Kernel ASI Still Being Worked On For Protecting Against Hyper Threading Data Leaks
Oracle engineers for more than one year have been working on Kernel ASI to prevent data leakage when Hyper Threading is vulnerable from the likes of L1 Terminal Fault (L1TF) on Intel CPUs. Where as DigitalOcean's work on core scheduling is about ensuring only trusted applications are on sibling threads of a core, ASI is about isolating the address space between different areas of the kernel to prevent leaking bits as a result of attacks like L1TF or Foreshadow.
One of the main areas of interest to Oracle with Address Space Isolation is for the Kernel-based Virtual Machine (KVM) virtualization for ensuring no address space leakage between guest VMs or of the host. Oracle though acknowledges that core scheduling is best for mitigating guest-to-guest attacks or ensuring guest VMs don't share physical cores while ASI is more in line with mitigating guest-to-host attacks.
A fifth version of Oracle's Address Space Isolation for the Linux kernel is being prepared. With that forthcoming patch series is the KVM ASI integration as well as ASI Lockdown. ASI Lockdown forces all CPU threads from a CPU core to use a specified ASI.
The developers feel the core ASI code is now stable but further testing on ASI Lockdown and KVM ASI are still needed. Somewhat worrisome is that the performance impact of KPTI and KVM is still needed to see the performance costs for this layer of protection.
The LPC2020 slide deck providing the update on ASI can be found here (PDF).