On Wed, Apr 17, 2019 at 10:33 AM Khalid Aziz <khalid.aziz@xxxxxxxxxx> wrote: > > On 4/17/19 11:09 AM, Ingo Molnar wrote: > > > > * Khalid Aziz <khalid.aziz@xxxxxxxxxx> wrote: > > > >>> I.e. the original motivation of the XPFO patches was to prevent execution > >>> of direct kernel mappings. Is this motivation still present if those > >>> mappings are non-executable? > >>> > >>> (Sorry if this has been asked and answered in previous discussions.) > >> > >> Hi Ingo, > >> > >> That is a good question. Because of the cost of XPFO, we have to be very > >> sure we need this protection. The paper from Vasileios, Michalis and > >> Angelos - <http://www.cs.columbia.edu/~vpk/papers/ret2dir.sec14.pdf>, > >> does go into how ret2dir attacks can bypass SMAP/SMEP in sections 6.1 > >> and 6.2. > > > > So it would be nice if you could generally summarize external arguments > > when defending a patchset, instead of me having to dig through a PDF > > which not only causes me to spend time that you probably already spent > > reading that PDF, but I might also interpret it incorrectly. ;-) > > Sorry, you are right. Even though that paper explains it well, a summary > is always useful. > > > > > The PDF you cited says this: > > > > "Unfortunately, as shown in Table 1, the W^X prop-erty is not enforced > > in many platforms, including x86-64. In our example, the content of > > user address 0xBEEF000 is also accessible through kernel address > > 0xFFFF87FF9F080000 as plain, executable code." > > > > Is this actually true of modern x86-64 kernels? We've locked down W^X > > protections in general. > > > > I.e. this conclusion: > > > > "Therefore, by simply overwriting kfptr with 0xFFFF87FF9F080000 and > > triggering the kernel to dereference it, an attacker can directly > > execute shell code with kernel privileges." > > > > ... appears to be predicated on imperfect W^X protections on the x86-64 > > kernel. > > > > Do such holes exist on the latest x86-64 kernel? If yes, is there a > > reason to believe that these W^X holes cannot be fixed, or that any fix > > would be more expensive than XPFO? > > Even if physmap is not executable, return-oriented programming (ROP) can > still be used to launch an attack. Instead of placing executable code at > user address 0xBEEF000, attacker can place an ROP payload there. kfptr > is then overwritten to point to a stack-pivoting gadget. Using the > physmap address aliasing, the ROP payload becomes kernel-mode stack. The > execution can then be hijacked upon execution of ret instruction. This > is a gist of the subsection titled "Non-executable physmap" under > section 6.2 and it looked convincing enough to me. If you have a > different take on this, I am very interested in your point of view. My issue with all this is that XPFO is really very expensive. I think that, if we're going to seriously consider upstreaming expensive exploit mitigations like this, we should consider others first, in particular CFI techniques. grsecurity's RAP would be a great start. I also proposed using a gcc plugin (or upstream gcc feature) to add some instrumentation to any code that pops RSP to verify that the resulting (unsigned) change in RSP is between 0 and THREAD_SIZE bytes. This will make ROP quite a bit harder.
