Google Engineer Calls For Greater Collaboration On Speculative Execution Mitigations
Written by Michael Larabel in Linux Security on 28 August 2020 at 01:00 PM EDT. 6 Comments
LINUX SECURITY --
When it comes to kernel address space isolation (ASI) and other yet-to-be-merged security features around fending off speculative execution attacks, there are multiple concurrent efforts by many of the public cloud providers and other hyperscalers. A Google engineer at this week's Linux Plumbers Conference has called for more collaboration in this area to ideally provide a unified solution.

Case in point to all the work going on in this area were talks by Google, Oracle, and DigitalOcean this week at Linux Plumbers Conference. DigitalOcean has been pursuing Core Scheduling to make Hyper Threading safer by ensuring only trusted applications share a core. Oracle meanwhile presented on their Address Space Isolation work for Linux. Google also had a talk on Linux Address Space Isolation at this week's virtual event. ASI aims to deal with Hyper Threading data leakage by isolating the address space between the different areas of the kernel with a particular emphasis on KVM/virtualization to avoid the possibility of data leakage between guest VMs or the host.


Google's Ofir Weisse was talking at LPC 2020 about ASI due to the "significant security risk to hypervisors and VMs" by the known vulnerabilities like L1TF, MDS, and LVI. Google like other hyperscalers can't resort to disabling Hyper Threading and even some of the over excessive buffer flushing is too much to them, thus they have been investing in their own Address Space Isolation technique. "We are developing a high-performance security-enhancing mechanism to defeat speculative attack which we dub Address Space Isolation (ASI). In essence, ASI is an alternative way to manage virtual memory for hypervisors, providing very strong security guarantees at a minimal performance cost."


While there are existing mitigations to the Linux kernel already, Google views these as having too high of overhead (like the frequent L1 cache flushing) or incomplete. With their ASI code, performance is quite important. With their approach the kernel memory is split into privileged and unprivileged domains with each domain having a separate page table. If touching data outside of the page table, a page fault is generated. They are working on this code with the idea of being able to extend ASI to user-space too.


Google's approach is similar to the Oracle ASI code while they acknowledge Intel, Amazon, and IBM are among companies working on other solutions. Ultimately they hope ASI can also be a replacement to Kernel Page Table Isolation that is also used for Meltdown mitigations.

More details on Google's ASI work and the call for increased collaboration among organizations can be found via this slide deck.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week