Memory Tagging + Linux kernel =

or Mitigating Linux kernel memory corruptions with Arm Memory Tagging

Andrey Konovalov, xairy.io

Linux Security Summit

October 1st 2021

Bugs

• Linux kernel has lots of bugs

syzbot

Vulnerabilities

• Some bugs are vulnerabilities

Bad Binder

• Bad Binder: Android In-The-Wild Exploit by Maddie Stone

​

• Use-after-free in the Android Binder driver
• LPE on Pixel and Samsung devices
• Evidence of in-the-wild exploitation
• Discovered by Project Zero in October 2019
• (As it turned out) Reported by syzbot in November 2017

Android vulnerabilities by cause

Queue the Hardening Enhancements, Google Online Security Blog

OOB write

OOB read

Use-after-free

Integer overflow

Other

Incorrect crypto

Uninitialized memory

Android vulnerabilities by cause

Queue the Hardening Enhancements, Google Online Security Blog

OOB write

OOB read

Use-after-free

Integer overflow

Other

Incorrect crypto

Uninitialized memory

90%

Memory corruptions!

Mitigating memory corruptions

• Fixing security bugs is infeasible, not enough resources

⇒ Invest into mitigations instead

• Memory corruptions are the majority

⇒ Focus on them first

​

• There are many memory corruption mitigations: PAN, PXN, CFI, ...
• But they prevent exploitation techniques

​

• Memory tagging aims to prevent memory corruptions

Who am I?

Andrey Konovalov

xairy.io

Agenda

• Intro
• Memory tagging as a concept
• Arm Memory Tagging Extension
• In-kernel MTE aka Hardware Tag-Based KASAN
• Weaknesses of in-kernel MTE
• Outro

Memory tagging

Memory tagging

• A technique to detect (and prevent) memory corruptions

Concept

• Memory is divided into granules of a fixed size

Granule #1

#2

...

#N

Concept

• Memory is divided into granules of a fixed size
• Each memory granule has a tag (aka color)

Granule #1

#2

...

#N

Concept

• Memory is divided into granules of a fixed size
• Each memory granule has a tag (aka color)
• Every pointer has a tag

char *p1

char *p2

Concept

• Memory is divided into granules of a fixed size
• Each memory granule has a tag (aka color)
• Every pointer has a tag
• On allocation, both memory and pointer get a matching random tag

Concept

• Memory is divided into granules of a fixed size
• Each memory granule has a tag (aka color)
• Every pointer has a tag
• On allocation, both memory and pointer get a matching random tag

char *p1

char *p2

Concept

• Memory is divided into granules of a fixed size
• Each memory granule has a tag (aka color)
• Every pointer has a tag
• On allocation, both memory and pointer get the same random tag
• On pointer dereference, pointer tag must match memory tag

==

*p1 = ...;

All is good,

proceed

Concept

• Memory is divided into granules of a fixed size
• Each memory granule has a tag (aka color)
• Every pointer has a tag
• On allocation, both memory and pointer get the same random tag
• On pointer dereference, pointer tag must match memory tag

!=

*(p1 + N) = ...;

Raise an

exception!

From concept to implementation

• This is a nice concept, but what about an implementation?
• We need a mechanism for assigning and checking tags

​

• Software implementations (based on compiler instrumentation) are slow

​

• Hardware implementations require hardware support
• The only one existed was SPARC ADI
• But none in modern widely-used CPUs: x86, Arm
• Up until...

Arm Memory Tagging Extension

Arm Memory Tagging Extension (MTE)

• Arm released an architecture extension that adds memory tagging support
• Armv8.5-A Memory Tagging Extension (search for MTE)

​

• This is only a specification, not an actual implementation
• Manufacturers of Arm-based CPUs can choose to include MTE

​

• CPUs that implement MTE will have built-in support for memory tagging

Implementation details

• How pointer tags are assigned and stored?
• How memory tags are assigned and stored?
• How big are memory granules?
• How many different tags are there?
• How and when tags are compared?
• What happens on tag mismatch?

