Kernel Address Space Isolation Aims To Prevent Leaking Data From Hyper Threading Attacks

Written by Michael Larabel in Linux Security on 11 July 2019 at 09:11 PM EDT. 15 Comments
LINUX SECURITY
Kernel Address Space Isolation is an experimental feature in development by Oracle in aiming to prevent leaking sensitive data from Intel Hyper Threading due to speculative execution attacks like L1TF.

While disabling Intel Hyper Threading has become recommended for fending off newer speculative execution attacks, obviously many don't want to lose out on those extra threads. In particular, data centers and public cloud providers certainly don't want to give up on Hyper Threading as it will hurt their margins hard. Oracle began working on address space isolation for the Kernel-based Virtual Machine (KVM) but now that has evolved into Kernel Address Space Isolation as a generic address-space isolation framework and KVM simply being one of the consumers of this framework.

Kernel Address Space Isolation isolates the address spaces used by different areas of the kernel to prevent leaking bits between hyper threads as a result of attacks like L1T Terminal Fault / Foreshadow.

Oracle put this code under a "request for comments" flag and the engineer spearheading this work does acknowledge there are some bugs causing hangs that remain.

Those interested in this Kernel Address Space Isolation feature that could perhaps see the mainline kernel in the future can see the current RFC series on the kernel mailing list.
15 Comments
Related News
New Linux Patch Lets You Force CPU Bugs/Mitigations Even When Not Vulnerable
Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck
OpenPaX Announced As "Open-Source Alternative To GrSecurity" With Free Kernel Patch
Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS
Landlock Sandboxing Now Supports More Controls Around Unix Sockets
Linux 6.12 Adds Build Options For Greater Control Over CPU Security Mitigations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features