Lazy FP state restore

Source: Wikipedia, the free encyclopedia.
(Redirected from
Lazy FP State Restore
)

Lazy FPU state leak (

floating point unit (FPU).[2] By exploiting this vulnerability, a local process can leak the content of the FPU registers that belong to another process. This vulnerability is related to the Spectre and Meltdown
vulnerabilities that were publicly disclosed in January 2018.

It was announced by

Amazon, Cyberus Technology and SYSGO.[1][a]

Besides being used for

floating point arithmetic, the FPU registers are also used for other purposes, including for storing cryptographic data when using the AES instruction set, present in many Intel CPUs.[3] This means that this vulnerability may allow for key material to be compromised.[3]

Mechanism

The floating point and

SIMD
registers are large, and not used by every task (or thread) in the system. To make context switching faster, most common microprocessors support lazy state switching. Rather than storing the full state during a context switch, the operating system can simply mark the FPU "not available" in the hopes that the switched-to task will not need it. If the operating system has guessed correctly, time is saved. If the guess is wrong, the first FPU or SIMD instruction will cause a trap to the operating system, which can then save the state to the previous task and load the correct state for the current task.

In

out-of-order CPUs
, the "FPU not available" condition is not detected immediately. (In fact, it almost cannot be detected immediately, as there may be multiple fault-causing instructions executing simultaneously and the processor must take the first fault encountered to preserve the illusion of in-order execution. The information about which is first is not available until the in-order retire stage.) The processor speculatively executes the instruction using the previous task's register contents, and some following instructions, and only later detects the FPU not available condition. Although all architectural state is reverted to the beginning of the faulting instruction, it is possible to use part of the FPU state as the address in a memory load, triggering a load into the processor's cache. Exploitation then follows the same pattern as all Spectre-family vulnerabilities: as the cache state is not architectural state (the cache only affect speed, not correctness), the cache load is not undone and the address, including part of the previous task's register state, can later be detected by measuring the time taken to access different memory addresses.

It is possible to exploit this bug without actually triggering any operating system traps. By placing the FPU access in the shadow of a forced

retpoline
) the processor will still speculatively execute the code, but will rewind to the mispredicted branch and never actually execute the operating system trap. This allows the attack to be rapidly repeated, quickly reading out the entire FPU and SIMD register state.

Mitigation

It is possible to mitigate the vulnerability at the operating system and

have released patches to address the vulnerability.

Notes

  1. ^ The OpenBSD project claims to have discovered the vulnerability independently.[5]

See also

  • Transient execution CPU vulnerabilities

References

  1. ^ a b c d "Lazy FP state restore". Intel. 2018-06-13. Retrieved 2018-06-18.
  2. ^ ].
  3. ^ a b c d Prescher, Thomas; Stecklina, Julian; Galowicz, Jacek. "Intel LazyFP vulnerability: Exploiting lazy FPU state switching". Cyberus Technology. Retrieved 2018-06-18.
  4. ^ a b "Xen Security Advisory CVE-2018-3665 / XSA-267, version 3". 2018-06-13. Retrieved 2018-06-18.
  5. marc.info
    .
  6. ^
    RedHat
    . 2018-06-14. Retrieved 2018-06-18.
  7. ^ "CVE-2018-3665". Debian. Retrieved 2018-06-17.
  8. ^ "OpenBSD 6.3 Errata". OpenBSD. Retrieved 2018-06-18.

External links