Bypassing IOMMU Protection against I/O Attacks Benoît Morgan, Eric Alata, Vincent Nicomette, Mohamed Kaâniche To cite this version: Benoît Morgan, Eric Alata, Vincent Nicomette, Mohamed Kaâniche. Bypassing IOMMU Protection against I/O Attacks. 7th Latin-American Symposium on Dependable Computing (LADC’16), Oct 2016, Cali, Colombia. pp.145-150, 10.1109/LADC.2016.31. hal-01419962 HAL Id: hal-01419962 https://hal.archives-ouvertes.fr/hal-01419962 Submitted on 20 Dec 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Bypassing IOMMU protection against I/O Attacks Benoˆıt Morgan, Eric´ Alata, Vincent Nicomette, Mohamed Kaanicheˆ LAAS-CNRS, Universite´ de Toulouse, CNRS, INSA, Toulouse, France 7 Avenue du Colonel Roche 31000 Toulouse Email: [email protected], [email protected], [email protected], [email protected] Abstract—Attacks targeting computer systems become more and RAM memory segments. These communication channels and more complex and various. Some of them, so-called I/O raise serious concerns about the security of such architectures, attacks, are performed by malicious peripherals that make read since they open some opportunities to attackers to compromise or write accesses to DRAM memory or to memory embedded in other peripherals, through DMA (Direct Memory Access) the system and hosted applications using some malicious requests. Some protection mechanisms to face these attacks exist peripherals. These attacks are so-called I/O attacks. To cope and have been implemented for several years now in modern with such attacks, some hardware protection components, such architectures. A typical example is the IOMMU proposed by as the IOMMU, from Intel, are included in modern computers. Intel. However, such mechanisms are not necessarily properly This experience report paper is aimed at analyzing the security configured and used by the firmware and the operating system. This experimental paper describes a design weakness that we dis- of such protection component. In particular, it is shown, covered in the configuration of an IOMMU by the Intel IOMMU that even if this component has been introduced 10 years Linux driver and a possible exploitation scenario that would ago, some serious security concerns may be raised about its allow a malicious peripheral to bypass the underlying protection actual efficiency to prevent malicious I/O attacks due to some mechanism. The exploitation scenario is implemented with a design weaknesses in its configuration. Briefly, the weakness is PCI Express peripheral FPGA, based on Intel specifications and Linux source code analysis. related to the fact that the configuration tables of the IOMMU are initialized in a DRAM region which is not protected from I. INTRODUCTION DMA accesses. A malicious peripheral may benefit from this The evolution and sophistication of recent hardware archi- weakness to modify these tables in memory just before the tectures result from the continuously increasing requirements hardware setup of the IOMMU. for software applications in terms of functionalites, processing This paper is organized as follows. The following two power and speed as well as in terms of memory, storage sections describe fundamental components of the architecture, capacities and communication possibilities. Today, software involved in the identified design weakness: Section II presents applications executed by microprocessors, like video games or some basic technical background about PCI Express bus and electronic systems simulators need high performance levels, communications that are used to perform DMA accesses while need to communicate over different networks and require Section III presents the IOMMU component itself as well services which cannot be provided anymore by the processor as some of its internals, that are necessary for the reader to itself, like persistant external data storage or audio digital to understand the vulnerability as well as its potential exploita- analog encoding, etc. All these services are today provided by tion. Section IV briefly presents some examples of I/O attacks dedicated and independent hardware units which are external discovered so far. Section V describes the vulnerability that we to the processor. These units, called peripherals, need to discovered in the configuration of the IOMMU and a scenario communicate with the processor for system configuration and illustrating the possible exploitation of such vulnerability. data sharing. Section VI proposes some countermeasures to cope with this Before the complexification of microarchitectures, early vulnerability. Finally, Section VII concludes and discusses personal computers and their peripherals were mostly de- future work. signed and built by the same compagny. The peripherals themselves used to be much less complex than today (mi- II. TECHNICAL BACKGROUND crocode, firmwares, etc.). Processor manufacturers used to This section