Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Guochao's Technical Blog
  • ATC ‘21
  • https://www.usenix.org/conference/atc21/presentation/kotni

Key Idea

  1. Transient states are shared between functions of the same workflow.
  2. Run functions of a workflow as threads in a process to accelerate data sharing.
  3. Use MPK for sensitive information isolation.
  4. Fork new processes for interpreter runtimes.

MPK

Faastlane uses MPK to protect sensitive data between threads.

Intra-process memory protection is used when all threads share the same address space. In this case, the page table is shared and each thread can access all memory of a process. The coarse-grained control using protection bits require the OS to modify multiple Page Table Entries (PTE) when a different thread has a restricted permission. However, this is too expensive.

Instead, MPK provides a light-weight solution for fine-grained permission control. When the page is set up, 4 bits in the PTE is used to store the “key”. To access pages protected by the key, the user needs to put the “key” to the register PKRU (Protection Key Rights Register). The CPU would validate the key automatically. Therefore, the PTE does not need to be modified and the application or OS can switching permissions by setting the PKRU dynamically.

Amazon States Language

Faastlane uses ASL to describe FaaS workflows.

[TODO]