Skip to main content
SpringerLink
Log in

Speculative Dereferencing: Reviving Foreshadow

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12674))

Included in the following conference series:

Abstract

In this paper, we provide a systematic analysis of the root cause of the prefetching effect observed in previous works and show that its attribution to a prefetching mechanism is incorrect in all previous works, leading to incorrect conclusions and incomplete defenses. We show that the root cause is speculative dereferencing of user-space registers in the kernel. This new insight enables the first end-to-end Foreshadow (L1TF) exploit targeting non-L1 data, despite Foreshadow mitigations enabled, a novel technique to directly leak register values, and several side-channel attacks. While the L1TF effect is mitigated on the most recent Intel CPUs, all other attacks we present still work on all Intel CPUs and on CPUs by other vendors previously believed to be unaffected.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Demonstration video can be found here: https://streamable.com/8ke5ub.

  2. 2.

    “Our attacks are based on weaknesses in the hardware design of prefetch instructions” [17].

  3. 3.

    “2. Prefetch (inaccessible) address \(\bar{p}\). 3. Reload p. [...] the prefetch of \(\bar{p}\) in step 2 leads to a cache hit in step 3 with a high probability.” [17] with emphasis added.

  4. 4.

    “[...] delays were introduced to lower the pressure on the prefetcher.” [17]. These delays were implemented using a different number of sched_yield system calls, as can also be seen in the original attack code [20].

  5. 5.

    “Prefetch can fetch inaccessible privileged memory into various caches on Intel x86.” [17] and corresponding NaCl results.

  6. 6.

    “[...] we were not able to build an address-translation oracle on [ARM] Android. As the prefetch instructions do not prefetch kernel addresses [...]” [17] describing why it does not work on ARM-based Android devices.

References

  1. Amazon AWS: AWS Lambda@Edge (2019). https://aws.amazon.com/lambda/edge/

  2. ARM: ARM: Whitepaper Cache Speculation Side-channels (2018). https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/download-the-whitepaper

  3. Bhattacharya, S., Maurice, C., Bhasin, S., Mukhopadhyay, D.: Template Attack on Blinded Scalar Multiplication with Asynchronous perf-ioctl Calls. Cryptology ePrint Archive, Report 2017/968 (2017)

    Google Scholar 

  4. Branco, R., Hu, K., Sun, K., Kawakami, H.: Efficient mitigation of side-channel based attacks against speculative execution processing architectures (2019). US Patent App. 16/023,564

    Google Scholar 

  5. Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: WOOT (2017)

    Google Scholar 

  6. Canella, C., et al.: A Systematic evaluation of transient execution attacks and defenses. In: USENIX Security Symposium (2019). Extended classification tree and PoCs at https://transient.fail/

  7. Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., Lai, T.H.: SgxPectre attacks: stealing Intel secrets from SGX enclaves via speculative execution. In: EuroS&P (2019)

    Google Scholar 

  8. Chromium: Mojo in Chromium (2020). https://chromium.googlesource.com/chromium/src.git/+/master/mojo/README.md

  9. Cloudflare: Cloudflare Workers (2019). https://www.cloudflare.com/products/cloudflare-workers/

  10. KVM Contributors: Kernel-based Virtual Machine (2019). https://www.linux-kvm.org

  11. Elixir bootlin (2018). https://elixir.bootlin.com/linux/latest/source/arch/x86/kvm/svm.c#L5700

  12. Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: MICRO (2016)

    Google Scholar 

  13. Fog, A.: The microarchitecture of Intel. An optimization guide for assembly programmers and compiler makers, AMD and VIA CPUs (2016)

    Google Scholar 

  14. Gens, D., Arias, O., Sullivan, D., Liebchen, C., Jin, Y., Sadeghi, A.R.: LAZARUS: practical side-channel resilient kernel-space randomization. In: RAID (2017)

    Google Scholar 

  15. Gras, B., Razavi, K., Bosman, E., Bos, H., Giuffrida, C.: ASLR on the line: practical cache attacks on the MMU. In: NDSS (2017)

    Google Scholar 

  16. Gruss, D., Lipp, M., Schwarz, M., Fellner, R., Maurice, C., Mangard, S.: KASLR is dead: long live KASLR. In: ESSoS (2017)

