在计算机体系结构中,特别是在 X86 CPU 中,指令“REP MOVSB”通常用于传输内存块中的数据。 为了扩展其功能,附加前缀(例如 REX、VEX 和 EVEX)为操作数规范提供了额外的功能。 虽然这些前缀可能看起来微不足道,但 Google 多个团队最近进行的研究揭示了由于冗余前缀问题和快速短重复移动 (FSRM) 之间的相互作用而出现的漏洞,FSRM 是较新的英特尔芯片中引入的一项功能,用于增强重复字符串操作。 These issues lead to unpredictable behaviors ranging from branching to unexpected places, ignoring conditional branches and machine checking exceptions resulting in the processor stopping altogether。 Researchers suggest this occurs when redundant "rex。r" prefixes are added during an FSMR-optimised Repetition String Store。 Testing shows that multiple concurrent instances of triggering the same bug result in machine-check exceptions。 To counteract this, researchers advise updating or disabling fast string functionality until further analysis is carried out to address the root cause of the issue fully。 Though it seems possible to exploit this vulnerability to gain higher privileges, the exact nature of it still eludes investigation。 Nonetheless, interested parties who desire to investigate this topic are invited to contribute to ongoing efforts。
根据所提供的材料,对于购买谷歌和其他公司提供的租赁专用硬件来应对此类漏洞的用户有何影响? 此外,我们是否有证据支持这一理论:该 CPU 缺陷可能是英特尔及其政府合作伙伴故意插入的安全后门? 此外,通过微代码修复此缺陷对性能的潜在影响有多严重,CPU 复杂性的增加与错误流行之间是否存在相关性? 最后,与通过专门为此目的定制的指令序列创建复杂的安全后门相比,发生这样的简单错误的可能性有多大?
相关文章
原文
We have a CPU mystery! We found a way to cause some processors to enter a glitch state where the normal rules don’t apply, but what does that mean…?
Introduction
If you’ve ever written any x86 assembly at all, you’ve probably used rep movsb. It’s the idiomatic way of moving memory around on x86. You set the source, destination, direction and the count - then just let the processor handle all the details!
The actual instruction here is movsb, the rep is simply a prefix that changes how the instruction works. In this case, it indicates that you want this operation repeated multiple times.
There are lots of other prefixes too, but they don’t all apply to every instruction.
Prefix Decoding
An interesting feature of x86 is that the instruction decoding is generally quite relaxed. If you use a prefix that doesn’t make sense or conflicts with other prefixes nothing much will happen, it will usually just be ignored.
This fact is sometimes useful; compilers can use redundant prefixes to pad a single instruction to a desirable alignment boundary.
Take a look at this snippet, this is exactly the same code as above, just a bunch of useless or redundant prefixes have been added:
Perhaps the most interesting prefixes are rex, vex and evex, all of which change how subsequent instructions are decoded.
Let’s take a look at how they work.
The REX prefix
The i386 only had 8 general purpose registers, so you could specify which register you want to use in just 3 bits (because 2^3 is 8).
The way that instructions were encoded took advantage of this fact, and reserved just enough bits to specify any of those registers.
modr/m example
Simple 2-byte instructions that use modr/m might be encoded like this, for example mov eax, ebx.
This is an 8-bit opcode, 2 bit addressing mode (labeled m), and 3 bits each for the source (s) and destination (d).
Well, this is a problem, because x86-64 added 8 additional general purpose registers. We now have sixteen possible registers..that’s 2^4, so we’re going to need another bit! 😆
The solution to this is the rex prefix, which gives us some spare bits that the next instruction can borrow.
When we’re talking about rex, we usually write it like this:
rex is a single-byte prefix, the first four bits are mandatory and the remaining four bits called b, x, r and w are all optional. If you see rex.rb that means only the r and b bits are set, all the others are unset.
These optional bits give us room to encode more general purpose registers in the following instruction.
rex example
The rex prefix can lend the next instruction extra bits to use for operands, so now we can encode all 16 possible general purpose registers!
So now we know that rex increases the available space for encoding operands, and that useless or redundant prefixes are usually ignored on x86. So… what should this instruction do?
The movsb instruction doesn’t have any operands - they’re all implicit - so any rex bits are meaningless, right?
If you guessed that the processor will just silently ignore the rex prefix, you would be correct!
Well… except on machines that support a new feature called fast short repeat move! We discovered that a bug with redundant rex prefixes could interact with this feature in an unexpected way and introduce a serious vulnerability, oops 🙂
Fast Short Repeat Move
FSRM is a new feature introduced in Ice Lake that fixes some of the shortcomings of ERMS. Hopefully that clears up any confusion. 😆
Just kidding, let’s quickly look at ERMS.
The hard part of moving strings around efficiently is getting all the buffers aligned so you can use the widest possible stores available. You could do this in software, but if we do it in microcode then the processor can just transparently make your existing code faster for you.
