Explore KVM Address Space Isolation in this comprehensive conference talk by Alexandre Chartre from Oracle. Dive into the intricacies of ASI, including its intuition, overview, applications, and lifecycle. Learn about KVM ASI usage, page-table filling techniques for statically and dynamically allocated buffers, and page table switching. Examine the interactions between ASI and interrupts, exceptions, page faults, and context switches. Understand the synchronization challenges across CPU threads, including scenarios with siblings running and not running ASI. Compare the KPTI model of control and data privilege with the ASI model of data privilege. Discover the process of partitioning global and local data, and review initial results from Aerospike YCSB benchmarks. Conclude with an overview of the current status and future prospects of KVM Address Space Isolation.
Overview
Syllabus
Introducción
Mitigations
ASI Intuition - Can't Speculate Through a Page Fault
ASI Overview
ASI Applications
ASI Lifecycle
KVM ASI Usage
ASI Page-Table Filling
ASI Page Table Filling - Statically Allocated Buffers
ASI Page Table Filling - Dynamically Allocated Buffers
ASI Page Table Switching
ASI and Interrupts/Exceptions
ASI and Page Fault
ASI and Context Switch
ASI Synchronization Across CPU Threads
KVM ASI Synchronization with Siblings Running ASI
KVM ASI Synchronization with Siblings not Running ASI
ASI Synchronization and Interrupt/Exception
The KPTI Model - Control & Data Privilege
The ASI Model - Data Privilege
Partitioning Global/Local Data
Initial Results - Aeropspike YCSB
Status and Future
Taught by
Linux Foundation
