Their use case is to run their own application(s) on their own servers in their own datacenter, so they’re probably ok with that tradeoff. But yeah, I can imagine this opening up a whole bunch of security issues if this starts getting used widely.
The gist is that a system call is introduced to go into the PCB and change the Effective UID of a process. Security is ensured by a processor MPK which is a CPU provided guard so that a {Process, Library} has only a restricted set of Effective UIDs it can switch to. This operations is supposed to use 30 to 50 clock cycles. So entry + exit is supposed to be done in 100 cycles. This is considered low overhead context switch compared to the traditional context switch on Linux for slower IPCs. They don’t do a comparison against iouring, or simply multi-threaded process.
I don’t know the details of the MPK. So I consider it as some kind of function that maps {process PID, DLL} => Set of UID.
And by UID, I AM talking about the system level user ID. Remember that this feature is a processor level feature. So it has to be transparent to the OS (well at least, to the OS Scheduler). Hence the output of this feature should be understandable to the OS kernel. Or so I hope as the implementation details are vague till now.
Not a kernel expert but this is how it reads to me.
Instead of connecting via a socket through the kernel, this would allow processes to execute functions of other processes already in memory.
This would normally be prevented by processor memory protections, but a new processor feature has functionality to allow this now.
This sounds dangerous.
Their use case is to run their own application(s) on their own servers in their own datacenter, so they’re probably ok with that tradeoff. But yeah, I can imagine this opening up a whole bunch of security issues if this starts getting used widely.
The gist is that a system call is introduced to go into the PCB and change the Effective UID of a process. Security is ensured by a processor MPK which is a CPU provided guard so that a {Process, Library} has only a restricted set of Effective UIDs it can switch to. This operations is supposed to use 30 to 50 clock cycles. So entry + exit is supposed to be done in 100 cycles. This is considered low overhead context switch compared to the traditional context switch on Linux for slower IPCs. They don’t do a comparison against iouring, or simply multi-threaded process.
You sound like you’re living in the weeds, friend.
What’s MPK? And by UID I assume you’re not talking about the system level user ID but some kind of processor-level process ID?
I don’t know the details of the MPK. So I consider it as some kind of function that maps {process PID, DLL} => Set of UID. And by UID, I AM talking about the system level user ID. Remember that this feature is a processor level feature. So it has to be transparent to the OS (well at least, to the OS Scheduler). Hence the output of this feature should be understandable to the OS kernel. Or so I hope as the implementation details are vague till now.
So are sockets.
Aha, thank you!