diff options
| author | Marian Buschsieweke <marian.buschsieweke@ovgu.de> | 2018-01-07 17:19:01 +0100 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2018-01-07 16:55:12 +0000 |
| commit | 75e1ff6b1e2d9cdf0fa1134c21a1e9987ab6b9c8 (patch) | |
| tree | bbb30e4461db73d7f13ea3be341e6bf9a35079d6 /testing/jinja2-cli | |
| parent | 8c2d539d41c31a8eef29d5308373f686fd381e37 (diff) | |
| download | aports-75e1ff6b1e2d9cdf0fa1134c21a1e9987ab6b9c8.tar.bz2 aports-75e1ff6b1e2d9cdf0fa1134c21a1e9987ab6b9c8.tar.xz | |
main/linux-vanilla: Update 4.9.73 --> 4.9.75 (Fix for Meltdown)
This commit updates to kernel version 4.9.75 and enables
CONFIG_PAGE_TABLE_ISOLATION for x86, x86_64 and aarch64. For all
other architectures, CONFIG_PAGE_TABLE_ISOLATION is disabled.
CONFIG_PAGE_TABLE_ISOLATION mitigates the Meltdown security flaw
almost all Intel CPUs and some ARM CPUs are suspect to [1,2].
(This patch does not solve the Spectre security threat [2], which
affects also non-Intel CPUs [3].)
I believe this commit will cause some discussion, especially the
following points seem worth discussing:
a) CONFIG_PAGE_TABLE_ISOLATION has a performance impact on
syscalls, which can slow down specific applications
significantly. AMD users might benefit from a kernel without
KPTI (unless Meltdown turns out to affect them as well)
b) Is disabling this feature a reasonable choice for CPU
architectures different from x86, x86_64 and aarch64?
[1]: https://meltdownattack.com/#faq-systems-meltdown
[2]: http://kroah.com/log/blog/2018/01/06/meltdown-status/
[3]: https://meltdownattack.com/#faq-systems-spectre
Diffstat (limited to 'testing/jinja2-cli')
0 files changed, 0 insertions, 0 deletions