Google Engineers Argue For Linux "ASI" To Better Deal With Speculative Execution Attacks
As we have only seen more speculative execution attacks with time (and no sign of them letting up) and each new vulnerability requiring significant engineering resources and testing, Google engineers going for the Address Space Isolation route may be more robust and lead to quicker turnaround times on mitigations and less costly for performance.
From Google's take on ASI earlier this year with their KVM-tailored "RFC" patches:
Address Space Isolation is a comprehensive security mitigation for several types of speculative execution attacks. Even though the kernel already has several speculative execution vulnerability mitigations, some of them can be quite expensive if enabled fully e.g. to fully mitigate L1TF using the existing mechanisms requires doing an L1 cache flush on every single VM entry as well as disabling hyperthreading altogether. (Although core scheduling can provide some protection when hyperthreading is enabled, it is not sufficient by itself to protect against all leaks unless sibling hyperthread stunning is also performed on every VM exit.) ASI provides a much less expensive mitigation for such vulnerabilities while still providing an almost similar level of protection.
Given these, the idea of using ASI to thwart speculative attacks is that we can execute the kernel using a restricted set of page tables most of the time and switch to the full unrestricted kernel address space only when the kernel needs to access something that is not mapped in the restricted address space. And we keep track of when a switch to the full kernel address space is done, so that before returning back to the process/VM, we can switch back to the restricted address space. In the paths where the kernel is able to execute entirely while remaining in the restricted address space, we can skip other mitigations for speculative execution attacks (such as L1 cache / micro-arch buffer flushes, sibling hyperthread stunning etc.). Only in the cases where we do end up switching the page tables, we perform these more expensive mitigations. Assuming that happens relatively infrequently, the performance can be significantly better compared to performing these mitigations all the time.
Junaid Shahid and Ofir Weisse, both of Google, used the Linux Plumbers Conference this week in Dublin to try to drum up renewed interest in going for Address Space Isolation.
Not only should ASI mean less performance degradation, but patching for new vulnerabilities should mean less code change / engineering resources needed.
But one of the challenges with ASI itself is that it touches a lot of low-level kernel code to get into place. With ASI touching the memory management, interrupt handling, the hypervisor (KVM), etc, the initial bring-up for ASI is invasive. ASI will need to prove as well that it can be just as secure as the existing but more expensive mitigation techniques.
But at least the Google engineers believe ASI can be as effective as existing mitigation techniques while inducing less overhead.
It remains to be seen though if/when Address Space Isolation would be in a good enough shape for the mainline kernel at least for KVM hypervisor usage. With Google's resources we will see if it can happen sooner rather than later or if it will take a few more speculative execution attacks with further performance degradation before it gets pushed along. Those wanting to learn more about Google's current ASI work for Linux can see this slide deck and the LPC 2022 presentation embedded below.