    Google Scholar 

  17. Gruss, D., Maurice, C., Fogh, A., Lipp, M., Mangard, S.: Prefetch side-channel attacks: bypassing SMAP and Kernel ASLR. In: CCS (2016)

    Google Scholar 

  18. Gruss, D., Maurice, C., Mangard, S.: Rowhammer.js: a remote software-induced fault attack in JavaScript. In: DIMVA (2016)

    Google Scholar 

  19. Horn, J.: Speculative execution, variant 4: speculative store bypass (2018)

    Google Scholar 

  20. IAIK: Prefetch Side-Channel Attacks V2P (2016). https://github.com/IAIK/prefetch/blob/master/v2p/v2p.c

  21. IBM (2019). https://cloud.ibm.com/functions/

  22. Intel: Intel Analysis of Speculative Execution Side Channels (2018). Revision 4.0

    Google Scholar 

  23. Intel: Retpoline: A Branch Target Injection Mitigation (2018). Revision 003

    Google Scholar 

  24. Intel: Speculative Execution Side Channel Mitigations (2018). Revision 3.0

    Google Scholar 

  25. Intel: Intel 64 and IA-32 Architectures Optimization Reference Manual (2019)

    Google Scholar 

  26. Intel: Intel 64 and IA-32 Architectures Software Developer’s Manual, Volume 3 (3A, 3B & 3C): System Programming Guide (2019)

    Google Scholar 

  27. Intel Corporation: Software Guard Extensions Programming Reference, Rev. 2 (2014)

    Google Scholar 

  28. Intel Corporation: Refined Speculative Execution Terminology (2020). https://software.intel.com/security-software-guidance/insights/refined-speculative-execution-terminology

  29. Jangda, A., Powers, B., Berger, E.D., Guha, A.: Not so fast: analyzing the performance of webassembly vs. native code. In: USENIX ATC (2019)

    Google Scholar 

  30. kernel.org: Virtual memory map with 4 level page tables (x86_64) (2009). https://www.kernel.org/doc/Documentation/x86/x86_64/mm.txt

  31. Kim, T., Shin, Y.: Reinforcing meltdown attack by using a return stack buffer. IEEE Access 7, 186065–186077 (2019)

    Article  Google Scholar 

  32. Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ISCA (2014)

    Google Scholar 

  33. Kiriansky, V., Waldspurger, C.: Speculative buffer overflows: attacks and defenses. arXiv:1807.03757 (2018)

  34. Shutemov, K.A.: Pagemap: Do Not Leak Physical Addresses to Non-Privileged Userspace (2015). https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce

  35. Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: S&P (2019)

    Google Scholar 

  36. Koruyeh, E.M., Khasawneh, K., Song, C., Abu-Ghazaleh, N.: Spectre returns! speculation attacks using the return stack buffer. In: WOOT (2018)

    Google Scholar 

  37. Lee, J., et al.: Hacking in Darkness: Return-oriented Programming against Secure Enclaves. In: USENIX Security Symposium (2017)

    Google Scholar 

  38. Lee, S., Shih, M., Gera, P., Kim, T., Kim, H., Peinado, M.: Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In: USENIX Security Symposium (2017)

    Google Scholar 

  39. Levin, J.: Mac OS X and IOS Internals: To the Apple’s Core. Wiley, Hoboken (2012)

    Google Scholar 

  40. Lipp, M., Gruss, D., Schwarz, M., Bidner, D., Maurice, C., Mangard, S.: Practical keystroke timing attacks in sandboxed JavaScript. In: ESORICS (2017)

    Google Scholar 

  41. Lipp, M., et al.: Meltdown: reading kernel memory from user space. In: USENIX Security Symposium (2018)

    Google Scholar 

  42. Maisuradze, G., Rossow, C.: ret2spec: speculative execution using return stack buffers. In: CCS (2018)

    Google Scholar 

  43. Maurice, C., et al.: Hello from the other side: SSH over robust cache covert channels in the Cloud. In: NDSS (2017)

    Google Scholar 

  44. Microsoft: Azure serverless computing (2019). https://azure.microsoft.com/en-us/overview/serverless-computing/

  45. Microsoft Techcommunity: Hyper-V HyperClear Mitigation for L1 Terminal Fault (2018). https://techcommunity.microsoft.com/t5/Virtualization/Hyper-V-HyperClear-Mitigation-for-L1-Terminal-Fault/ba-p/382429

