*

Linux isn't immune

Gustavo Padovan avatar

Posted on 14/03/2018 by Gustavo Padovan

The recent disclosure of Meltdown and Spectre hardware vulnerabilities were unprecedented in the history of computing. They affect a substantial portion of chips powering most of the infrastructure used by our society today.

While software vulnerabilities can be easily repaired with an update, it is a completely different story when it comes to hardware, and the Linux Kernel community had a hard time dealing with them.

The mitigation for Meltdown came in the form of a fundamental change of the kernel memory management through the kernel page-table isolation (KPTI) patch set merged in 4.15-rc6, which isolates the kernel page table from the userspace page table.

Spectre, on the other hand, is much harder to fix, and while initial mitigation exists, more elegant and efficient solutions are yet to be developed. As its name says, Spectre may still haunt us for quite some time.

These issues may be just the first of their kind but they are already causing all of us to be exposed. Too many service providers and product companies have failed and will continue to fail at patching their kernels.

Shifting all industries and sectors toward following the mainline Linux kernel closely is more crucial than ever.

(Originally published in Linux Format magazine, Issue 234, January 2018)

Comments (0)


Add a Comment






Allowed tags: <b><i><br>Add a new comment:


Latest Blog Posts

En route to a robust GPU device selection in GL

21/08/2018

A look at the work and motivation behind implementing the Khronos EGLDevice extensions in Mesa. These extensions allow users of open source…

Cross-compilation made easy for GNOME Builder

03/08/2018

GNOME Builder is an Integrated Development Environment designed for the GNOME ecosystem. It most notably features a deep integration to…

kms_swrast: A hardware-backed graphics driver

01/08/2018

Presenting a new, hardware-backed, software graphics driver, built upon the Mesa gallium driver framework, which uses kernel kms drm nodes…

The docker.io Debian package is back to life

04/07/2018

Last week, a new version of docker.io, the Docker package provided by Debian, was uploaded to Debian Unstable. Quickly afterwards, the package…

Introducing debos, a versatile images generator

27/06/2018

In Debian and derivative systems, there are many ways to build images. The simplest tool of choice is often debootstrap. It works by downloading…

Secure video comes of age

25/06/2018

Launched by Haivision in 2017, and freely available on GitHub via the Mozilla Public License 2.0, SRT is an innovative UDP-based protocol…

Open Since 2005 logo

We use cookies on this website to ensure that you get the best experience. By continuing to use this website you are consenting to the use of these cookies. To find out more please follow this link.

Collabora Ltd © 2005-2018. All rights reserved. Website sitemap.