reInstruct: Toward OS-aware CPU microcode reprogramming

Abstract

Historically, the microcode layer has been a proprietary technology which is tightly controlled by the CPU vendors. The microcode layer enables a great flexibility for translating ISAvisible instructions into internal hardware micro-operations. In x86-64, many system-level instructions are microcoded, which enables a great untapped opportunity for OS developers, who want to experiment with future ISA extensions. Recent research work has identified hidden CPU instructions, which are enabled via a firmware exploit, and also partially reverse-engineered and decrypted Intel Goldmont microcode. We go a step further and design an experimental framework for Linux, which allows to transparently modify existing microcoded instructions directly from an OS at runtime. We show how microcode alterations can be used to defeat normal root-privilege isolation in Linux almost without any trace. We also show our new approach which relies on ISA modification via microcode patching to improve performance of commonly-used lightweight Linux system calls. Our approach, effectively, adjusts the CPU ISA to better serve a specific OS kernel and applications, an idea which has been out of reach for commodity hardware previously.