Thanks to the work done by Joyent on fixes for the Meltdown attack, we now have beta OmniOS updates available for testing. These updates include the KPTI (and PCID) work up to Joyent’s kpti-squash branch.
Any and all testing is useful, especially with “weird” things like LDT-using code, older machines, etc.
The test update can be applied to a bloody system and will install into a new boot-environment so that you can easily switch back and forth as required.
# pkg update pkg # pkg apply-hot-fix --be-name=kpti https://downloads.omniosce.org/pkg/bloody/kpti.p5p # init 6
To check if you are running with KPTI enabled:
# echo kpti_enable/X | mdb -k
To check CPU features for PCID/INVPCID support:
# echo ::x86_featureset | mdb -k | grep -i pcid
To confirm PCID is being used (look for cr3 values starting with 0x8 as shown below):
# echo "cpus::print cpu_t cpu_m.mcpu_kpti.kf_user_cr3" | mdb -k cpu_m.mcpu_kpti.kf_user_cr3 = 0x8000000800083001