@rinatik: If you look at the kernel source, PAGE_TABLE_ISOLATION requires x86_64 bit, and is auto-disabled if one is not building a 64-bit kernel (aka, if your kernel is 32-bits). Based on this, to be completely honest, I have no idea if this means that a 32-bit kernel (686) is mitigated against Meltdown or not. I shared in a previous post that i686 users can grep "cpu_insecure" from /proc/cpuinfo (
not that it indicates much), but dmesg doesn't report anything, and obviously x86_64 is a dependency; I'm not even sure what criteria to Google at this point. Perhaps someone more knowledgeable can shed insight.
EDIT: From the link I shared above:
In standard kernels, the strings Kernel/User page tables isolation: enabled or Kernel/User page tables isolation: force enabled on command line in the dmesg output means that the kernel is performing kernel page table isolation. The latter message additionally means that the kernel thinks page-table isolation is not required for this CPU.
In some vendor-patched kernels (mainly RedHat and derivatives): a nonzero value in /sys/kernel/debug/x86/pti_enabled. The absence of this file does not mean anything, however: the standard kernel does not provide it.
It would appear, then, that dmesg is one's best bet for confirming the presence of KPTI. Nonetheless, I feel like I'm misinterpreting something.
EDIT 2: I'm investigating
this page, but I'm on the move and won't be able to read it in-depth until later.