You are not logged in.
This article seems to be doing the rounds a lot today (especially in the office) so I was just wondering how will BL be affected by the potential patch? The main concern seems to be the performance penalty that will be suffered as a result of separating the kernel's memory completely from user processes using KPTI.
Are we likely to inherit a Debian fix and add it immediately in the current BL release?
Offline
This article seems to be doing the rounds a lot today (especially in the office) so I was just wondering how will BL be affected by the potential patch? The main concern seems to be the performance penalty that will be suffered as a result of separating the kernel's memory completely from user processes using KPTI.
Are we likely to inherit a Debian fix and add it immediately in the current BL release?
Helium: Definitely.
Hydrogen: Can't tell for sure yet, but given that jessie is only oldstable, chances are very good.
You can watch for a fixed kernel package using the Debian Security Tracker and the relevant CVEs. As soon as a fixed kernel for a given Debian suite has been released, it'll be marked as such:
Offline
The main concern seems to be the performance penalty
The protections applied by the new patches can be disabled via a kernel command line parameter to restore the vulnerable behaviour.
It's probably worth noting that only applications which make heavy use of syscalls (such as virtualisation) will suffer badly, most desktop programs will only slow down by ~1-2% (hopefully).
EDIT: https://www.phoronix.com/scan.php?page= … 6pti&num=2
Last edited by Head_on_a_Stick (2018-01-04 18:30:00)
“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.
Offline
Are we likely to inherit a Debian fix and add it immediately in the current BL release?
As Kernel series 4.14, 4.9, 4.4, 3.16, 3.18 and 3.12 LTS got patched in upstream already I assume it won't take too long until Debian's kernels get updated as well, at least for Jessie and upwards.
Offline