KPTI Support For 64-bit ARM Getting Buttoned Up Ahead Of Linux 4.16

Kernel Page Table Isolation (KPTI) landed at the start of the year for x86/x86_64 systems for fending off the much talked about CPU attacks while the ARM64 / 64-bit ARM code is still a work-in-progress but looks like it will be squared away for the upcoming Linux 4.16 kernel cycle.

There is this Git branch and the base work for those wishing to track the last minute alterations. There is currently the latest KPTI page table isolation patches for ARM64 and does include a return trampoline, a new HARDEN_BRANCH_PREDICTOR Kconfig switch, branch predictor hardening for Falkor and Cortex-A CPUs, and other security hardening improvements.

This functionality will be enabled by default on ARM64 SoCs. It will be interesting to benchmark it once mainlined and will be interesting to see if all of this work gets backported and how many of the different SoC/board vendors will send down timely kernel updates, given the mess that is the ARM Linux kernel situation with a lot of fragmentation and different kernel versions through the dozens (hundreds?) of different ARM SBCs with its unique landscape.