presents basic technical background concepts trust the peripherals. However, with the increasing demand for related to PCI Express bus and communications, which are higher performance levels and hardware services, manufactur- useful to understand the rest of the paper. ers improved input/output possibilities. They even specified normalized communication buses to allow tier manufacturers A. PCI Express bus to complement bare architectures with complex peripherals. Several different bus specifications like Industry Standard Then, to relieve the host processor from performing certain Architecture (ISA) or Peripheral Component Interconnect data copies and operation, DMA cycles have been added to (PCI) have been implemented to support the communications these external buses, allowing as a consequence peripherals between the CPU and the peripherals. Today, the PCI Express to perform read/write accesses to a set of other peripherals bus is used in most personal computers or servers. CPU host to know which ids and memory ranges are responsible for downstream (Figure 2). Bridge Host bridge root port RAM CPU Endpoint Endpoint Host bridge {0x0; 0xfff} [00:00.0] RAM Root Complex Endpoint Endpoint DMAR 0 DMAR 2 [01:00.0] [00.01.0] Switch {0x1000; 0x1fff} DMAR 1 {0x2000; 0x2fff} Bridge upstream port {01:yy.z} {0x1000; 0x1fff} RAM data Root Complex RAM read command Bridge {02-03:yy.z} Read(0xffc, 03:00.0) downstream port {0x3000; 0x4fff} Switch Read completion (03:00.0, 00:00.0) PCI Express {addr1; addr2} Device address range link Downstream port {xx:yy.z} Bridge id range Endpoint Endpoint Upstream port PCI Express link {02:yy.z} {03:yy.z} {0x3000; 0x3fff} {0x4000; 0x4fff} Fig. 1. Logical view of a typical PCI Express compliant architecture Endpoint Endpoint [02:00.0] [03:00.0] {0x3000; 0x3fff}{0x4000; 0x4fff} PCI Express devices are connected with ports and links. A Fig. 2. Memory read message routing port connected to a child device is called a downstream port, while a port connected to a parent device is called an upstream At boot time, the devices are not configured (they do not port. There are three main types of PCI Express devices. The know their own identifier). Indeed, the manufacturer can not root complex, root of the bus hierarchy, is connected to the know the bus on which the device will be plugged. However, CPU thanks to the host bridge and to first level PCI Express when the BIOS ”Basic Input Output Systems” looks for all children devices. These devices can be endpoints (so-called available devices (using the simple assembler instruction mov peripherals in the paper) and bridges (Figure 1). A bridge from the PCI Express space mapped in memory), each mem- connects two different logical bus domains with an upstream ory access is processed by the host bridge. The host bridge and a downstream port. Finally, a switch is a collection of then translates this access into a PCI Express configuration bridges. We note that the root complex can host peripherals request which is routed to the corresponding bus. In particular, and bridges. These bridges possess downstream ports only, this request contains the identifier of the contacted device. So, which are called root ports. if this device is available in the system, it receives this request and then knows its identifier. This step is important to allow B. Communications a device to communicate. Each PCI Express device is identified with a PCI logical bus, PCI Express peripherals are able, through DMA requests, device and function identifier (id), noted bus:dev.fun. This to have access to other peripheral memories and to the main identification is used to route PCI Express messages between RAM, even in the kernel memory regions, without any control devices. of the processor. This raises a major concern from the security A PCI Express message type is defined for every kind of point of view if the peripheral behavior can be controlled by an transactions, like configuration or memory read and write for attacker. To mitigate this threat, Intel has developed a hardware example. A transaction can be posted, which means that it does component to filter PCI Express messages. This component, not expect a reply from the requested device, also it can be called IOMMU, is presented in the next section. non-posted where a reply, called the completion, is needed. For example a memory write is posted because the sender III. IOMMU INTERNALS – DMA REMAPPING doesn’t expect any response. At the opposite, a memory read IOMMUs are designed to virtualize the memory space of is non-posted and leads to the transmission of a memory read the peripherals. An architecture can contain several IOMMUs, completion by the receiver. each one being dedicated to a subset of installed devices The receiver of a message is either identified by its identifier (Figure 2).
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages7 Page
-
File Size-