Dune

Dune provides ordinary user programs with safe and efficient access to privileged CPU features that are traditionally only available to kernels. It does so by leveraging modern virtualization hardware, enabling direct execution of privileged instructions in an unprivileged context. We have implemented Dune for Linux, using Intel's VT-x virtualization architecture to expose access to exceptions, virtual memory, privilege modes, and segmentation. By making these hardware mechanisms available at user-level, Dune creates opportunities to deploy novel systems without specialized kernel modifications.

• Adam Belay
  
• Andrea Bittau
  
• Ali Mashtizadeh
  
• David Terei
  
• David Mazières
  
• Christos Kozyrakis
  

• Adam Belay, Andrea Bittau, Ali Mashtizadeh, David Terei, David Mazières, and Christos Kozyrakis. Dune: Safe User-level Access to Privileged CPU Features. In Proceedings of the 10th Symposium on Operating Systems Design and Implementation, Hollywood, CA, October 2012. paper. slides.

git clone https://github.com/project-dune/dune.git

• Which hardware and software is required?

  We require Intel x86 CPUs with support for VT-x and EPT. Typically this includes Nehalem and later. We also require recent Linux kernels operating in 64-bit mode. Both of these requirements can be verified by running the script we provide in the root of our source tree called dune_req.sh.

• Do I need to recompile my kernel?

  No.

• Will Dune mess up normal Linux applications?

  No. Normal apps can run as usual. Only apps that use Dune will be affected. Dune apps and regular apps can run together on the same machine.

• Isn't it unsafe to provide apps with access to privileged CPU features?

  No. Dune is designed to only expose privileged CPU features in a safe fashion. The Dune kernel module ensures that processes can only access the same memory that would normally be available to them under Linux. Moreover, processes can not use Dune to access peripherals or other DMA-capable devices. See our paper for details.