite prohibiting access to these kernel mappings, it turns out that there are several side-channel attacks in modern processors that can leak the location of this memory, making it possible to work around KASLR.[3][11][12][13]

Meltdown vulnerability and KPTI

In January 2018, the Meltdown vulnerability was published, which was far more severe, affecting only Intel x86 processors.[8] It was found that contents of kernel memory could also be leaked, not just memory mappings, as previously thought. The KAISER patches were repurposed for this fix (and renamed to KPTI).

AMD x86 processors are not affected by Meltdown and don't need KPTI to mitigate them.[8][14] However, AMD processors are still susceptible to KASLR bypass when KPTI is disabled.Vorlage:Citation needed

Implementation

KPTI fixes these leaks by separating user-space and kernel-space page tables entirely. On processors that support the process context identifiers (PCID) feature, a TLB flush can be avoided,[2] but even then it comes at a significant performance cost, particularly in syscall-heavy and interrupt-heavy workloads. The overhead was measured to be 0.28% according to KAISER's original authors;[3] a Linux developer measured it to be roughly 5% for most workloads and up to 30% in some cases, even with the PCID optimization.[2]

KPTI can partially be disabled with the "pti=off" kernel boot option. Also provisions were created to disable KPTI if newer processors fix the information leaks.[1]

See also

References

Vorlage:Reflist

  1. a b Jonathan Corbet: The current state of kernel page-table isolation In: LWN.net, 20 December 2017 
  2. a b c d Jonathan Corbet: KAISER: hiding the kernel from user space In: LWN.net, 15 November 2017 
  3. a b c Daniel Gruss, Moritz Lipp, Michael Lipp, Richard Fellner, Clémentine Maurice, Stefan Mangard: KASLR is Dead: Long Live KASLR. Engineering Secure Software and Systems 2017. 24. Juni 2017 (gruss.cc [PDF]).
  4. Jonathan Corbet: Kernel page-table isolation merged In: LWN.net, 20 December 2017 
  5. Greg Kroah-Hartman: Linux 4.14.11 Changelog. In: kernel.org.
  6. Vorlage:Cite tweet
  7. Apple has already partially implemented fix in macOS for 'KPTI' Intel CPU security flaw. In: AppleInsider. Abgerufen am 3. Januar 2018 (amerikanisches Englisch).
  8. a b c Devin Coldewey: Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device? In: TechCrunch, 4 January 2018 (englisch). 
  9. Alan Dang: The NX Bit And ASLR - Behind Pwn2Own: Exclusive Interview With Charlie Miller In: Tom's Hardware, 25 March 2009. Abgerufen am 29. Dezember 2017 (englisch). 
  10. Abhishek Bhattacharjee, Daniel Lustig: Architectural and Operating System Support for Virtual Memory. Morgan & Claypool Publishers, 2017, ISBN 978-1-62705-933-6, S. 56 (englisch, google.com).
  11. Yeongjin Jang, Sangho Lee, Taesoo Kim: Breaking Kernel Address Space Layout Randomization with Intel TSX. In: 2016 ACM SIGSAC Conference on Computer and Communications Security (= CCS '16). ACM, New York, NY, USA 2016, S. 380–392, doi:10.1145/2976749.2978321 (oregonstate.edu [PDF]).
  12. Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangard: Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR. In: 2016 ACM SIGSAC Conference on Computer and Communications Security (= CCS '16). ACM, New York, NY, USA 2016, S. 368–379, doi:10.1145/2976749.2978356 (gruss.cc [PDF]).
  13. R. Hund, C. Willems, T. Holz: Practical Timing Side Channel Attacks against Kernel Space ASLR. In: 2013 IEEE Symposium on Security and Privacy. Mai 2013, S. 191–205, doi:10.1109/sp.2013.23 (ieee-security.org [PDF]).
  14. An Update on AMD Processor Security In: AMD, 4 January 2018 
Abgerufen von „https://de.wikipedia.org/w/index.php?title=Kernel_page-table_isolation&oldid=172591457