The file /sys/devices/system/cpu/vulnerabilities/meltdown always says that we are vulnerable, even when PTI mitigation is actually enabled. The code that checks and prints PTI mitigation status is under ifdef CONFIG_KAISER which is never defined. We have CONFIG_PAGE_TABLE_ISOLATION instead of CONFIG_KAISER, so use it instead.
Before: cat /sys/devices/system/cpu/vulnerabilities/meltdown Vulnerable After: cat /sys/devices/system/cpu/vulnerabilities/meltdown Mitigation: PTI Signed-off-by: Andrey Ryabinin <aryabi...@virtuozzo.com> --- arch/x86/kernel/cpu/bugs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 21c6210682aa..cc77927b4daf 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -606,7 +606,7 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr switch (bug) { case X86_BUG_CPU_MELTDOWN: -#ifdef CONFIG_KAISER +#ifdef CONFIG_PAGE_TABLE_ISOLATION if (kaiser_enabled) return sprintf(buf, "Mitigation: PTI\n"); #endif -- 2.18.0 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel