Explore kernel address space isolation techniques in this Linux Plumbers Conference talk. Delve into recent vulnerabilities like L1 Terminal Fault and Microarchitectural Data Sampling, which expose data leakage risks in CPU hyper-threading. Learn how address space separation can mitigate speculative execution attacks, with a focus on Kernel Page Table Isolation (KPTI) and its application to KVM. Examine the proposed KVM Address Space Isolation implementation, discussing progress, challenges, and potential for a generic kernel isolation framework. Investigate the concept of system call isolation (SCI) as a defense against ROP attacks and Spectre vulnerabilities. Consider the integration of namespaces with address spaces for enhanced data separation between tenants. Gain insights into the technical aspects of achieving efficient address space isolation within the kernel and evaluate its security benefits.
Overview
Syllabus
Intro
Host Kernel Data Exposure
What You Don't Know Won't Hurt You
Use Cases
CPU Hyper-Threading Data Leakage
Address Space Isolation (ASI)
ASI Page Table
KVM Address Space Isolation
KVM ASI Expectations
ASI Challenges
Process-Local Memory Overview
Process-Local Memory Details
Using Process-Local Memory with KVM
Address Space for Namespaces
Namespace PGDS
Private memory allocations
Kernel Pare Table Management
Kernel Context Creation
Kernel Context switch
struct pa_table
Tracking Page Table Pages
Private SL B Caches
Conclusion
Next Steps
References
Taught by
Linux Plumbers Conference
