https://www.phoronix.com/news/Linux-ASI-Lower-Overhead Phoronix * Articles & Reviews * News Archive * Forums * Premium Ad-Free * Contact * Popular Categories * Close * * Articles & Reviews * News Archive * Forums * Premium * Contact * Categories Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals * [ ] [Search] Linux Address Space Isolation "ASI" Revived After Lowering 70% Performance Hit To 13% Written by Michael Larabel in Linux Security on 12 August 2025 at 04:53 PM EDT. 7 Comments LINUX SECURITY Several years ago Google engineers began exploring address space isolation for the Linux kernel and ultimately proposing Linux ASI for better dealing with CPU speculative execution attacks. While the hope was it would better cope with the ever growing list of CPU speculative execution vulnerabilities, the effort was thwarted initially by I/O throughput seeing a 70% performance hit. That level of performance cost was unsustainable. But now that I/O overhead has been reduced to just 13%. Google engineer Brendan Jackman is back to bringing up ASI to Linux kernel developers now that "ASI is fast again...I've now prepared an up-to-date ASI branch that demonstrates a technique for solving the page cache performance devastation...The goal of this prototype is to increase confidence that ASI is viable as a broad solution for CPU vulnerabilities. (If the community still has to develop and maintain new mitigations for every individual vuln, because ASI only works for certain use-cases, then ASI isn't super attractive given its complexity burden). The biggest gap for establishing that confidence was that Google's deployment still only uses ASI for KVM workloads, not bare-metal processes. And indeed the page cache turned out to be a massive issue that Google just hasn't run up against yet internally." ASI slide Random reads with FIO were still hit by a 13% regression but at least better than 70%. ASI in current form also increased Linux kernel compilation times by 6~7%. Jackman added: "Despite my title these numbers are kinda disappointing to be honest, it's not where I wanted to be by now, but it's still an order-of-magnitude better than where we were for native FIO a few months ago. I believe almost all of this remaining slowdown is due to unnecessary ASI exits, the key areas being: - On every context_switch(). Google's internal implementation has fixed this (we only really need it when switching mms). - Whenever zeroing sensitive pages from the allocator. This could potentially be solved with the ephmap but requires a bit of care to avoid opening CPU attack windows. - In copy-on-write for user pages. The ephmap could also help here but the current implementation doesn't support it (it only allows one allocation at a time per context)." With this LKML thread the hope now is to figure out if the state is improving good enough that the ASI work can move forward for potentially upstreaming into the Linux kernel. "So, x86 folks: Does this feel like "line of sight" to you? If not, what would that look like, what experiments should I run?" We'll see what happens of Linux ASI. 7 Comments Tweet Related News AppArmor For Linux 6.17 Set To Introduce AF_UNIX Mediation, Other Improvements Attack Vector Controls Land In Linux 6.17 To Better Control CPU Security Mitigations Attack Vector Controls Could Be Ready For Linux 6.17 Introduction Linux's Trusted Security Manager Sees First Updates In Over A Year Branch Privilege Injection Vulnerability Disclosed For Intel CPUs Training Solo: New Set Of Serious Security Vulnerabilities Exposed For Intel & Arm CPUs About The Author Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com. Popular News This Week Linus Torvalds Rejects RISC-V Changes For Linux 6.17: "Garbage" Btrfs Has Saved Meta "Billions Of Dollars" In Infrastructure Costs Additional Intel Linux Drivers Left Orphaned & Maintainers Let Go Intel CPU Temperature Monitoring Driver For Linux Now Unmaintained After Layoffs Linux Address Space Isolation "ASI" Revived After Lowering 70% Performance Hit To 13% Debian 13.0 "Trixie" Now Available - Powered By Linux 6.12 LTS Microsoft Announces Open-Source "Wassette" Using Rust + WebAssembly To Help AI Agents Linux 6.17-rc1 Released With Many New Features But No Bcachefs Changes Latest Linux News Valkey 9.0-rc1 Taps AVX-512 For String-To-Integer Conversion For ~19% Gain Ubuntu 25.10 Continues Preparing For RISC-V RVA23 Baseline Requirement VirtualBox 7.2 Released With Windows 11 ARM Support, Linux 6.16 Compatibility Intel's Habana Labs / Gaudi Accelerator Driver Maintainer Is Leaving The Company KDE Gear 25.08 Released With Improvements For Many KDE Apps AMDXDNA Improvements & New Rockchip NPU Accelerator Driver For Linux 6.18 LibreOffice 26.2 To Better Handle Documents With Restricted Embedded Fonts Linux 6.18 With Nouveau Driver Will Default To Using GSP Firmware SR-IOV Will Only Be Supported On Intel Arc Pro Graphics Cards Linux Preps For New "SoC Power Slider" With Upcoming Panther Lake Linux Lands Fix For Early 6.17 Regression Causing 37~43% Performance Hit Show Your Support, Go Premium Phoronix Premium allows ad-free access to the site, multi-page articles on a single page, and other features while supporting this site's continued operations. Latest Featured Articles AMD Ryzen Threadripper PRO 9995WX Performance With TRX50 + Quad Channel DDR5 AMD Ryzen AI Max+ 395 With Framework Desktop vs. Intel Core Ultra 9 285K Linux Performance AMD EPYC 4545P Achieves 2.24x The Performance At Half The Power Of The First EPYC CPU DDR5-6400 vs. DDR5-4800 R-DIMM Performance For Threadripper 9980X / 9970X CPUs AMD Ryzen AI Max+ 395 vs. Ryzen 9 9950X vs. Ryzen 9 9950X3D Linux Performance Support Phoronix The mission at Phoronix since 2004 has centered around enriching the Linux hardware experience. In addition to supporting our site through advertisements, you can help by subscribing to Phoronix Premium. You can also contribute to Phoronix through tips/donations via PayPal, Square, or Stripe. Phoronix Media --------------------------------------------------------------------- * Contact * Michael Larabel Phoronix Premium --------------------------------------------------------------------- * Support Phoronix * While Having Ad-Free Browsing, * Single-Page Article Viewing Share --------------------------------------------------------------------- * Facebook * Twitter * Legal Disclaimer, Privacy Policy, Cookies | Privacy Manager | Contact * Copyright (c) 2004 - 2025 by Phoronix Media. * All trademarks used are properties of their respective owners. All rights reserved.