Being worked on for the past roughly three years has been Linear Address Space Separation “LASS” for the Linux kernel as a security improvement in light of Spectre/Meltdown.
LASS suffered a setback this summer when Kirill Shutemov as a 14 year Intel Linux engineer left the company who had been spearheading the effort. The patch series now though has been taken over by Intel software engineer Sohil Mehta as LASS works its way toward the mainline kernel.
Linear Address Space Separation is an Intel security feature for mitigating speculative execution vulnerabilities by preventing user-space software from accessing the upper half of the virtual address space. Kernel software accessing the lower half of the virtual address space.
“Though LASS was developed in response to Meltdown, in hindsight, it alone could have mitigated Meltdown had it been available. In addition, LASS prevents an attack vector targeting Linear Address Masking (LAM) described in the Spectre LAM (SLAM) whitepaper.”
Sohil MehtaLASS v10 patches as the latest iteration of this work.
The v10 patches simplify the inline memcpy/memset code, a new patch to fix an issue with Kexec relocate kernel handling, the Linear Address Masking (LAM) re-enabling patch has been separated out, and other minor changes. LASS is too late for appearing in the Linux 6.18 LTS kernel but hopefully this work will be buttoned up in time for a 2026 kernel premier.
