randprotect: KSM: eliminate the KSM COW side channel
KSM is known to introduce a side channel, that has been analyzed by
numerous papers in literature in the past years [1] and also
documented in the various product docs [2]. There was a proposal [3]
also on how to close both the "write" side channel created by the
write protect fault as well as the "read" side channel created by
physically indexed CPU caches.
Until now the KSM side channel could be only accessed locally, but a
new paper [4] [5] however shows the "write" side channel can be also
accessed remotely in certain circumstances. The new paper submitted to
arxiv.org on 16 Nov 2021 classifies this new vector as CVE-2021-3714.
The "write" side channel materializes because if an attacker has
control on the data payload that KSM will try to deduplicate, it
becomes possible to measure which data is equal in different
guests (or processes using MADV_MERGEABLE, or other processes within
the same guest) by timing the write access latency after a couple of
KSM scans without modifications to the data.
This patches introduces a technique that write protects also those
candidate pages that aren't changing frequently, but that aren't
equal, based on a Bernoulli distribution "p" (implemented as
1/2). This results in more COWs, but only for those pages that are
candidate for merging because their payload didn't change frequently
in the first place.
At the same time those pages that can be de-duplicated won't be write
protected based on the same Bernoulli distribution "p". This reduces
the effectiveness of the KSM scan, but it doesn't waste extra CPU
other than the scan itself.
After a page stops changing for two full KSM scans and it becomes a
candidate page for de-deuplication, there will be a 50% chance that a
page is generating a measurable high "write" latency, regardless if it
is merged or not, in turn the attacker cannot tell if the page that
generated high write access latency, is a PageKSM or not.
The new secure default is:
echo 50 > /sys/kernel/mm/ksm/matched_random_distribution
echo 50 > /sys/kernel/mm/ksm/unmatched_random_distribution
To restore the less secure behavior:
echo 100 > /sys/kernel/mm/ksm/matched_random_distribution
echo 0 > /sys/kernel/mm/ksm/unmatched_random_distribution
For QA (to retain the determinism of the KSM scan while still
activating the side channel obfuscation on unmatched pages):
echo 100 > /sys/kernel/mm/ksm/matched_random_distribution
echo 50 > /sys/kernel/mm/ksm/unmatched_random_distribution
[1] https://svs.informatik.uni-hamburg.de/publications/2018/2018-04-10-Lindemann-Memory-Deduplication-Side-Channel.pdf
[2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_tuning_and_optimization_guide/chap-ksm
[3] https://download.vusec.net/papers/vusion_sosp17.pdf
[4] https://arxiv.org/abs/2111.08553
[5] https://arxiv.org/pdf/2111.08553.pdf
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
2 files changed