Arm Top Byte Ignore (TBI)

• An option to ignore 8 most significant bits of virtual addresses on accesses

• The top byte can be used to store pointer tags
• 256 different tags if the whole byte is used

​

• (Enabled by setting TBI0/TBI1 bits in TCR_EL1 register)

0x42ff801234567800

MTE pointer tags

• MTE relies on TBI

• MTE uses 4 bits from the top byte to store pointer tag
• Therefore, MTE allows 16 different tags

​

• (MTE pointer tags are also called logical tags)

0xf2ff801234567800

MTE memory tags

• Each memory granule is 16 bytes; each memory tag is 4 bits
• Memory tags are stored in a reserved part of RAM
• 4-bits tag for each 16 bytes ⇒ memory tags take up 3% of RAM

Memory tags

Memory granules

MTE memory tags

• (MTE memory tags are also called allocation tags)

MTE instructions

MTE tag checking modes

• On mismatch, sync: raise exception, async: set bit in TFSR_EL1
• (Mode selected via TCF bits of SCTLR_EL1 register)

• CPU checks tags when executing normal Load/Store instructions

Summary

• MTE is a hardware implementation of memory tagging for Arm CPUs

​

• MTE provides:
• A way to store pointer and memory tags
• Instructions to manipulate memory tags
• Built-in CPU checks to validate them

Detailed summary

• Introduced in Armv8.5 Instruction Set Architecture; 64-bit only
• No hardware yet, but there's QEMU (-machine virt,mte=on) and Clang/GCC support

​

• Every aligned 16 bytes of memory have a 4-bit tag stored in a dedicated RAM region
• Every pointer has a 4-bit tag stored in the top byte relying on TBI
• New instructions to manipulate memory tags
• Normal Load/Store instructions check tags and report exceptions on mismatch
• Exceptions reported either synchronously or asynchronously

​

• More details in the paper

Next step

• Now we need to integrate MTE into the kernel

In-kernel MTE

or Hardware Tag-Based KASAN

Integration parts

1. arm64 infrastructure
• Properly set up system registers during boot
• Provide routines for setting and getting memory tags
• Allow receiving tag mismatches notifications (for both, sync and async)
• Thanks to Vincenzo Frascino and Catalin Marinas for implementing this

​

• Use part #1 to implement a memory-tagging–based mitigation in the kernel
• Focus of this talk

Implementing part #2

• We need to assign memory and pointer tags in the allocator
• Can call MTE routines directly
• But there's a tool that does almost this — KASAN

KASAN Overview

• KASAN (KernelAddressSANitizer) — dynamic bug detector for the Linux kernel

​

• Finds use-after-frees and out-of-bounds in heap, stack, and globals
• Easy to use: build with CONFIG_KASAN=y and run the kernel
• No false positives (except for occasional bugs in KASAN)

​

• ~2x slowdown, ~2x memory overhead

KASAN vs MTE implementation

• Performs checks before every memory access
• Exactly like MTE
• Compiler instrumentation for insert those checks
• With MTE, CPU does checks internally
• Shadow memory for storing memory metadata
• With MTE, tags are stored in a reserved RAM region
• Allocator annotations
• This part we can adapt and reuse

Software Tag-Based KASAN

• The way KASAN works is very similar to MTE
• KASAN even has a software memory tagging mode
• (This mode was implemented knowing that MTE is coming)

​

• Software Tag-Based KASAN
• Memory Tagging for the Kernel: Tag-Based KASAN [slides] [video]

Hardware Tag-Based KASAN

• Hardware Tag-Based KASAN
• "Tag-Based": based on memory tagging concept
• "Hardware": uses hardware memory tagging — ARM MTE (and TBI)
• I also refer to this mode as MTE-based KASAN or in-kernel MTE

​

• Intended to be used in production as a mitigation

​

• Builds on top of MTE routines provided by arm
• Reuses KASAN annotations and adapts their implementation
• Prints bug reports on MTE exceptions

Allocator annotations

void *kmalloc(size) {

void *ptr = ...;

return ptr;

}

void *kmalloc(size) {

size = round_up(size, 16);

void *ptr = ...;

return kasan_kmalloc(ptr);

}

• With in-kernel MTE, kmalloc():
• Rounds up object size to granule size
• Calls kasan_kmalloc(), which:
• Generates a random tag
• Tags allocated memory and the returned pointer

Preventing memory corruptions

with Hardware Tag-Based KASAN

Allocating memory

char *p = kmalloc(35);

Allocating memory

char *p = kmalloc(35); // ends up in kmalloc-64 cache

• Align object size (35) up to granule size (16)�and choose a suitable location for the object

