Jump to content

Kernel page-table isolation: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Undid 818695806 64.121.146.209 (talk) More sources can never harm (and will come with further article development). However, this is already above notability threshold, no need for tag.
Undid revision 818709264 by Matthiaspaul (talk) Please discuss in talk page.
Line 1: Line 1:
{{Redirect|KPTI}}
{{Redirect|KPTI}}
{{notability|date=January 2018}}
'''Kernel page-table isolation''' ('''KPTI''', previously called '''KAISER''')<ref name=":22">{{Cite news|url=https://lwn.net/Articles/741878/|title=The current state of kernel page-table isolation|last=Corbet|first=Jonathan|date=20 December 2017|work=LWN.net|access-date=|archive-url=|archive-date=|dead-url=}}</ref> is mitigation for the [[Meltdown (security bug)|Meltdown]] security [[Vulnerability (computing)|vulnerability]] in [[Intel]]'s [[x86]] [[CPU]]s. It works by better isolating [[user space]] and kernel space memory.<ref name=":0">{{Cite news|url=https://lwn.net/Articles/738975/|title=KAISER: hiding the kernel from user space|last=Corbet|first=Jonathan|date=15 November 2017|work=LWN.net}}</ref><ref name=":1">{{Cite conference|date=24 June 2017|last=Gruss|first=Daniel|last2=Lipp|first2=Moritz|last3=Schwarz|first3=Michael|last4=Fellner|first4=Richard|last5=Maurice|first5=Clémentine|last6=Mangard|first6=Stefan|title=KASLR is Dead: Long Live KASLR|url=https://gruss.cc/files/kaiser.pdf|conference=Engineering Secure Software and Systems 2017}}</ref> KPTI was merged into Linux kernel version 4.15,<ref name=":2">{{Cite news|url=https://lwn.net/Articles/742404/|title=Kernel page-table isolation merged|last=Corbet|first=Jonathan|date=20 December 2017|work=LWN.net}}</ref> to be released in early 2018, and [[backport]]ed to Linux kernel 4.14.11.<ref>{{Cite web|url=https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11|title=Linux 4.14.11 Changelog|last=Kroah-Hartman|first=Greg|date=|website=kernel.org|archive-url=|archive-date=|dead-url=|access-date=}}</ref> [[Microsoft Windows|Windows]]<ref>{{Cite tweet|number=930412525111296000|user=aionescu|title=Windows 17035 Kernel ASLR/VA Isolation In Practice|author=Alex Ionescu|date=14 November 2017}}</ref> and [[macOS]]<ref>{{Cite web|url=http://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemented-fix-in-macos-for-kpti-intel-cpu-security-flaw|title=Apple has already partially implemented fix in macOS for 'KPTI' Intel CPU security flaw|website=AppleInsider|language=en-US|access-date=2018-01-03}}</ref> released similar updates. KPTI does not address the related [[Spectre (security vulnerability)|Spectre]] vulnerability.<ref name=":3">{{Cite news|url=https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/|title=Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?|last=Coldewey|first=Devin|date=4 January 2018|work=TechCrunch|language=en}}</ref>
'''Kernel page-table isolation''' ('''KPTI''', previously called '''KAISER''')<ref name=":22">{{Cite news|url=https://lwn.net/Articles/741878/|title=The current state of kernel page-table isolation|last=Corbet|first=Jonathan|date=20 December 2017|work=LWN.net|access-date=|archive-url=|archive-date=|dead-url=}}</ref> is mitigation for the [[Meltdown (security bug)|Meltdown]] security [[Vulnerability (computing)|vulnerability]] in [[Intel]]'s [[x86]] [[CPU]]s. It works by better isolating [[user space]] and kernel space memory.<ref name=":0">{{Cite news|url=https://lwn.net/Articles/738975/|title=KAISER: hiding the kernel from user space|last=Corbet|first=Jonathan|date=15 November 2017|work=LWN.net}}</ref><ref name=":1">{{Cite conference|date=24 June 2017|last=Gruss|first=Daniel|last2=Lipp|first2=Moritz|last3=Schwarz|first3=Michael|last4=Fellner|first4=Richard|last5=Maurice|first5=Clémentine|last6=Mangard|first6=Stefan|title=KASLR is Dead: Long Live KASLR|url=https://gruss.cc/files/kaiser.pdf|conference=Engineering Secure Software and Systems 2017}}</ref> KPTI was merged into Linux kernel version 4.15,<ref name=":2">{{Cite news|url=https://lwn.net/Articles/742404/|title=Kernel page-table isolation merged|last=Corbet|first=Jonathan|date=20 December 2017|work=LWN.net}}</ref> to be released in early 2018, and [[backport]]ed to Linux kernel 4.14.11.<ref>{{Cite web|url=https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11|title=Linux 4.14.11 Changelog|last=Kroah-Hartman|first=Greg|date=|website=kernel.org|archive-url=|archive-date=|dead-url=|access-date=}}</ref> [[Microsoft Windows|Windows]]<ref>{{Cite tweet|number=930412525111296000|user=aionescu|title=Windows 17035 Kernel ASLR/VA Isolation In Practice|author=Alex Ionescu|date=14 November 2017}}</ref> and [[macOS]]<ref>{{Cite web|url=http://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemented-fix-in-macos-for-kpti-intel-cpu-security-flaw|title=Apple has already partially implemented fix in macOS for 'KPTI' Intel CPU security flaw|website=AppleInsider|language=en-US|access-date=2018-01-03}}</ref> released similar updates. KPTI does not address the related [[Spectre (security vulnerability)|Spectre]] vulnerability.<ref name=":3">{{Cite news|url=https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/|title=Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?|last=Coldewey|first=Devin|date=4 January 2018|work=TechCrunch|language=en}}</ref>


