Web lists-archives.com

Re: comment and new question--when do upgrades take effect




On Mon, Jan 29, 2018 at 08:29:33AM -0600, Richard Owlett wrote:
> On 01/29/2018 08:15 AM, Andy Smith wrote:
> > [snip]
> > 
> > The dangerous effects of Meltdown are avoided in Linux by use of the
> > KPTI feature which is now in Debian's supported kernels.
> > 
> 
> I've seen comments such as that before.
> But I've not seen anything about "What is KPTI or how to use it".
> 
KPTI - kernel page table isolation

It basicall puts all kernel memory addresses in a completely different
address range than those of user processes.  You don't "use" it as the
kernel handles all of that for you.  All that is needed is to boot a
kernel that has the feature and then it will work automatically.  The
reason it protects against Meltdown is because accesses to kernel memory
under the new construct will force a context switch (meaning that stale
values are not left in machine registers that are accesible to user
code).

Also, there is a parameter you can pass to the kernel at boot time to
disable KPTI if you would rather not have it.

The Wikipedia article on the subject is much more informative, if you
want to go deeper.

Regards,

-Roberto

-- 
Roberto C. Sánchez