Allocating memory

char *p = kmalloc(35);

Memory tags

Allocating memory

char *p = kmalloc(35);

• Align object size (35) up to granule size (16)
• Choose a random tag (say, 0x2)

Allocating memory

char *p = kmalloc(35); // 0xf2ff801234567800

• Align object size (35) up to granule size (16)
• Choose a random tag (say, 0x2)
• Mark pointer and memory with the chosen tag

Allocating memory

char *p = kmalloc(35); // 0xf2ff801234567800

• Align object size (35) up to granule size (16)
• Choose a random tag (say, 0x2)
• Mark pointer and memory with the chosen tag
• Mark leftover memory with a reserved tag (0xE == KASAN_TAG_INVALID)

Allocating memory

char *p = kmalloc(35); // 0xf2ff801234567800

• Align object size (35) up to granule size (16)
• Choose a random tag (say, 0x2)
• Mark pointer and memory with the chosen tag
• Mark leftover memory with a reserved tag (0xE == KASAN_TAG_INVALID)
• Return tagged pointer

Allocating memory

char *p = kmalloc(35); // 0xf2ff801234567800

Memory tags

In-bounds

char *p = kmalloc(35);

p[20] = ...;

==

Preventing out-of-bounds

char *p = kmalloc(35);

p[..] = ...;

Preventing out-of-bounds

char *p = kmalloc(35);

p[50] = ...;

Preventing out-of-bounds

char *p = kmalloc(35);

p[50] = ...; // out-of-bounds:

!=

Raise an

exception!

Preventing out-of-bounds

char *p = kmalloc(35);

p[70] = ...;

Preventing out-of-bounds

char *p = kmalloc(35);

p[70] = ...; // out-of-bounds:

!=

Raise an

exception!

(Not) preventing out-of-bounds

char *p = kmalloc(35);

p[70] = ...;

Could be the same,

if tags are random

(Not) preventing out-of-bounds

char *p = kmalloc(35);

p[70] = ...; // out-of-bounds missed:

==

• Memory tagging limitation: misses bugs if tags happen to be the same
• The chance is about 1/16 ≅ 6%

Could be the same,

if tags are random

(Not) preventing out-of-bounds

char *p = kmalloc(35);

p[40] = ...;

(Not) preventing out-of-bounds

char *p = kmalloc(35);

• Even though offset 40 is out-of-bounds of requested 35-byte region
• Memory tagging limitation: can't detect small out-of-bounds in the last granule

p[40] = ...; // out-of-bounds missed:

==

Preventing use-after-free

char *p = kmalloc(35);

kfree(p);

p[8] = ...;

Preventing use-after-free

char *p = kmalloc(35);

kfree(p); // retag memory:

Preventing use-after-free

char *p = kmalloc(35); // 0xf2ff801234567800

kfree(p); // retag memory:

0x2

0xE

Memory tags

Preventing use-after-free

char *p = kmalloc(35);

kfree(p); // retag memory:

p[8] = ...;

Preventing use-after-free

char *p = kmalloc(35);

kfree(p); // retag memory:

p[8] = ...; // use-after-free:

!=

Raise an

exception!

Preventing use-after-realloc

char *p = kmalloc(35);

kfree(p); q = kmalloc(60);

Preventing use-after-realloc

char *p = kmalloc(35);

kfree(p); q = kmalloc(60); // if lands on p:

p[8] = ...;

Preventing use-after-realloc

char *p = kmalloc(35);

kfree(p); q = kmalloc(60); // if lands on p:

p[8] = ...; // use-after-free:

!=

Raise an

exception!

(Not) preventing use-after-realloc

char *p = kmalloc(35);

kfree(p); q = kmalloc(60); // if lands on p:

p[8] = ...;

(Not) preventing use-after-realloc

char *p = kmalloc(35);

kfree(p); q = kmalloc(60); // if lands on p:

p[8] = ...; // use-after-free missed:

==

Implementation details

of Hardware Tag-Based KASAN

Reserved tags

• "Invalid" memory tag — 0xE
• Used to tag freed memory and leftover granules in slab objects
• This is a memory tag, no pointers with the "invalid" tag are generated

​

• Match-all pointer tag — 0xF
• Accesses through pointers with this tag are not checked
• This a pointer tag, there are no match-all memory tags
• Simplifies object handling in allocator (also see this)
• 0xF chosen to match top byte of native kernel pointers 0xFF

