| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit updates to kernel version 4.9.75 and enables
CONFIG_PAGE_TABLE_ISOLATION for x86, x86_64 and aarch64. For all
other architectures, CONFIG_PAGE_TABLE_ISOLATION is disabled.
CONFIG_PAGE_TABLE_ISOLATION mitigates the Meltdown security flaw
almost all Intel CPUs and some ARM CPUs are suspect to [1,2].
(This patch does not solve the Spectre security threat [2], which
affects also non-Intel CPUs [3].)
I believe this commit will cause some discussion, especially the
following points seem worth discussing:
a) CONFIG_PAGE_TABLE_ISOLATION has a performance impact on
syscalls, which can slow down specific applications
significantly. AMD users might benefit from a kernel without
KPTI (unless Meltdown turns out to affect them as well)
b) Is disabling this feature a reasonable choice for CPU
architectures different from x86, x86_64 and aarch64?
[1]: https://meltdownattack.com/#faq-systems-meltdown
[2]: http://kroah.com/log/blog/2018/01/06/meltdown-status/
[3]: https://meltdownattack.com/#faq-systems-spectre
|
