Hi Andrew,
Dne 25. 02. 25 v 19:10 Andrew Cooper napsal(a):
Very cunning. Yes it does, but the state needs to be safe to IRET back
to, and ...
... And intellectually very pleasing!
Would it work to have KERNEL_CS as last entry in the GDT table?
Therefore executing SYSCALL would set the CS as usual,
but the numeric value of SS selector would be larger than GDT limit?
... this isn't safe. Any exception/interrupt will yield #SS when trying
to load an out-of-limit %ss.> i.e. a wrongly-timed NMI will take out the system
with a very bizarre
looking oops.
Hmm I was hoping that "the reader" will perform this NMI/#MC exercise :)
The SYSCALL/SYSENTER startup has interrupts disabled, so it is the problem of
NMI/#MC
handler which would need deal with the normal case and attack case.
It would need to check if it was executing that critical part of syscall64 entry
from endbr64 to checkselector section, and if yes, the saved %ss needs to be
"impossible" one. If it isn't -> panic.
For non-attack case it just needs to forward RIP after the check...
You can do this in a less fatal way by e.g. having in-GDT form have a
segment limit, but any exception/interrupt will resync the out-of-sync
state, and break detection. Also it would make the segment unusable for
compatibility userspace, where the limit would take effect.
Yeah couldn't figure out what else could work "vice-versa" :(
Finally, while this potentially gives us an option for SYSCALL and maybe
SYSENTER, it doesn't help with any of the main IDT entrypoints which can
also be attacked.
I see, sorry I wasn't aware of this. But if I recall correctly only "paranoid"
IDT entries do something with swapgs. But is there also some stack pivot where
it would depend on GS? Or is it somewhat unrelated issue, that you might just
redirect to "any endbr64" which are IDT entrypoints?
Maybe you can share some details of how the attack would work in this case,
or point me somewhere where I can read about it.
If it is "any endbr64" case, would it work to just do "sanity check" of the
exception stackframe?
I mean if it is real or some random kernel stack state?
1) check %RSP alignment if it was ok
2) check if %ss and %cs for all possible valid values (16 bit)
Unfortunately I think intel is not clearing high 48 bits of saved selector, AMD
is.
3) check if %rip is kernel range
4) check if %rflags is sane (bit1 is 1)
Because if the attacker has no or limited control on the stack content, it
would be difficult to fake it.
Thanks,
Rudolf