Tagged memory

• Currently: slab and page_alloc
• Future: vmalloc, stack and globals

More details

• Command-line parameters to disable KASAN, choose MTE mode, disable stack trace collection, enable panic on tag-mismatch
• No redzones when stack collection is disabled. Otherwise, stack traces stored in redzones
• Integration with memory init: set tags and initialize memory at the same time
• Don't disable cache merging without stack trace collection, unlike other modes
• Checks for invalid/double-free, invalid-krealloc, invalid-ksize
• Preassigned tags for caches with constructors and SLAB_TYPESAFE_BY_RCU caches
• page_alloc tags stored in page flags
• Tests to check that MTE-based KASAN detects memory corruptions
• Relevant source code files: ls mm/kasan/*; find arch/arm64 -name *mte*
• Open KASAN bugs

RAM impact

Performance impact

• No CPUs released, so no one knows. Expected:

Summary

• New KASAN mode called Hardware Tag-Based KASAN based on MTE
• Detects out-of-bounds and use-after-frees, sometimes probabilistically
• Can be used as either a production mitigation or a fast memory bug detector

​

• Merged into mainline in 5.11
• Testing requires fresh QEMU and Clang/GCC with MTE support
• Enabled with CONFIG_KASAN_HW_TAGS
• Command line arguments for prod mode:�stack_depot_disable=on kasan.stacktrace=off

Weaknesses

of Hardware Tag-Based KASAN

Non-tagged memory

• vmalloc, stack and globals are not tagged

⇒ Can be targeted by an exploit

​

• However, these will be covered by MTE in the future

Probabilistic detection

• Probability of MTE missing a bug is ~7%

​

• We could detect linear-buffer-overflows with a 100% guarantee
• Give different (but still random) tags to neighbouring memory blocks
• Also use-after-realloc with a similar approach

​

• If attacker can retry the exploit ⇒ will succeed sooner or later

⇒ Need to panic on mismatches

⇒ Single attempt to run the exploit

Async window

• Async mode is expected to be faster than sync
• But with async, there’s a window between a tag mismatch and its detection
• Might be possible to execute payload before the bug is detected

Match-all tag

• If attacker can craft arbitrary pointers with match-all tag

⇒ Can access any memory

• But if crafting pointers requires corrupting memory

⇒ MTE will detect this

​

• Might be possible to get rid of the match-all tag
• Need to carefully annotate allocator
• (And also deal with this)

Intra-object-overflows

• MTE can’t detect intra-object-overflows
• E.g. buffer-overflows within a struct
• The whole object is marked with the same tag

​

• MTE can detect certain intra-object-overflows
• E.g. overflows between blocks in custom allocators
• Via additional annotations:�assigning different tags to blocks or adding redzones

More

• MTE can’t detect type-confusions
• E.g. casting a pointer to incorrect struct and accessing fields
• (Unless the access is out-of-bounds)

​

• MTE can’t detect logical bugs
• (Unless there's a memory corruption)

Summary

• MTE has weaknesses, but detects the main types of memory corruptions
• A long road of bypasses and fixes awaits

​

• Also see Security analysis of memory tagging [paper]

Outro

Summary

• MTE is supported in the kernel via Hardware Tag-Based KASAN
• Detects many memory corruptions with a ~93% probability
• Can be used as a mitigation in production or a fast memory bug detector

Promising future

• MTE-enabled Armv9 CPU microarchitectures announced
• Cortex-X2, Cortex-A710, and Cortex-A510

​

• In-kernel MTE enabled in the Android 12 Generic Kernel Image
• Might still be disabled via command line on actual devices
• In the worst case, we will have a fast KASAN :)

Call to action

(For device manufacturers, distro vendors, and kernel developers)

​

1. Run tests with KASAN
• At least make sure the kernel boots without reports
2. Use Software Tag-Based KASAN on testing devices
• To prepare for MTE and find potential incompatibilities
3. Enable Hardware Tag-Based KASAN when CPUs are released
• To mitigate memory corruptions

Thanks!

