Hodor - Intra-Process Isolation for High-Throughput Data Plane Libraries

Explore a cutting-edge approach to achieving both safety and performance in high-throughput data plane libraries through intra-process isolation. Delve into the concept of protected libraries as a new OS abstraction, providing separate user-level protection domains for various services while maintaining performance comparable to unprotected kernel bypass. Learn how Intel's memory protection keys (PKU) are utilized to safely modify permissions within a single address space, and discover the use of hardware watchpoints to manage asynchronous event delivery and ensure independent failure of applications sharing a protected library. Examine the implementation's efficiency in protecting high-throughput in-memory databases and user-space network stacks, allowing up to 2.3 million library entrances per second per core. Compare this approach to kernel-level protection and alternative implementations using system calls and Intel's VMFUNC switching of user-level address spaces.

Introduction
Conventionalized Stack Design
Data Plane Libraries
Outline
Protected Library
Memory Protection Keys
PeekARu
Hardware Watchpoints
Cost
Hodor Alternatives
Evaluation
Evaluation Results