Intel® ISA Extensions
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Intel TSX sigsegv notifications

Perissinotto__Alessi
1,406 Views

Regarding Intel TSX instruction set, it does not notify the OS if an sigsegv occurs but it just abort the transaction and roll back the operations done. What would imply notifying the OS of the sigsegv in term of the processor performances? Ideally would it be reasonable to modify the acting if the TSX in that sense?

Thanks very much,

Best regards

Alessia

0 Kudos
11 Replies
James_C_Intel2
Employee
1,406 Views

What would imply notifying the OS of the sigsegv in term of the processor performances?

The issue is not one of performance, but semantics and correctness. You would have to commit the transaction (making all of its writes so far globally visible) before you could notify the OS, but that would break the isolation that TSX is giving you. You might have committed a transaction which would later abort, or exposed an incomplete state which shouldn't be globally visible.

This would be like arbitrarily dropping a lock surrounding a critical section on a pagefault inside the critical section...

Ideally would it be reasonable to modify the acting if the TSX in that sense?

For the reasons above the answer is "No, it would not be reasonable"

0 Kudos
Perissinotto__Alessi
1,406 Views

But wouldn't make sense just abort the transaction without committing it and in this moment notifying the OS?

 

0 Kudos
James_C_Intel2
Employee
1,406 Views

But wouldn't make sense just abort the transaction without committing it and in this moment notifying the OS?

No, because if the transaction aborts then it should have no effects at all. If the code in the transaction conceptually didn't execute, then it can't have caused a SEGV (or page-fault), so there is nothing to report.

0 Kudos
Perissinotto__Alessi
1,406 Views

I was thinking about an attacker trying to probe the memory location to find writable ones without causing an exception to the OS that may terminate the process he is using and uses TSX to do this silent probing. How can Intel TSX can be modified in order to avoid that?

 

0 Kudos
James_C_Intel2
Employee
1,406 Views

Surely if you are already executing inside the process, you have complete control anyway, so this seems uninteresting. On Linux you could open /proc/self/maps and find out the whole of the process memory map! 

However, I am not a security expert. If you have an attack, please report it and I can assure you it will be taken very seriously!

0 Kudos
Perissinotto__Alessi
1,406 Views

I am actually referring to the context of an Intel SGX enclave that is calling TSX instructions from inside it so it does not have access to the memory mapping and it wants to blindly probe memory locations to produce an ROP attack.

The whole procedure is described in the following paper: https://arxiv.org/abs/1902.03256

The main point is that we need to notify the OS when an segv occurs inside the transaction. In any case a transaction that is subject to a segmentation fault will be aborted and none of its actions will be committed so where is the problem in notifying the OS?

Best

Alessia

0 Kudos
James_C_Intel2
Employee
1,406 Views

Since there is a published paper, I am sure our security folk are already on the case. Since I am not one of them, and am not a security expert, I will now shut up!

0 Kudos
Perissinotto__Alessi
1,406 Views

To who should I ask then?

 

0 Kudos
James_C_Intel2
Employee
1,406 Views

So you don't feel that you have been dropped... I am trying to find someone. It would also be useful if you could complete your profile so that we can communicate with you off-list. 

0 Kudos
Perissinotto__Alessi
1,406 Views

Thank you so much, I am going to update my profile immediately!

0 Kudos
James_C_Intel2
Employee
1,406 Views

It appears that a better place to ask these questions would be the SGX forum 

If you ask there at least you'll be talking to people who know more about this than us generalists over here :-)

0 Kudos
Reply