Andrey Konovalov, xairy.io

Extra

Report: mode=sync, stacktrace=on [1/4]

==================================================================

BUG: KASAN: invalid-access in kmalloc_oob_right+0x1ac/0x23c lib/test_kasan.c:144

Read at addr f2ff0000039ca880 by task kunit_try_catch/102

Pointer tag: [f2], memory tag: [fe]

​

CPU: 0 PID: 102 Comm: kunit_try_catch Tainted: G B 5.14.0-rc5 #389

Hardware name: linux,dummy-virt (DT)

Call trace:

...

el1h_64_sync_handler+0x50/0x80 arch/arm64/kernel/entry-common.c:318

el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:569

kmalloc_oob_right+0x1ac/0x23c lib/test_kasan.c:144

...

​

Report: mode=sync, stacktrace=on [2/4]

Allocated by task 102:

...

kasan_kmalloc include/linux/kasan.h:264

kmem_cache_alloc_trace include/linux/slab.h:489

kmalloc include/linux/slab.h:591

kmalloc_oob_right+0x60/0x23c lib/test_kasan.c:127

...

​

Freed by task 0:

(stack is not available)

​

Report: mode=sync, stacktrace=on [3/4]

The buggy address belongs to the object at ffff0000039ca800

which belongs to the cache kmalloc-128 of size 128

The buggy address is located 0 bytes to the right of

128-byte region [ffff0000039ca800, ffff0000039ca880)

The buggy address belongs to the page:

page:(____ptrval____) refcount:1 mapcount:0

mapping:0000000000000000 index:0xf6ff0000039ca600 pfn:0x439ca

flags: 0xffff00000000200(slab|node=0|zone=0|lastcpupid=0xffff|kasantag=0x0)

raw: 0ffff00000000200 0000000000000000 dead000000000122 f5ff000002401200

raw: f6ff0000039ca600 000000008010000f 00000001ffffffff 0000000000000000

page dumped because: kasan: bad access detected

​

Report: mode=sync, stacktrace=on [4/4]

Memory state around the buggy address:

ffff0000039ca600: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe

ffff0000039ca700: f6 f6 f6 f6 f6 f6 f6 fe fe fe fe fe fe fe fe fe

>ffff0000039ca800: f2 f2 f2 f2 f2 f2 f2 fe fe fe fe fe fe fe fe fe

^

ffff0000039ca900: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe

ffff0000039caa00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe

==================================================================

Report: mode=async

==================================================================

BUG: KASAN: invalid-access

Asynchronous mode enabled: no access details available

​

CPU: 1 PID: 102 Comm: kunit_try_catch Not tainted 5.14.0-rc5 #389

Hardware name: linux,dummy-virt (DT)

​

Report: mode=async

Call trace:

...

kasan_report_async+0xf0/0x170 mm/kasan/report.c:378

mte_check_tfsr_el1+0x40/0x44 arch/arm64/kernel/mte.c:191

mte_check_tfsr_entry arch/arm64/include/asm/mte.h:108

enter_from_kernel_mode+0x24/0x48 arch/arm64/kernel/entry-common.c:49

enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:113

el1_interrupt+0x28/0xa0 arch/arm64/kernel/entry-common.c:350

el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:367

el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:570

kmalloc_type include/linux/slab.h:348

...

==================================================================

Links

• Armv8.5-A Memory Tagging Extension [paper] (search for MTE)
• Memory Tagging and how it improves C/C++ memory safety [paper]
• Memory Tagging and how it improves C/C++ memory safety [slides]
• Security analysis of memory tagging [paper]
• Towards a fully sanitizable C++, with the help from hardware [slides]
• Adopting the Arm Memory Tagging Extension in Android [article]
• Memory Tagging Extension (MTE) in AArch64 Linux [doc]
• Keep Your App’s Memory Safe with Arm Memory Tagging Extension (MTE) [article]

Thanks

• Alexander Potapenko <glider@google.com>
• Dmitry Vyukov <dvyukov@google.com>
• Evgenii Stepanov <eugenis@google.com>
• Kostya Serebryany <kcc@google.com>
• Marco Elver <elver@google.com>
• Peter Collingbourne <pcc@google.com>
• Branislav Rankov <Branislav.Rankov@arm.com>
• Catalin Marinas <catalin.marinas@arm.com>
• Kevin Brodsky <kevin.brodsky@arm.com>
• Vincenzo Frascino <vincenzo.frascino@arm.com>
• Will Deacon <will@kernel.org>