October 31 - November 1 | Lyon, France
View More Details  & Register Here
Back To Schedule
Thursday, October 31 • 15:05 - 15:35
Address Spaces for Namespaces - Mike Rapoport, IBM

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Address space isolation is used to protect the kernel and userspace programs from each other for ages.

Assuming that kernel exploits and speculation vulnerabilities are inevitable it's worth to isolate parts of the kernel to minimize damage that these exploits can cause.

One way to create such isolation is to assign an address space to the Linux namespaces, so that tasks running in namespace A have different view of kernel memory mappings than the tasks running in namespace B.

We propose to extend the SL*B allocators with the ability to create "exclusive" caches visible only in one namespace and thus ensure that per-namespace objects are mapped only in the owning namespace address

We'll present the design of the "exclusive" caches and POC implementation targeting network namespaces.


Mike Rapoport

Researcher, IBM
Mike has lots of programming experience in different areas ranging from medical equipment to visual simulation, but most of all he likes hacking on Linux kernel and low level stuff. Throughout his career Mike promoted use of free and open source software and made quite a few contributions... Read More →

Thursday October 31, 2019 15:05 - 15:35 CET
Forum 1
  Short Topic Discussions
  • Experience Level Advanced
  • Session Slides Included Yes