* Borislav Petkov <b...@alien8.de> wrote: > On Wed, Jan 10, 2018 at 08:25:08AM +0100, Ingo Molnar wrote: > > We could taint the kernel and warn prominently in the syslog when PTI is > > disabled > > globally on the boot line though, if running on affected CPUs. > > > > Something like: > > > > "x86/intel: Page Table Isolation (PTI) is disabled globally. This allows > > unprivileged, untrusted code to exploit the Meltdown CPU bug to read kernel > > data." > > > > I think we should warn in the per-mm disabling case too. Not the same > text but a similar blurb about the trusted process becoming a high-value > target.
Ok - that's fine by me too, as long as it's a one time warning only. Thanks, Ingo