KVM Forum 2019 has ended
October 31 - November 1
Lyon Convention Centre - Lyon, France
More information for KVM Forum 2019
Back To Schedule
Thursday, October 31 • 14:15 - 14:45
KVM Address Space Isolation - Alexandre Chartre & Liran Alon, Oracle

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Recent vulnerabilities like L1 Terminal Fault (L1TF) and Microarchitectural Data Sampling (MDS) have shown that the cpu hyper-threading architecture is prone to leaking data with speculative execution attacks.

With KVM, a guest VM can use speculative execution attacks to leak data from the sibling hyper-thread, thus potentially accessing data from the host kernel, from the hypervisor or from another VM.

Kernel Address Space Isolation is a project aims to use address spaces to isolate some parts of the kernel to prevent leaking sensitive data. If KVM can be run in an address space containing no sensitive data, and separated from the full kernel address space, then KVM would be immune from leaking secrets.

A first proposal to implement KVM Address Space Isolation and early discussions are available here: https://lkml.org/lkml/2019/5/13/515

avatar for Liran Alon

Liran Alon

Virtualization Architect, Oracle
Liran Alon is the Virtualization Architect of OCI Israel (Oracle Cloud Infrastructure). He is involved and lead projects in multiple areas of the company's public cloud offering such as Compute, Networking and Virtualization. In addition, Liran is a very active KVM contributor (mostly... Read More →

Alexandre Chartre

Consulting Developer, Oracle
Alexandre Chartre is a Consulting Developer in the Linux and Virtualization engineering team at Oracle. Lately, he has been focusing on security issues on Linux, in particular on Spectre and Meltdown issues (and all variants and derivatives) and their impact on virtualization and... Read More →

Thursday October 31, 2019 14:15 - 14:45 CET
Forum 2
  KVM Forum Track 1
  • Session Slides Included YES