Revision as of 06:12, 5 January 2018

"KPTI" redirects here. For other uses, see KPTI (disambiguation).

Kernel page-table isolation (KPTI, previously called KAISER)[1] is mitigation for the Meltdown security vulnerability in Intel's x86 CPUs. It works by better isolating user space and kernel space memory.[2][3] KPTI was merged into Linux kernel version 4.15,[4] to be released in early 2018, and backported to Linux kernel 4.14.11.[5] Windows[6] and macOS[7] released similar updates. KPTI does not address the related Spectre vulnerability.[8]

Background on KAISER

The KPTI patches were based on KAISER, an earlier mitigation for a much less severe issue, published in June 2017 back when Meltdown was not known yet.

Without KPTI enabled, whenever executing user-space code (applications), Linux would also keep its entire kernel memory mapped in page tables, although protected from access. The advantage is that when the application makes a system call into the kernel or an interrupt is received, kernel page tables are always present, so most context switching-related overheads (TLB flush, page-table swapping, etc) can be avoided.[2]

In 2014, the Linux kernel adopted kernel address space layout randomization (KASLR),[9] which makes it more difficult to exploit other kernel vulnerabilities,[10] which relies on kernel addresses remaining hidden from user space. Despite prohibiting access to these kernel mappings, it turns out that there are several side-channel attacks in modern processors that can leak the location of this memory, making it possible to work around KASLR.[3][11][12][13]

Meltdown vulnerability and KPTI

In January 2018, the Meltdown vulnerability was published, which was far more severe, affecting only Intel x86 processors.[8] It was found that contents of kernel memory could also be leaked, not just memory mappings, as previously thought. The KAISER patches were repurposed for this fix (and renamed to KPTI).