This requires some expensive setup, but once that’s done you get vastly improved throughput. This feature is known as enhanced repeat move/store, ERMS.
If you have a processor with ERMS support, simple rep movsb operations can sometimes perform comparably with more complicated hand-tuned vector move operations.
However, there is a problem with ERMS. That initial setup is so expensive that it just isn’t worth it for very short strings. This is what FSRM is designed to solve, it handles the case of only moving 128 bytes or less and makes that faster too!
I’m not aware of any documentation that explains exactly how FSRM works, but you can check if you have a processor that supports it by looking at the flags line in /proc/cpuinfo:
flags : fpu vme de pse tsc msr pae mce cx8 [...] fsrm
Some of the processors that have this feature include:
Ice Lake
Rocket Lake
Tiger Lake
Raptor Lake
Alder Lake
Sapphire Rapids
Note: This list may not be comprehensive, please see Intel advisory INTEL-SA-00950 for a complete list.
Discovery
I’ve written previously about a processor validation technique called Oracle Serialization that we’ve been using. The idea is to generate two forms of the same randomly generated program and verify their final state is identical.
You can read more about Oracle Serialization in my previous writeup.
In August, our validation pipeline produced an interesting assertion. It had found a case where adding redundant rex.r prefixes to an FSRM optimized rep movs operation seemed to cause unpredictable results.
We observed some very strange behavior while testing. For example, branches to unexpected locations, unconditional branches being ignored and the processor no longer accurately recording the instruction pointer in xsave or call instructions.
Oddly, when trying to understand what was happening we would see a debugger reporting impossible states!
This already seemed like it could be indicative of a serious problem, but within a few days of experimenting we found that when multiple cores were triggering the same bug, the processor would begin to report machine check exceptions and halt.
We verified this worked even inside an unprivileged guest VM, so this already has serious security implications for cloud providers. Naturally, we reported this to Intel as soon as we confirmed this was a security issue.
Reproduce
We’re publishing all of our research today to our security research repository. If you want to reproduce the vulnerability you can use our icebreak tool, I’ve also made a local mirror available here.
$ ./icebreak -h
usage: ./icebreak [OPTIONS]
-c N,M Run repro threads on core N and M.
-d N Sleep N usecs between repro attempts.
-H N Spawn a hammer thread on core N.
icebreak: you must at least specify a core pair with -c! (see -h for help)
The testcase enters what should be an infinite loop, and unaffected systems should see no output at all. On affected systems, a . is printed on each successful reproduction.
$ ./icebreak -c 0,4
starting repro on cores 0 and 4
.........................................................................
.........................................................................
.........................................................................
.........................................................................
.........................................................................
In general, if the cores are SMT siblings then you may observe random branches and if they’re SMP siblings from the same package then you may observe machine checks.
If you do not specify two different cores, then you might need to use a hammer thread to trigger a reproduction.
Analysis
We know something strange is happening, but how microcode works in modern systems is a closely guarded secret. We can only theorize about the root cause based on observations.
μops
The CPU is split in two major components, the frontend and the backend. The frontend is responsible for fetching instructions, decoding them and generating μops to send to the backend for execution.
The backend executes instructions out of order, and uses a unit called the ROB, reorder buffer, to store and organize results.
We believe this bug causes the frontend to miscalculate the size of the movsb instruction, causing subsequent entries in the ROB to be associated with incorrect addresses. When this happens, the CPU enters a confused state that causes the instruction pointer to be miscalculated.
The machine can eventually recover from this state, perhaps with incorrect intermediate results, but becoming internally consistent again. However, if we cause multiple SMT or SMP cores to enter the state simultaneously, we can cause enough microarchitectural state corruption to force a machine check.
Questions
I’m sure some readers will have questions about what is possible in this unexpected “glitch” state. Well, so do we!
We know that we can corrupt the system state badly enough to cause machine check errors, and we’ve also observed threads interfere with execution of processes scheduled on SMT siblings.
However, we simply don’t know if we can control the corruption precisely enough to achieve privilege escalation. I suspect that it is possible, but we don’t have any way to debug μop execution!
If you’re interested in studying this, then we would love to get your input!
Credit
This bug was independently discovered by multiple research teams within Google, including the silifuzz team and Google Information Security Engineering. The bug was analyzed by Tavis Ormandy, Josh Eads, Eduardo Vela Nava, Alexandra Sandulescu and Daniel Moghimi.
Solution
Intel have published updated microcode for all affected processors. Your operating system or BIOS vendor may already have an update available!
Workaround
If you can’t update for some reason, you could disable fast strings via the IA32_MISC_ENABLE model specific register.
This will cause a significant performance penalty, and should not be used unless absolutely necessary.
Notes
If you’re interested in more CPU bugs, we publish everything we find!
Not all the bugs we discover have security consequences, but they’re usually worth reading! For example, did you know that sometimes movlps just doesn’t work? or that registers can sometimes roll back to previous values?
