Hodor is a project from University of Rochester with the goal of isolating data-plane libraries from the applications that use them and enabling sharing of system services. This repository is an implementation of Hodor-PKU which uses Intel Protection Keys for User-space (PKU) for isolation.

This work was published on ATC'19:

Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries https://www.usenix.org/conference/atc19/presentation/hedayati-hodor

Hodor-PKU requires processors with PKU feature (tested on Skylake-SP).

After cloning the repository, you need to configure, build and boot into the Hodor kernel (if you plan to run inside a VM, hodor-pku-vm.config may be good configuration to start from):

git clone https://github.com/hedayati/hodor
cd hodor/linux-4.15
mkdir -p ~/builds
make O=~/builds/linux-hodor allyesconfig
cp ../hodor-pku-vm.config ~/builds/linux-hodor/.config
cd ~/builds/linux-hodor
make menuconfig
make -jX bzImage modules
sudo make modules_install install
sudo vim /boot/grub2/grub.cfg
# add "nosmep nosmap" as boot parameters

At this step you should be able to build the module, the library and tests:

make

and, load the module:

sudo insmod kern/hodor.ko

To ensure everything woks, run bench_trampoline:

cd tests
sudo LD_LIBRARY_PATH=. ./bench_trampoline

Look at example and apps to see how Hodor can be instructed to load a protected library.