  46. Mozilla: Javascript data structures (2019). https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures

  47. Nilsson, A., Nikbakht Bideh, P., Brorsson, J.: A Survey of Published Attacks on Intel SGX (2020)

    Google Scholar 

  48. OpenSSL: OpenSSL: The Open Source toolkit for SSL/TLS (2019). http://www.openssl.org

  49. Oren, Y., Kemerlis, V.P., Sethumadhavan, S., Keromytis, A.D.: The Spy in the sandbox: practical cache attacks in JavaScript and their implications. In: CCS (2015)

    Google Scholar 

  50. Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting DRAM addressing for cross-CPU attacks. In: USENIX Security Symposium (2016)

    Google Scholar 

  51. Rebeiro, C., Mukhopadhyay, D., Takahashi, J., Fukunaga, T.: Cache timing attacks on Clefia. In: International Conference on Cryptology in India. Springer, Heidelberg (2009)

    Google Scholar 

  52. van Schaik, S.: RIDL: rogue in-flight data load. In: S&P (2019)

    Google Scholar 

  53. Schwarz, M., Canella, C., Giner, L., Gruss, D.: Store-to-leak forwarding: leaking data on meltdown-resistant CPUs. arXiv:1905.05725 (2019)

  54. Schwarz, M., et al.: Automated detection, exploitation, and elimination of double-fetch bugs using modern CPU features. In: AsiaCCS (2018)

    Google Scholar 

  55. Schwarz, M., Gruss, D., Weiser, S., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: DIMVA (2017)

    Google Scholar 

  56. Schwarz, M., et al.: ZombieLoad: cross-privilege-boundary data sampling. In: CCS (2019)

    Google Scholar 

  57. Schwarz, M., Maurice, C., Gruss, D., Mangard, S.: Fantastic timers and where to find them: high-resolution microarchitectural attacks in JavaScript. In: FC (2017)

    Google Scholar 

  58. Schwarz, M., Schwarzl, M., Lipp, M., Gruss, D.: NetSpectre: read arbitrary memory over network. In: ESORICS (2019)

    Google Scholar 

  59. Schwarz, M., Weiser, S., Gruss, D.: Practical enclave malware with Intel SGX. In: DIMVA (2019)

    Google Scholar 

  60. Schwarzl, M., Schuster, T., Schwarz, M., Gruss, D.: Speculative dereferencing of registers: reviving foreshadow (2021). https://martinschwarzl.at/media/files/spec_deref_extended.pdf

  61. Seaborn, M., Dullien, T.: Exploiting the DRAM rowhammer bug to gain kernel privileges. In: Black Hat Briefings (2015)

    Google Scholar 

  62. Slashdot EditorDavid: Two Linux Kernels Revert Performance-Killing Spectre Patches (2019). https://linux.slashdot.org/story/18/11/24/2320228/two-linux-kernels-revert-performance-killing-spectre-patches

  63. Stecklina, J.: An demonstrator for the L1TF/Foreshadow vulnerability (2019). https://github.com/blitz/l1tf-demo

  64. Turner, P.: Retpoline: a software construct for preventing branch-target-injection (2018). https://support.google.com/faqs/answer/7625886

  65. Ubuntu Security Team: L1 Terminal Fault (L1TF) (2019). https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF

  66. V8 team: v8 - Adding BigInts to V8 (2018). https://v8.dev/blog/bigint

  67. Van Bulck, J., et al.: Foreshadow: extracting the keys to the intel SGX kingdom with transient out-of-order execution. In: USENIX Security Symposium (2018)

    Google Scholar 

  68. Van Bulck, J., et al.: LVI: hijacking transient execution through microarchitectural load value injection. In: S&P (2020)

    Google Scholar 

  69. Viswanathan, V.: Disclosure of hardware prefetcher control on some intel processors. https://software.intel.com/en-us/articles/disclosure-of-hw-prefetcher-control-on-some-intel-processors

  70. Weisse, O., et al.: Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution (2018). https://foreshadowattack.eu/foreshadow-NG.pdf

