Windows 10: Analysis and mitigation of L1 Terminal Fault (L1TF)

Brink · Aug 15, 2018

In January 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown). In this blog post, we will provide a technical analysis of a new speculative execution side channel vulnerability known as L1 Terminal Fault (L1TF) which has been assigned CVE-2018-3615 (for SGX), CVE-2018-3620 (for operating systems and SMM), and CVE-2018-3646 (for virtualization). This vulnerability affects Intel Core processors and Intel Xeon processors.

This post is primarily geared toward security researchers and engineers who are interested in a technical analysis of L1TF and the mitigations that are relevant to it. If you are interested in more general guidance, please refer to Microsoft's security advisory for L1TF.

Please note that the information in this post is current as of the date of this post.

L1 Terminal Fault (L1TF) overview

We previously defined four categories of speculation primitives that can be used to create the conditions for speculative execution side channels. Each category provides a fundamental method for entering speculative execution along a non-architectural path, specifically: conditional branch misprediction, indirect branch misprediction, exception delivery or deferral, and memory access misprediction. L1TF belongs to the exception delivery or deferral category of speculation primitives (along with Meltdown and Lazy FP State Restore) as it deals with speculative (or out-of-order) execution related to logic that generates an architectural exception. In this post, we’ll provide a general summary of L1TF. For a more in-depth analysis, please refer to the advisory and whitepaper that Intel has published for this vulnerability.

L1TF arises due to a CPU optimization related to the handling of address translations when performing a page table walk. When translating a linear address, the CPU may encounter a terminal page fault which occurs when the paging structure entry for a virtual address is not present (Present bit is 0) or otherwise invalid. This will result in an exception, such as a page fault, or TSX transaction abort along the architectural path. However, before either of these occur, a CPU that is vulnerable to L1TF may initiate a read from the L1 data cache for the linear address being translated. For this speculative-only read, the page frame bits of the terminal (not present) page table entry are treated as a system physical address, even for guest page table entries. If the cache line for the physical address is present in the L1 data cache, then the data for that line may be forwarded on to dependent operations that may execute speculatively before retirement of the instruction that led to the terminal page fault. The behavior related to L1TF can occur for page table walks involving both conventional and extended page tables (the latter of which is used for virtualization).

To illustrate how this might occur, it may help to consider the following simplified example. In this example, an attacker-controlled virtual machine (VM) has constructed a page table hierarchy within the VM with the goal of reading a desired system (host) physical address. The following diagram provides an example hierarchy for the virtual address 0x12345000 where the terminal page table entry is not present but contains a page frame of 0x9a0 as shown below:

After setting up this hierarchy, the VM could then attempt to read from system physical addresses within [0x9a0000, 0x9a1000) through an instruction sequence such as the following:

01: 4C0FB600 movzx r8,byte [rax] ; rax = 0x12345040
02: 49C1E00C shl r8,byte 0xc
03: 428B0402 mov eax,[rdx+r8] ; rdx = address of signal array

By executing these instructions within a TSX transaction or by handling the architectural page fault, the VM could attempt to induce a speculative load from the L1 data cache line associated with the system physical address 0x9a0040 (if present in the L1) and have the first byte of that cache line forwarded to an out-of-order load that uses this byte as an offset into a signal array. This would create the conditions for observing the byte value using a disclosure primitive such as FLUSH+RELOAD, thereby leading to the disclosure of information across a security boundary in the case where this system physical address has not been allocated to the VM.

While the scenario described above illustrates how L1TF can apply to inferring physical memory across a virtual machine boundary (where the VM has full control of the guest page tables), it is also possible for L1TF to be exploited in other scenarios. For example, a user mode application could attempt to use L1TF to read from physical addresses referred to by not present terminal page table entries within their own address space. In practice, it is common for operating systems to make use of the software bits in the not present page table entry format for storing metadata which could equate to valid physical page frames. This could allow a process to read physical memory not assigned to the process (or VM, in a virtualized scenario) or that is not intended to be accessible within the process (e.g. PAGE_NOACCESS memory on Windows)...
Click to expand...

Read more: https://blogs.technet.microsoft.com/...al-fault-l1tf/

:)

ne6togadno · Aug 15, 2018

OFFICIAL Dragon's Dogma: Dark Arisen (Review)

there is something wrong with suggested for you list on npu page. clicking on picture of dd:da review from suggested for you list leads to perormance analysis instead of review. hovering mouse over it shows in status bar correct link to review but clicking on picture reloads analysis.
links from reviews&articles page works fine.

edit: link from home page of npu sends you to analysis instead of review as well.

Rob dB · Aug 15, 2018

Mitigation not enabled

Windows OS support for branch target injection mitigation is enabled: False

Windows OS support for branch target injection mitigation is disabled by system policy: False

Windows OS support for branch target injection mitigation is disabled by absence of hardware support: False

BTIWindowsSupportEnabled : False

BTIDisabledBySystemPolicy : False

BTIDisabledByNoHardwareSupport : False

So what I can gather by this is that the system mitigation is disabled, however not by policy or absense of hardware, so in a nutshell, windows doesn't want to enable it for some unknown reasons. Unlike others who have the mitigation disabled due to absense
of hardware support mine is apparently completely software related.

So I'll ask you guys, how do I enable the protection?

Hardware support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is present: True

As you can see both hardware and software support it.

T-L-C · Aug 15, 2018

Health and Fitness App Analysis functions not working

I have the same issue, though only with the diet tracker ('steps' and 'cardio' analysis work just fine for me). I've checked the web version, too - diet-reports - Health & Fitness - msn - and the analysis doesn't track there either. So
maybe not an issue with the app itself?
Click to expand...

I didn't know about that weblink. I've had a look and its the same as the app for me. Lists every single thing, but all the side panel totals say 0 even though everything is listed on the individual lines, and then all of the week and month totals and graphs
are 0 - for both diet and cardio. Useful to know about the web version though.

I think you're right - if both versions are broken then the fault has to be something in the design of the whole thing and not just the app.

Like JGarris says, if everyone who has an issue posts here then maybe they will listen and fix it!

Windows 10: Analysis and mitigation of L1 Terminal Fault (L1TF)

Analysis and mitigation of L1 Terminal Fault (L1TF)

Analysis and mitigation of L1 Terminal Fault (L1TF)

Analysis and mitigation of L1 Terminal Fault (L1TF)

Analysis and mitigation of L1 Terminal Fault (L1TF) - Similar Threads - Analysis mitigation Terminal

BSOD mitigation

BSOD mitigation

BSOD mitigation

Security Mitigations

Security Mitigations

Faulting application name spoolsv.exe -The Print Spooler service terminated unexpectedly -...

Minidump analysis

Mitigating the last "L1 terminal fault" vulnerabilities - possible or not?

Spectre mitigations in MSVC