Exploiting and Mitigating Speculative Race Conditions
GhostRace: CVE-2024-2193
Race conditions arise when multiple threads attempt to access a shared resource without proper synchronization, often leading to vulnerabilities such as concurrent use-after-free. To mitigate their occurrence, operating systems rely on synchronization primitives such as mutexes, spinlocks, etc.
In this work, we present GhostRace, the first security analysis of these primitives on speculatively executed code paths.
Our key finding is that all the common synchronization primitives implemented using conditional branches (Figure 1) can be microarchitecturally bypassed on speculative paths using a Spectre-v1 attack, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs), allowing attackers to leak information from the target software.
Our GhostRace Paper (PDF) is accepted for publication at the 33rd USENIX Security Symposium 2024. This is a joint project with the Systems Security Research Group at IBM Research Europe.
Speculative Synchronization Primitives
Our analysis shows all the other common write-side synchronization primitives in the Linux kernel are ultimately implemented through a conditional branch and are therefore vulnerable to speculative race conditions.
To experimentally confirm this intuition, we tested all such synchronization primitives under speculative execution after mistraining the vulnerable branch. In all cases, we confirmed transient execution of the guarded critical region despite another victim thread already architecturally executing in the region. To determine the transient window size, we measured the maximum number of speculative load instructions we could speculatively execute inside the critical region (Figure 2).
SCUAF Gadget Scanner
To investigate the severity of SRCs, we concentrate on Speculative Concurrent Use-After-Free (SCUAF) and statically scan the Linux kernel with Coccinelle (Figure 3), discovering 1,283 potentially exploitable gadgets.
IPI Storming: CVE-2024-26602
To win an SRC, we need to interrupt the execution of the victim process at the right point (i.e., when the dangling pointer is created), and keep the victim there forever so that the attacker can perform the SCUAF attack. In order to achieve this, we created a new exploitation technique called Inter-Process Interrupt (IPI) Storming, which consists of infinitely flooding the victim process’s CPU core with IPIs once interrupted so that it never finishes handling the incoming interrupts, resulting in creating an unbounded exploitation window that allows the attacker to execute an arbitrary number of SCUAF invocations to mount an end-to-end attack within a single race window. In Figure 4 we show how the increasing number of storming SMTs widens the UAF exploitation window.
SCUAF Information Disclosure Attacks
Furthermore, we show that SCUAF information disclosure attacks (Figure 5) on the kernel are feasible and can match the reliability of typical Spectre attacks, with our proof of concept leaking kernel memory at 12 KB/s.
Code
You can find a minimalistic PoC exemplifying the concept of SRC in a step-by-step single-threaded fashion, Coccinelle SCUAF-scanning scripts, and 1200+ SCUAF gadgets found in the Linux kernel at https://github.com/vusec/ghostrace
Affected Hardware & Software
While we have explicitly focused on x86 and Linux in the paper, SRCs also affect other hardware and software targets.
Hardware: We have confirmed that all the major hardware vendors are affected by SRCs since, regardless of the particular compare-and-exchange instruction implementation, the conditional branch that follows is subject to branch (mis)prediction. In other words, all the microarchitectures affected by Spectre-v1 are also affected by SRCs.
Software: Any target relying on conditional branches to determine whether to enter critical regions—a common design pattern that extends well beyond Linux—is vulnerable to SRCs.
In summary, any software, e.g., operating system, hypervisor, etc., implementing synchronization primitives through conditional branches without any serializing instruction on that path and running on any microarchitecture (e.g., x86, ARM, RISC-V, etc.), which allows conditional branches to be speculatively executed, is vulnerable to SRCs. As in other speculative execution attacks, this allows leaking data from the target software.
Mitigation
To address the new attack surface, we also propose a generic SRC mitigation to serialize all the affected synchronization primitives on Linux (i.e., adding an lfence
instruction after the lock cmpxchq
in Figure 1). Our mitigation requires minimal kernel changes (i.e., 2 LoC) and incurs only ≈5% geomean performance overhead on LMBench.
Disclosure
We disclosed Speculative Race Conditions to the major hardware vendors (Intel, AMD, ARM, and IBM) and the Linux kernel in late 2023.
Hardware vendors have further notified other affected software (OS/hypervisors) vendors, and all parties have acknowledged the reported issue (CVE-2024-2193). Specifically, AMD responded with an explicit impact statement (i.e., “existing [Spectre-v1] mitigations apply”), pointing to the attacks relying on conditional branch mis-speculation, like Spectre-v1.
The Linux kernel developers have no immediate plans to implement our proposed serialization of synchronization primitives due to performance concerns. However, they confirmed the IPI storming issue (CVE-2024-26602) and implemented an IPI rate-limiting feature to address the CPU saturation issue by adding a synchronization mutex on the path of sys_membarrier and avoiding its concurrent execution on multiple cores. Unfortunately, as our experiments show (Figure 4), hindering IPI storming primitives (i.e., 0 storming cores) is insufficient to close the attack surface completely.
Acknowledgments
We would like to thank the anonymous reviewers for their feedback, Andrew Cooper for his early comments on the paper, Julia Lawall for the Coccinelle clarifications, and Alessandro Sorniotti for the early discussions about the project. This work was partially supported by Intel Corporation through the “Allocamelus” project, by the Dutch Research Council (NWO) through project “INTERSECT”, and by the European Union’s Horizon Europe program under grant agreement No. 101120962 (“Rescale”).