IBM developers and others continue exploring the potential for address space isolation in the Linux kernel to reduce the risk of leaking sensitive data in attacks like L1 Terminal Fault (L1TF), MDS, and other vulnerabilities. Though this does increase the complexity of the kernel code and the performance hit is still to be evaluated. Learn more in an interesting Phoronix article:
Mike Rapoport and James Bottomley presented at this week's Open-Source Summit Europe in France on Address Space Isolation within the kernel compared to the current structure of the kernel using a single address space. The still in-progress A.S.I. patches could allow for certain kernel contexts like the Kernel-based Virtual Machine (KVM) to have a separate address space to reduce the exposure of sensitive data.
Kernel Address Space Isolationwas proposed earlier this year but its impact is still to be fully evaluated in terms of the impact on code complexity and overall security benefits as well as performance. As such, this functionality isn't coming to a near-term kernel release but those wanting to find out more can do so viathis PDF slide deckfrom the presentation.
The link for this article located at Phoronix is no longer available.