[LSF/MM/BPF TOPIC] Multiple Kernel Address Spaces

[LSF/MM/BPF TOPIC] Multiple Kernel Address Spaces

[Alexandre Chartre]

Multiple Kernel Address Spaces

Restricting kernel mappings is used as a mitigation against speculative
attacks like Meltdown with Page Table Isolation (PTI [1]), or L1TF/MDS
with KVM Address Space Isolation (KVM ASI [2]).

KVM ASI was refactored as Kernel Address Space Isolation [3] to provide
a generic kernel framework for ASI, and Thomas Gleixner has indicated
that PTI should be implemented using ASI. This work is mostly done and
will be submitted as ASI RFC v3 later this month.

The on-going work on ASI RFC v3 has highlighted several points I would
like to discuss:

  * Kernel ASI framwork, and refactoring of PTI to use ASI.

  * Generic TLB flushing mechanism to be used for ASI (and so PTI), and
    for possible optimization.

  * Kernel page table management improvement, in particular pagetable creation
    and population. This is an area that Mike Rapoport is also investigating.

ASI RFC v3, which will definitively be available before the MM summit, and
Mike Rapoport work on kernel page table management can be used as a base
for these discussions.

Thanks,

alex.

---

[1] https://www.kernel.org/doc/html/latest/x86/pti.html
[2] ASI RFC v1: https://lore.kernel.org/lkml/1557758315-12667-1-git-send-email-alexandre.chartre@oracle.com/
[3] ASI RFC v2: https://lore.kernel.org/lkml/1562855138-19507-1-git-send-email-alexandre.chartre@oracle.com/