*

Linux isn't immune

Gustavo Padovan avatar

Posted on 14/03/2018 by Gustavo Padovan

Share this post:

The recent disclosure of Meltdown and Spectre hardware vulnerabilities were unprecedented in the history of computing. They affect a substantial portion of chips powering most of the infrastructure used by our society today.

While software vulnerabilities can be easily repaired with an update, it is a completely different story when it comes to hardware, and the Linux Kernel community had a hard time dealing with them.

The mitigation for Meltdown came in the form of a fundamental change of the kernel memory management through the kernel page-table isolation (KPTI) patch set merged in 4.15-rc6, which isolates the kernel page table from the userspace page table.

Spectre, on the other hand, is much harder to fix, and while initial mitigation exists, more elegant and efficient solutions are yet to be developed. As its name says, Spectre may still haunt us for quite some time.

These issues may be just the first of their kind but they are already causing all of us to be exposed. Too many service providers and product companies have failed and will continue to fail at patching their kernels.

Shifting all industries and sectors toward following the mainline Linux kernel closely is more crucial than ever.

(Originally published in Linux Format magazine, Issue 234, January 2018)

Comments (0)


Add a Comment






Allowed tags: <b><i><br>Add a new comment:


Latest Blog Posts

A dream come true: Android is finally using DRM/KMS

17/12/2018

Released a few months ago, the Google Pixel 3 is the first Android phone running with the mainline graphics stack. A feat that was deemed…

Convincing your manager that upstreaming is in their best interest

28/11/2018

In an ideal world, everyone would implicitly understand that it just makes good business sense to upstream some of the modifications made…

Metrics for test suite comprehensiveness

23/11/2018

How can we measure the comprehensiveness of a test suite? Code coverage is the standard metric used in the industry and makes intuitive…

Gaining eBPF vision: A new way to trace Linux filesystem disk requests

21/11/2018

A real-world use case of eBPF tracing to understand file access patterns in the Linux kernel and optimize large applications.

Quick hack: Speed up your GitLab CI

06/11/2018

Did you know you could register your own PC, or a spare laptop collecting dust in a drawer, to get instant CI going on GitLab? Not only…

Introducing Zink, an OpenGL implementation on top of Vulkan

31/10/2018

For the last month or so, I've been playing with a new project during my work at Collabora, and as I've already briefly talked about at…

Open Since 2005 logo

We use cookies on this website to ensure that you get the best experience. By continuing to use this website you are consenting to the use of these cookies. To find out more please follow this link.

Collabora Ltd © 2005-2018. All rights reserved. Website sitemap.