Explore address space isolation techniques for Linux namespaces in this informative conference talk. Delve into the concept of assigning unique address spaces to namespaces to enhance kernel security and minimize potential damage from exploits. Learn about the proposed extension of SL*B allocators to create "exclusive" caches visible only within specific namespaces, ensuring per-namespace objects are mapped solely in their owning namespace address space. Examine the design of "exclusive" caches and a proof-of-concept implementation targeting network namespaces. Gain insights into topics such as system correlation, map exclusivity, fragmentation, page tables, network namespaces, page allocation, and open questions in this field.
Overview
Syllabus
Introduction
Address Spaces
System Correlation
Map Exclusive
fragmentation
page tables
network namespace
page allocator
page exclusive
open questions
speaker questions
Taught by
Linux Foundation
