ASI is Back: Google Revives a Linux Kernel Defense Against CPU Attacks
Several years ago, Google engineers began developing the Address Space Isolation (ASI) mechanism for the Linux kernel, designed to shield systems from attacks exploiting speculative processor execution. The aim was to create a universal safeguard rather than crafting individual patches for each newly discovered vulnerability. However, the initial iteration of ASI proved virtually unusable due to a catastrophic performance drop—input/output operations suffered up to a 70% slowdown, an unacceptable compromise.
The situation has since changed. Through a series of optimizations, I/O overhead has been reduced to just 13%, and Google engineer Brendan Jackman has once again presented the project to the Linux community. According to him, the most significant advancement was resolving a page cache issue that had severely hampered system performance. Previously, ASI was used exclusively by Google for KVM virtual machines, while running it on bare-metal processes posed severe difficulties.
Current benchmarks indicate that random reads with FIO remain about 13% slower compared to a system without ASI, while compiling the Linux kernel shows a slowdown of roughly 6–7%. Jackman concedes this is still short of ideal, but considers the progress substantial. He attributes the remaining performance penalties largely to unnecessary exits from ASI during context switches, the clearing of allocated memory pages, and copy-on-write operations. Some of these issues could be mitigated through the ephmap mechanism, though its implementation must be approached with caution to avoid introducing new attack vectors.
The developers now seek to determine whether these improvements are sufficient to justify moving toward integrating ASI into the Linux kernel’s mainline branch. Jackman has reached out to the x86 developer community, asking whether they “see light at the end of the tunnel” and what further experiments should be conducted. For now, it remains to be seen whether ASI will become a standard defense in the Linux kernel or remain a Google-led experiment.
