Announcement

Collapse
No announcement yet.

Oracle Proposing Change To Linux's KPTI Meltdown Mitigation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • RahulSundaram
    replied
    Originally posted by Alex/AT View Post
    You should actually know there is an impact even in disabled state, tiny and negligible but present, even if not mentioning.
    Assuming that is true, it doesn't change any of what I said. Linux kernel is never ever going to drop these mitigations as long as the hardware exists and is being used. Yes, it is complex and tricky to manage and it would be much nicer if we didn't have to deal with hardware bugs but that is simply not the world we live in.

    Leave a comment:


  • Alex/AT
    replied
    Originally posted by RahulSundaram View Post
    That does not have any impact on upstream kernel.
    You should actually know there is an impact even in disabled state, tiny and negligible but present, even if not mentioning.

    The biggest impact is in different place, not even in performance, but horrible performance being the reason of it.
    It is a horrific set of crutches on duct tape right in the very heart of the kernel.
    Starting from syscalls and memory management and ending in interrupt handling.

    Whether it will shoot everyone in the leg one day or not, that's not clear yet.
    Oracle attempt on amending it by adding more crutches and more tape is just another proof it should.
    Last edited by Alex/AT; 10 November 2020, 04:48 PM.

    Leave a comment:


  • kobblestown
    replied
    What is the state of PCID (Process Context IDentifier) support in Linux? The feature (the /proc/cpuinfo flag is called INVPCID) has been available on Intel processors since quite a while and is present in AMD new Zen 3 architecture. It seems to me it's a good fir for KPTI.

    Also, support for it was available in VirtualBox on Windows (via a VBoxManage command). I wonder if KVM can do the same.

    Leave a comment:


  • RahulSundaram
    replied
    Originally posted by Alex/AT View Post
    Yeah, nobody could live without PTI before it existed and surely no one disables it now.
    (as if)
    Absolutely noone would ever remove patches for PTI from the upstream kernel while after the vulnerability was known and the patches were merged in and widely available and used and vulnerable hardware is widely used as well. Whether individuals disable it is up to them. That does not have any impact on upstream kernel. All of this should be obvious to you.

    Leave a comment:


  • Alex/AT
    replied
    Originally posted by RahulSundaram View Post
    In other words, in the real world, you really can't and there is zero chance of that happening.
    Yeah, nobody could live without PTI before it existed and surely no one disables it now.
    (as if)

    Leave a comment:


  • RahulSundaram
    replied
    Originally posted by Alex/AT View Post
    You actually can. This will force either throwing out hardware, or accepting the risks.
    In other words, in the real world, you really can't and there is zero chance of that happening.

    Leave a comment:


  • Alex/AT
    replied
    Originally posted by RahulSundaram View Post
    You can't throw the mitigations out without throwing out the affected hardware since these are hardware issues.
    You actually can. This will force either throwing out hardware, or accepting the risks.

    Leave a comment:


  • RahulSundaram
    replied
    Originally posted by Alex/AT View Post
    Okay. Next step: accepting Intel CPUs are vulnerable and throwing the mitigations out in favor of proper fix
    You can't throw the mitigations out without throwing out the affected hardware since these are hardware issues.

    Leave a comment:


  • Alex/AT
    replied
    Okay. Next step: accepting Intel CPUs are vulnerable and throwing the mitigations out in favor of proper fix

    Leave a comment:


  • Oracle Proposing Change To Linux's KPTI Meltdown Mitigation

    Phoronix: Oracle Proposing Change To Linux's KPTI Meltdown Mitigation

    A proposal and set of patches have been sent out around the Linux kernel's Page Table Isolation (PTI/KPTI) implementation to defer switching from the user page-table to kernel page-table until later in the kernel entry sequence. There are possible performance benefits and code improvements that would stem from this change...

    http://www.phoronix.com/scan.php?pag...-Assembly-To-C
Working...
X