We're hiring!
*

Linux isn't immune

Gustavo Padovan avatar

Gustavo Padovan
March 14, 2018

Share this post:

The recent disclosure of Meltdown and Spectre hardware vulnerabilities were unprecedented in the history of computing. They affect a substantial portion of chips powering most of the infrastructure used by our society today.

While software vulnerabilities can be easily repaired with an update, it is a completely different story when it comes to hardware, and the Linux Kernel community had a hard time dealing with them.

The mitigation for Meltdown came in the form of a fundamental change of the kernel memory management through the kernel page-table isolation (KPTI) patch set merged in 4.15-rc6, which isolates the kernel page table from the userspace page table.

Spectre, on the other hand, is much harder to fix, and while initial mitigation exists, more elegant and efficient solutions are yet to be developed. As its name says, Spectre may still haunt us for quite some time.

These issues may be just the first of their kind but they are already causing all of us to be exposed. Too many service providers and product companies have failed and will continue to fail at patching their kernels.

Shifting all industries and sectors toward following the mainline Linux kernel closely is more crucial than ever.

(Originally published in Linux Format magazine, Issue 234, January 2018)

Comments (0)


Add a Comment






Allowed tags: <b><i><br>Add a new comment:


Search the newsroom

Latest Blog Posts

Visual-inertial tracking for Monado

05/04/2022

Monado now has initial support for 6DoF ("inside-out") tracking for devices with cameras and an IMU! Three free and open source SLAM/VIO…

Spotlight on Meson's full-featured developer environment

30/03/2022

When developing an application or a library, it is very common to want to run it without installing it, or to install it into a custom prefix…

How to write a Vulkan driver in 2022

23/03/2022

An incredible amount has changed in Mesa and in the Vulkan ecosystems since we wrote the first Vulkan driver in Mesa for Intel hardware…

Improving the reliability of file system monitoring tools

14/03/2022

Every file system used in production has tools to try to recover from system crashes. To provide a better infrastructure for those tools,…

PipeWire: A year in review & a look ahead

08/03/2022

The PipeWire project made major strides over the past few years, bringing shiny new features, and paving the way for new possibilities in…

Landing a new syscall, part 1: What is futex?

08/02/2022

Over the past 18 months, we have been on a roller-coaster ride developing futex2, a new set of system calls. As part of this effort, the…

Open Since 2005 logo

We use cookies on this website to ensure that you get the best experience. By continuing to use this website you are consenting to the use of these cookies. To find out more please follow this link.

Collabora Ltd © 2005-2022. All rights reserved. Privacy Notice. Sitemap.