The challenge of compiling for verified architectures

Posted Oct 7, 2023 23:26 UTC (Sat) by helge.bahmann (subscriber, #56804)
In reply to: The challenge of compiling for verified architectures by Cyberax
Parent article: The challenge of compiling for verified architectures

You do not need to create arbitrary pointers, you just need to coax the CPU into speculating a confusion between a pointer and an integer.

Roughly, this works by calling a function typed (void*)(uint64_t) through an indirect call (function pointer). While the WASM security model prevents you from directly assigning a function fn with signature void fn(void*) to the function pointer in question, you can cause the CPU to speculate that the call through your function pointer may end up in fn (via BTB poisoning) and therefore cause speculated access to arbitrary memory locations from WASM into the host address space (similarly applies to e.g. JacaScript). This can be exploited as really reliably for as long as the JIT ever emits an indirect call (and all JITs known to me do that, but notably researchers have also found ways to use the branch cascade resulting from switch/case-like constructs to cause the required BTB confusion).

From a high level point of view, you have to assume that any "protection" offered by a languages or runtimes type system to separate pointers from arbitrary integers can be circumvented by speculative confusion of branch targets.

The challenge of compiling for verified architectures

Posted Oct 7, 2023 23:41 UTC (Sat) by helge.bahmann (subscriber, #56804) [Link]

Should note: TTBOMK Wasm JITs (notably wasmtime) are not emitting retpolines which would stop the "naive" spectre V2 described at least. I am doubtful that even doing so would close all loopholes, it is damn hard to guarantee that adversarial code is jitted without side channels (unless you completely give up on asymptotically approaching "native" performance). I am not convinced eBPF is succeeding on side channel attacks either.

The challenge of compiling for verified architectures

Posted Oct 8, 2023 2:06 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

> Roughly, this works by calling a function typed (void*)(uint64_t) through an indirect call (function pointer).

Wasmtime does have a mitigation for this particular vulnerability: https://bytecodealliance.org/articles/security-and-correc...

It's fair to say that WASM does not try to guarantee the lack of side-channels in general. Implementations try to add mitigations where they feel that it's reasonable, but are not fixated on that. eBPF probably has some advantage in that area, but I doubt it's really insurmountable.

The challenge of compiling for verified architectures

Posted Oct 8, 2023 3:43 UTC (Sun) by helge.bahmann (subscriber, #56804) [Link]

Are you certain? To my knowledge only "out-of-bounds" function table accesses are protected (so you "probably" cannot speculate jump out of JIT-generated code), and also no retpolines produced. I know that in 2021 I managed to get speculated call on wasmtime JIT to type-confused function happen after a lot of trial and error (AMD Zen2, and no IBRS in user space). Maybe I missed situation changing since then, but I am not aware.

The challenge of compiling for verified architectures

Posted Oct 8, 2023 3:25 UTC (Sun) by roc (subscriber, #30627) [Link] (4 responses)

eBPF may have more comprehensive Spectre mitigations than (some implementations of) WebAssembly, but that would be a surprising way to define "sandbox" vs "verifier".

The challenge of compiling for verified architectures

Posted Oct 8, 2023 5:04 UTC (Sun) by ibukanov (subscriber, #3942) [Link] (3 responses)

Checks at runtime can be bypassed via a speculation, checks in the verifier cannot. Some runtime checks can be protected against speculative leaks, but V8 implementation of JS and Wasm, for example, gave up on that.

So Wasm sandbox requires too many dynamic checks to hope for reliable practical protection against SPECTRE and friends. EBP implementation in Linux, by reducing the number of runtime checks and constraining the code sufficiently, still managed to provide the protection against known attacks. Hence ability to provide practical protection against speculative leaks is a useful criterion to classify.

The challenge of compiling for verified architectures

Posted Oct 8, 2023 7:06 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

> Checks at runtime can be bypassed via a speculation, checks in the verifier cannot.

Does that include new and fancy features like iterators?

The challenge of compiling for verified architectures

Posted Oct 8, 2023 9:57 UTC (Sun) by roc (subscriber, #30627) [Link] (1 responses)

Looks to me like Wasmtime is still "hoping for reliable practical protection against SPECTRE and friends".
https://bytecodealliance.org/articles/security-and-correc...

I still think this is a poor way to draw a line between "sandbox" and "verifier". If Spectre vulnerabilities are found in eBPF will it cease to be a verifier and become a sandbox? That doesn't make sense to me.

The challenge of compiling for verified architectures

Posted Oct 8, 2023 12:57 UTC (Sun) by ibukanov (subscriber, #3942) [Link]

Presently all found speculation bugs have been promptly addressed in BPF while Wasm implementations continue to hope. Yes, this difference is poorly defined and probably cannot be formalized. Yet it is clear that it is affected by the nature of checks that has to be done at runtime.