System call mechanisms avoiding privilege transition

With the popularity of intelligent hardware like Smart NIC and NVMe based SSD, the hardware’s data transmission speed is getting faster and faster. This has led to the current kernel I/O models are not suitable for data transmission anymore. When the application communicates with the device through system calls, the overhead of the kernel IO path becomes not negligible in the context of NVMe-based SSD and smart NIC. Thus, various technologies were invented, e.g. DPDK and XDP.

One of the novel technologies is bypassing the kernel, i.e., directly mapping the device into userspace. However, this has led to potential security issues because ”there is no centralized and trusted entity to control the operations issued by applications to hardware, and most devices themselves lack sufficient isolation mechanism.” Therefore, this thesis proposes a new IO mechanism that reduces the kernel overhead by mapping the device into user space and provides isolation between applications and devices. The evaluation shows this approach could significantly increase the performance compared to the traditional IO path crossing the user kernel boundary. However, we must avoid losing safety protection for devices, which means that we must mitigate secure vulnerabilities caused by kernel-bypassing. We will try to sketch Potential solutions to these problems, inspired by multiple classic attack models such as Meltdown[4]. In summary, with this new idea, performance-critical applications can have the ability to interact with PCIe devices in a low latency, software-based, less secured way.

(Studienarbeit)