Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement a solution for unmapping guest memory from kernel address space #4522

Open
roypat opened this issue Mar 25, 2024 · 0 comments
Open

Implement a solution for unmapping guest memory from kernel address space #4522

roypat opened this issue Mar 25, 2024 · 0 comments
Assignees
@kalyazin @roypat
Labels
Roadmap: Tracked Items tracked on the roadmap project.

Comments

@roypat
Copy link
Contributor

roypat commented Mar 25, 2024

Currently when using anonymous memory for KVM guest RAM, the memory all remains mapped into the kernel direct map. We are looking at options to get KVM guest memory out of the kernel’s direct map as a principled approach to mitigating speculative execution issues in the host kernel. Our goal is to more completely address the class of issues whose leak origin is categorized as "Mapped memory" [1].

As part oft his initiative, we plan to work with the upstream Linux kernel community [2] to design a solution that allows us to remove a microVMs guest memory from the host kernel's address space, which we will then consume in Firecracker.
@roypat roypat added the Roadmap: Tracked Items tracked on the roadmap project. label Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kalyazin kalyazin

@roypat roypat

Labels
Roadmap: Tracked Items tracked on the roadmap project.
Projects
Firecracker Roadmap
Status: We're Working On It
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kalyazin @roypat