Mitigating Spectre-PHT using Speculation Barriers in Linux BPF
arxiv(2024)
摘要
High-performance IO demands low-overhead communication between user- and
kernel space. This demand can no longer be fulfilled by traditional system
calls. Linux's extended Berkeley Packet Filter (BPF) avoids user-/kernel
transitions by just-in-time compiling user-provided bytecode and executing it
in kernel mode with near-native speed. To still isolate BPF programs from the
kernel, they are statically analyzed for memory- and type-safety, which imposes
some restrictions but allows for good expressiveness and high performance.
However, to mitigate the Spectre vulnerabilities disclosed in 2018, defenses
which reject potentially-dangerous programs had to be deployed. We find that
this affects 24
programs from popular open-source projects. To solve this, users are forced to
disable the defenses to continue using the programs, which puts the entire
system at risk.
To enable secure and expressive untrusted Linux kernel extensions, we propose
Berrify, an enhancement to the kernel's Spectre defenses that reduces the
number of BPF application programs rejected from 54
Berrify's overhead for all mainstream performance-sensitive applications of BPF
(i.e., event tracing, profiling, and packet processing) and find that it
improves significantly upon the status-quo where affected BPF programs are
either unusable or enable transient execution attacks on the kernel.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要