Oracle Proposing Change To Linux's KPTI Meltdown Mitigation

Written by Michael Larabel in Linux Security on 10 November 2020 at 06:13 AM EST. 9 Comments
LINUX SECURITY
A proposal and set of patches have been sent out around the Linux kernel's Page Table Isolation (PTI/KPTI) implementation to defer switching from the user page-table to kernel page-table until later in the kernel entry sequence. There are possible performance benefits and code improvements that would stem from this change.

The proposal by kernel engineer Alexandre Chartre of Oracle is to defer making the page table isolation CR3 control register switch until hitting the kernel C code rather than the switch being early on within the Assembly entry code.

By waiting until hitting the C code rather than the early kernel entry code, the Assembly code could be simplified to make it more easy to understand. The change would also make it easier to integrate features like address space isolation or possibly allowing some syscalls / interrupt handlers to avoid KPTI and thereby avoiding the notorious KPTI page-table switching overhead. But in the initial patches no white-listing of any syscalls or the like are granted for avoiding the KPTI page-table switch.

The 24 patches for moving around the CR3 switch for KPTI from the Assembly code to C was sent out on Monday under a "request for comments" flag while waiting to see what other upstream kernel developers think of this proposal.

If running on a Meltdown-affected processor needing Kernel Page Table Isolation, another way to just outright disable the mitigation if wanting to recover some of the lost performance is by setting the nopti kernel option or even mitigations=off albeit potentially putting your system security at risk.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week