Nicolai Stange
By: Nicolai Stange

May 7, 2018 1:54 pm

1,489 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 4 – The Conclusion)

Now that everything has been set to go as described in Part 1 (Key technical obstacles for Live Patching Meltdown), Part 2 (Virtual address mappings and the Meltdown vulnerability)  and Part 3 (Changes needed for Translation Lookaside Buffer (TLB) flushing primitives), the last missing piece is to actually replace the entry code and make it […]

Read More


Nicolai Stange
By: Nicolai Stange

May 4, 2018 12:20 pm

1,272 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 3)

Building upon the Part 1 (Key technical obstacles for Live Patching Meltdown) and the Part 2 (Virtual address mappings and the Meltdown vulnerability), let's now address the needed changes to the TLB flushing primitives. In order to resolve virtual to physical addresses, a CPU must traverse the page table tree. This is a costly […]

Read More


Nicolai Stange
By: Nicolai Stange

May 3, 2018 11:59 am

1,406 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 2)

Following up on the Part 1 about key technical obstacles for Live Patching Meltdown, in this blog I will give you some background on virtual address mappings in context of the Meltdown vulnerability and look at patching kGraft itself! Virtually mapped memory is a protection feature provided by the CPU, orthogonal to the privilege separation […]

Read More


Nicolai Stange
By: Nicolai Stange

May 2, 2018 2:37 pm

3,498 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 1)

Meltdown is one of the biggest and complex security vulnerabilities that happened recently and impacted almost everyone. I am a SUSE live patching engineer and wanted to share with you how unique fixing this vulnerability was in terms of scope and complexity. My goal was to see if I could also create a live patch […]

Read More