  71. Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-bandwidth and reliable covert channel attacks inside the cloud. ACM Trans. Netw. 23, 603–614 (2014)

    Article  Google Scholar 

  72. xenbits: Cache-load gadgets exploitable with L1TF (2019). https://xenbits.xen.org/xsa/advisory-289.html

  73. Xiao, Y., Zhang, Y., Teodorescu, R.: SPEECHMINER: a framework for investigating and measuring speculative execution vulnerabilities. In: NDSS (2020)

    Google Scholar 

  74. Yarom, Y., Falkner, K.: Flush+Reload: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security Symposium (2014)

    Google Scholar 

Download references

Acknowledgments

We want to thank Moritz Lipp, Clémentine Maurice, Anders Fogh, Xiao Yuan, Jo Van Bulck, and Frank Piessens of the original papers for reviewing and providing feedback to drafts of this work and for discussing the technical root cause with us. Furthermore, we want to thank Intel and ARM for valuable feedback on an early draft. This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation program (grant agreement No. 681402). Additional funding was provided by generous gifts from Cloudflare, Intel and Red Hat. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties.

Author information

Authors and Affiliations

  1. Graz University of Technology, Graz, Austria

    Martin Schwarzl, Thomas Schuster & Daniel Gruss

  2. CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

    Michael Schwarz

Authors
  1. Martin Schwarzl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Schuster
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Schwarz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniel Gruss
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Schwarzl .

Editor information

Editors and Affiliations

  1. University of Illinois at Urbana-Champaign, Urbana, IL, USA

    Nikita Borisov

  2. KU Leuven, Leuven, Belgium

    Claudia Diaz

Appendices

A Extracting Hypotheses from Previous Works

The hypotheses are extracted from previous works as detailed in this section. The footnotes for each hypothesis provide the exact part of the previous work that we reference.

  • H1 the prefetch instruction (to instruct the prefetcher to prefetch);Footnote 2

  • H2 the value stored in the register used by the prefetch instruction (to indicate which address the prefetcher should prefetch);Footnote 3

  • H3 the sched_yield syscall (to give time to the prefetcher);Footnote 4

  • H4 the use of the userspace_accessible bit (as kernel addresses could otherwise not be translated in a user context);Footnote 5

  • H5 an Intel CPU – the “prefetching” effect only occurs on Intel CPUs, and other CPU vendors are not affected.Footnote 6

The original paper also describes that “delays were introduced to lower the pressure on the prefetcher” [17]. In fact, this was done via recompilation. Note that recompilation with additional code inserted may have side effects such as a different register allocation, which we find to be an important influence factor to the attack.

B Actual Spectre V2 gadget in Linux kernel

We analyzed the Linux kernel 4.16.18 and used the GNU debugger (GDB) to debug our kernel. As our target syscall we analyzed the path of the sched_yield syscall. We used the same experiment, which fills all general-purpose registers with the corresponding DPM address, perform sched_yield and verify the speculative dereference with Flush+Reload. We repeat this experiment 10 000 000 times. We analyzed each indirect branch in this code path and replaced the indirect call/jump with a retpolined version. Furthermore, we analyzed all general-purpose registers and traced their content if the DPM-address is still valid in some registers. By systematically retpolining the indirect branches, we observed that the indirect call current->sched_class->yield_task(rq); in the function sys_sched_yield causes the main leakage. We set a breakpoint to this function and observed that four general-purpose registers (%rcx,%rsi,%r8,%r9) still contain the kernel address we set in our experiment.

In the function put_prev_task_fair, the %rsi register is dereferenced. To check whether this dereference cause the leakage, we add an lfence instruction at the beginning of the function. We run the same experiment again and observe almost no cache fetches on our address. The %rsi register is dereferenced in line 48.

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schwarzl, M., Schuster, T., Schwarz, M., Gruss, D. (2021). Speculative Dereferencing: Reviving Foreshadow. In: Borisov, N., Diaz, C. (eds) Financial Cryptography and Data Security. FC 2021. Lecture Notes in Computer Science(), vol 12674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-64322-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-64322-8_15

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-64321-1

  • Online ISBN: 978-3-662-64322-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation