Dune: Safe User-level Access to Privileged CPU Features, SOSP 2013
Discussion lead: Dylan Johnson & Josue Rios
Is the EPT needed in Dune? Why? How does Dune construct the EPT?
(optional but encouraged) Consider the following approach that
doesn’t use EPT at all: let Dune expose %CR3 as read-only (i.e., a
Dune process can read but cannot modify the value of %CR3), map
page-table pages as read-only, and in addition provide a vmcall to
modify entries in the page table. Is this safe? If so, is it
slower or faster than Dune’s approach?
Dune provides speedup for handling traps and garbage collection. We have seen similar applications in the exokernel paper. Compare the techniques used in both systems and briefly describe the pros/cons.
Dune supports sandboxing. Compare Dune’s sandboxing with SFI and briefly describe the pros/cons of the two approaches.
Provide a list of questions you would like to discuss in class. Feel free to provide any comments on the paper and related topics (e.g., which parts you like and which parts you find confusing).