Posted on 14/03/2018 by Gustavo Padovan
The recent disclosure of Meltdown and Spectre hardware vulnerabilities were unprecedented in the history of computing. They affect a substantial portion of chips powering most of the infrastructure used by our society today.
While software vulnerabilities can be easily repaired with an update, it is a completely different story when it comes to hardware, and the Linux Kernel community had a hard time dealing with them.
The mitigation for Meltdown came in the form of a fundamental change of the kernel memory management through the kernel page-table isolation (KPTI) patch set merged in 4.15-rc6, which isolates the kernel page table from the userspace page table.
Spectre, on the other hand, is much harder to fix, and while initial mitigation exists, more elegant and efficient solutions are yet to be developed. As its name says, Spectre may still haunt us for quite some time.
These issues may be just the first of their kind but they are already causing all of us to be exposed. Too many service providers and product companies have failed and will continue to fail at patching their kernels.
Shifting all industries and sectors toward following the mainline Linux kernel closely is more crucial than ever.
(Originally published in Linux Format magazine, Issue 234, January 2018)
A well-known Linux kernel developer once said, a poor craftsman famously complains about his tools, but a good craftsman knows how to choose…
The second part of this series takes a more in-depth look at the eBPF VM and program studied in the first part. Having this low level knowledge…
Interested in learning more about low-level specifics of the eBPF stack? Read on as we take a deep dive, from its VM mechanisms and tools,…
It's now possible to run Android applications in the same graphical environment as regular Wayland Linux applications with full 3D acceleration.…
In the previous post I introduced you to the subject of USB gadgets implemented as machines running Linux. In this post, we look at how…
In this tutorial, we'll look at how to create a functional and simple Arch Linux virtual machine image, that can have network access, display…