Intel Posts Linux Patches For Linear Address Space Separation (LASS)
An interesting patch series posted by Intel this week for the Linux kernel is working on implementing Linear Address Space Separation (LASS) as a feature coming with future processors to help fend off speculative address accesses across user and kernel mode.
The LASS patch series sums up the new feature as:
Intel has also further documented LASS within their latest ISA programmer reference manual.
The Intel patches confirm the first processors to feature Linear Address Space Separation will be their Sierra Forest line. Sierra Forst is for the E-core based Xeon server processors expected in 2024 and to compete with the likes of AMD EPYC "Bergamo" processors.
The initial Linux kernel enablement for Intel LASS is just over 100 lines of new code and currently undergoing review.
The LASS patch series sums up the new feature as:
LASS works in 64-bit mode only and partitions the 64-bit virtual address space into two halves:
1. Lower half (LA[63]=0) --> user space
2. Upper half (LA[63]=1) --> kernel space
When LASS is enabled, a general protection #GP(0) fault will be generated if software accesses the address from the half in which it resides to another half, e.g., either from user space to upper half, or from kernel space to lower half. This protection applies to data access, code execution, cache line flushing instructions.
Almost all kernel accesses are to the upper half of the virtual address space. However, there are valid reasons for kernel to access the lower half. For these cases, kernel can temporarily suspend the enforcement of LASS by disabling SMAP (Supervisor Mode Access Prevention).
Kernel access to copy data to/from user addresses already disables SMAP using the stac()/clac() functions. New functions low_addr_access_begin()/low_addr_access_end() are added to also disable/enable SMAP around other code that legitimately needs to access the lower half of the virtual address space.
User space cannot use any kernel address while LASS is enabled. Less fortunately, legacy vsyscall functions used by old version of glibc are located in the address range 0xffffffffff600000-0xffffffffff601000 and emulated in kernel. Therefore, to comply with LASS policy, the legacy vsyscall is disabled by default.
Intel has also further documented LASS within their latest ISA programmer reference manual.
The Intel patches confirm the first processors to feature Linear Address Space Separation will be their Sierra Forest line. Sierra Forst is for the E-core based Xeon server processors expected in 2024 and to compete with the likes of AMD EPYC "Bergamo" processors.
The initial Linux kernel enablement for Intel LASS is just over 100 lines of new code and currently undergoing review.
14 Comments