Abstract
The meltdown vulnerability allows users to read kernel memory by exploiting a hardware flaw in speculative execution. Processor vendors recommend “page table isolation” (PTI) as a software fix, but PTI can significantly degrade the performance of system-call-heavy programs.
Leveraging the fact that 32-bit pointers cannot access 64-bit kernel memory, we propose “Shrink”, a safe alternative to PTI, which is applicable to programs capable of running in 32-bit address spaces. We show that Shrink can restore the performance of some workloads, suggest additional potential alternatives, and argue that vendors must be more open about hardware flaws to allow developers to design protection schemes that are safe and performant.