On Friday, January 5, 2018 19:26 CET, Larry Finger <Larry.Finger@lwfinger.net> wrote:
More information concerning the Linux implementation for mitigation of Meltdown
is available. The info below is copied from https://lkml.org/lkml/2018/1/4/775.
Sorting through the jargon, your mileage will vary depending on what features
are found on your CPU.
A new kernel parameter is available called "pti" for Page Table Isolation. User
and kernel space will use separate page tables to prevent any user process from
using the side-channel approach. There will be a small performance hit and some
memory increases. The feature can be turned off at build or run time, and will
automatically be turned off for AMD processors.
The details of increased memory usage are as follows:
a. Each process now needs an order-1 page directory (PGD) instead of order-0.
(Consumes 4k per process).
b. The 'cpu_entry_area' structure must be 2MB in size and 2MB aligned so that it
can be mapped by setting a single Page Mid Directory (PMD) entry. This consumes
nearly 2MB of RAM once the kernel is decompressed, but no space in the kernel
The details of CPU usage:
a. CR3 manipulation to switch between the page table copies
must be done at interrupt, syscall, and exception entry
and exit (it can be skipped when the kernel is interrupted,
though.) Moves to CR3 are on the order of a hundred
cycles, and are required every at entry and every at exit.
b. A "trampoline" must be used for SYSCALL entry. This
trampoline depends on a smaller set of resources than the
non-PTI SYSCALL entry code, so requires mapping fewer
things into the userspace page tables. The downside is
that stacks must be switched at entry time.
c. Global pages are disabled for all kernel structures not
mapped in both to kernel and userspace page tables. This
feature of the MMU allows different processes to share TLB
entries mapping the kernel. Losing the feature means more
TLB misses after a context switch. The actual loss of
performance is very small, however, never exceeding 1%.
d. Process Context IDentifiers (PCID) is a CPU feature that
allows us to skip flushing the entire TLB when switching page
tables. This makes switching the page tables (at context
switch, or kernel entry/exit) cheaper. But, on systems with
PCID support, the context switch code must flush both the user
and kernel entries out of the TLB. The user PCID TLB flush is
deferred until the exit to userspace, minimizing the cost.
e. The userspace page tables must be populated for each new
process. Even without PTI, the shared kernel mappings
are created by copying top-level (PGD) entries into each
new process. But, with PTI, there are now *two* kernel
mappings: one in the kernel page tables that maps everything
and one for the entry/exit structures. At fork(), we need to
f. In addition to the fork()-time copying, there must also
be an update to the userspace PGD any time a set_pgd() is done
on a PGD used to map userspace. This ensures that the kernel
and userspace copies always map the same userspace
g. On systems without PCID support, each CR3 write flushes
the entire TLB. That means that each syscall, interrupt
or exception flushes the TLB.
mythtv-users mailing list
email@example.com http://lists.mythtv.org/mailman/listinfo/mythtv-users http://wiki.mythtv.org/Mailing_List_etiquette
MythTV Forums: https://forum.mythtv.orgHi
In layman's terms, does this mean that we can, by using the boot-time kernel parameter "pti=disable" disable all the additional security (and potential system-overhead) in systems which we do not think are vulnerable?
Some of us are running mythtv on a minimum of hardware and would rather not take the hit.