AMD x86 processors are not affected by Meltdown and don't need KPTI to mitigate them.[8][14] However, AMD processors are still susceptible to KASLR bypass when KPTI is disabled.[citation needed]

Implementation

KPTI fixes these leaks by separating user-space and kernel-space page tables entirely. On processors that support the process context identifiers (PCID) feature, a TLB flush can be avoided,[2] but even then it comes at a significant performance cost, particularly in syscall-heavy and interrupt-heavy workloads.

The overhead was measured to be 0.28% according to KAISER's original authors;[3] a Linux developer measured it to be roughly 5% for most workloads and up to 30% in some cases, even with the PCID optimization;[2] for database engine PostgreSQL the impact on read-only tests on an Intel Skylake processor was 7-17% (or 16-23% without PCID),[15] while a full benchmark lost 13-19% (Coffee Lake vs. Broadwell-E).[16] Redis slowed by 6-7%.[16]

KPTI can partially be disabled with the "nopti" kernel boot option. Also provisions were created to disable KPTI if newer processors fix the information leaks.[1]

See also

References

  1. ^ a b Corbet, Jonathan (20 December 2017). "The current state of kernel page-table isolation". LWN.net. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  2. ^ a b c d Corbet, Jonathan (15 November 2017). "KAISER: hiding the kernel from user space". LWN.net.
  3. ^ a b c Gruss, Daniel; Lipp, Moritz; Schwarz, Michael; Fellner, Richard; Maurice, Clémentine; Mangard, Stefan (24 June 2017). KASLR is Dead: Long Live KASLR (PDF). Engineering Secure Software and Systems 2017.
  4. ^ Corbet, Jonathan (20 December 2017). "Kernel page-table isolation merged". LWN.net.
  5. ^ Kroah-Hartman, Greg. "Linux 4.14.11 Changelog". kernel.org. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  6. ^ Alex Ionescu [@aionescu] (November 14, 2017). "Windows 17035 Kernel ASLR/VA Isolation In Practice" (Tweet) – via Twitter.
  7. ^ "Apple has already partially implemented fix in macOS for 'KPTI' Intel CPU security flaw". AppleInsider. Retrieved 2018-01-03.
  8. ^ a b c Coldewey, Devin (4 January 2018). "Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?". TechCrunch. {{cite news}}: no-break space character in |title= at position 90 (help)
  9. ^ "Linux kernel 3.14, Section 1.7. Kernel address space randomization". kernelnewbies.org. 30 March 2014. Retrieved 2 April 2014.
  10. ^ Bhattacharjee, Abhishek; Lustig, Daniel (29 September 2017). Architectural and Operating System Support for Virtual Memory. Morgan & Claypool Publishers. p. 56. ISBN 9781627059336.
  11. ^ Jang, Yeongjin; Lee, Sangho; Kim, Taesoo (2016). "Breaking Kernel Address Space Layout Randomization with Intel TSX" (PDF). 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS '16. New York, NY, USA: ACM: 380–392. doi:10.1145/2976749.2978321. ISBN 9781450341394.
  12. ^ Gruss, Daniel; Maurice, Clémentine; Fogh, Anders; Lipp, Moritz; Mangard, Stefan (2016). "Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR" (PDF). 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS '16. New York, NY, USA: ACM: 368–379. doi:10.1145/2976749.2978356. ISBN 9781450341394.
  13. ^ Hund, R.; Willems, C.; Holz, T. (May 2013). "Practical Timing Side Channel Attacks against Kernel Space ASLR" (PDF). 2013 IEEE Symposium on Security and Privacy: 191–205. doi:10.1109/sp.2013.23.
  14. ^ "An Update on AMD Processor Security". AMD. 4 January 2018.
  15. ^ Freund, Andres (2018-01-02). "heads up: Fix for intel hardware bug will lead to performance regressions". PostgreSQL development mailing list (pgsql-hackers).
  16. ^ a b Larabel, Michael (2018-01-02). "Initial Benchmarks Of The Performance Impact Resulting From Linux's x86 Security Changes". Phoronix.

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Kernel_page-table_isolation&oldid=818726028"