[논문 리뷰] SoftTRR: Protect Page Tables against Rowhammer Attacks using Software-only Target Row Refresh

Authors:

Zhi Zhang, CSIRO’s Data61, Australia; Yueqiang Cheng, NIO Security Research; Minghua Wang, Baidu Security; Wei He and Wenhao Wang, State Key Laboratory of Information Security, Institute of Information Engineering, CAS and University of Chinese Academy of Sciences; Surya Nepal, CSIRO’s Data61, Australia; Yansong Gao, Nanjing University of Science and Technology, China; Kang Li, Baidu Security; Zhe Wang and Chenggang Wu, State Key Laboratory of Computer Architecture, Institute of Computing Technology, CAS and University of Chinese Academy of Sciences

 

Journal/Conference:

USENIX ATC '22

 

Source:

https://www.usenix.org/conference/atc22/presentation/zhang-zhi

 

---

Abstract

Rowhammer attacks that corrupt level-1 page tables to gain kernel privilege are the most detrimental to system security and hard to mitigate. However, recently proposed software-only mitigations are not effective against such kernel privilege escalation attacks. In this paper, we propose an effective and practical software-only defense, called SoftTRR, to protect page tables from all existing rowhammer attacks on x86. The key idea of SoftTRR is to refresh the rows occupied by page tables when a suspicious rowhammer activity is detected. SoftTRR is motivated by DRAM-chip-based target row refresh (ChipTRR) but eliminates its main security limitation (i.e., ChipTRR tracks a limited number of rows and thus can be bypassed by many-sided hammer [17]). Specifically, SoftTRR protects an unlimited number of page tables by tracking memory accesses to the rows that are in close proximity to page-table rows and refreshing the page-table rows once the tracked access count exceeds a pre-defined threshold. We implement a prototype of SoftTRR as a loadable kernel module, and evaluate its security effectiveness, performance overhead, and memory consumption. The experimental results show that SoftTRR protects page tables from real-world rowhammer attacks and incurs small performance overhead as well as memory cost.

 

---

Motivation

 

  SoftTRR is to protect page tables from all existing rowhammer attacks on x86. The key idea is to refresh the rows occupied by page tables when a suspicious rowhammer activity is detected. Existing software-only mitigations require modifications to memory allocator and they are not effective against all the kernel privilege escalation attacks. SoftTRR is motivated by ChipTRR. Since it tracks a limited number of rows, SoftTRR addresses this limitation by monitoring and tracking all rows neighboring (victim) rows containing page tables

  Rowhammer-induced page tables corruption is the most detrimental to system security and hard to mitigate (CTA ASPLOS’19). Rowhammer is firstly studied on DDR3 modules by Kim et al. (ISCA’14), results of which have shown that frequent reading rows n+1 & n-1 cause charge leakage (bit flips) in row n. There are four hammer patterns in existing works: double-sided hammer, single-sided hammer, one-location hammer, and many-sided hammer. Mainstream rowhammer attacks target level-1 page table corruption.

---

Prior works

 

  Existing mitigations are ineffective or non-practical. Existing hardware solutions employed by the industry can be summarized into three main categories: (1) to decrease the DRAM refresh period, (2) Error Correcting Code (ECC) memory to correct single-bit errors and detect double-bit errors, (3) ChipTRR. All the solutions can’t fully mitigate rowhammer because they have been reverse-engineered and defeated. Moreover, some of them have unacceptable overhead. Software defenses can be categorized into two: (1) to modify memory allocator and enforce DRAM-aware memory isolation at different granularity, (2) to utilize hardware specific information. All the paradigms are non-practical and inefficient because they require huge changes of current operating systems (and may even hardware operations as well) and even more they are still vulnerable to the PThammer attack.

---

SoftTRR

 

  The main goal is to protect page tables from rowhammer attacks by addressing the limitations of ChipTRR while providing following three core aspects: (1) effectiveness in protecting page tables from explicit and implicit attacks, (2) compatibility with OS kernels, (3) small performance overhead to a commodity system.

 

  SoftTRR focuses on protecting level-1 page tables (L1PTs) that are targeted by both explicit and implicit rowhammer attacks. SoftTRR has three critical components: Page table collector, Adjacent Page Tracer, Row refresher.

•    Page table collector asks task_struct and hooks L1PT alloc and free functions for page collection (i.e. L1PT pages, DRAM-adjacent pages, and their DRAM row locations). Page table collector maintains three red-black trees for the collected information (i.e. pt_rbtree, adj_rbtree, and pt_row_rbtree). Page table collector treats the adjacent distance up to 6-row from a row hosting L1PTs (based on Kim et al. ISCA’20)
•    By configuring rsrv in leaf PTEs, Adjacent page tracer leverages page tables and page-fault handler to frequently trace memory accesses to any rows adjacent to rows hosting page-tables. Adjacent page tracer can trace adjacent page access. When adjacent page access occurred, page fault handler is triggered and the access count increases. To set up rsrv bit in leaf PTEs periodically, Adjacent page tracer determines the threshold according to timer_intr and count_limit and means that no bit flip will be caused by hammering within the threshold, which is calculated as timer_inr×(count_limit− 1). The authors define a safe threshold is 1 ms based on Kim et al. ISCA’20 (timer_inr is set to 1 ms and count_limit is set to 2).
•    If access count reaches the count_limit, the row refresher refreshes desired rows.

---

Evaluation

 

• Security evaluation showed that proposed method mitigates three popular rowhammer attacks target corrupting level-1 page tables: Memory Spray (Blackhat’15), CATTmew(IEEE TDSC’19), Pthammer(MICRO’20).

• Through three benchmark tests over SPECspeed2017 Integer, Memcached, and Phoronix on a DDR4 based linux machine, it showed that the average slowdown is incurred only within 0.83%.

• For the evaluation for memory consumption, the authors constructed a LAMP server (i.e., Linux, Apache, MySQL and PHP) and tested it for an hour. The memory costs increase gradually and reach a relatively stable level in the last 15 minutes (less than 600 KiB).
• Lastly, the evaluation results of stress test from Linux Test Project showed clearly that there is no deviation for the SoftTRR-based system compared to the vanilla system.

---

Conclusion

  SoftTRR is a more effective and practical software-only mitigation, compared to existing works. In its implementation, SoftTRR works as a loadable kernel module to defend against rowhammer attacks on L1PT pages. SoftTRR leverages MMU and OS kernel features to collect L1PT pages, track memory access, and refresh target L1PT pages

 

  However, DMA-based root privilege escalation attack (i.e. Drammer) may be possible. To mitigate this, additional hardware supports or sophisticated DMA memory isolation techniques are required. This inevitably involves additional overhead. It would be better if additional experiments on real workloads are conducted, as well.

  Moreover, there are no fundamental mitigations for DoS attacks. Because SoftTRR have to flush TLB cache when the number of access to specific pages reaches threshold, latency-sensitive applications may suffer from significant performance degradation (i.e. cache servers, mobility applications, etc.).

  Triggering page fault handler to count the number of access is the marginal cost as well.