View Single Post
  #1  
Old January 29th 18, 06:25 AM posted to alt.privacy.anon-server, alt.comp.os.windows-10,comp.os.linux.advocacy, comp.sys.intel, comp.sys.hp.hardware
Nomen Nescio
external usenet poster
 
Posts: 149
Default Linus Torvalds declares Intel fix for Meltdown/Spectre 'COMPLETE ANDUTTER GARBAGE'

The always outspoken Linus Torvalds, best known for his
continuing work on the innermost code of Linux systems, has
harsh words to say and accusations to level against Intel. His
evaluation of Intel’s latest proposed fix for the
Meltdown/Spectre issue: “the patches are COMPLETE AND UTTER
GARBAGE.” As a potential line of inquiry, he suggests: “Has
anybody talked to them and told them they are f*cking insane?”
(Asterisk his.)

These and other kind epithets are awarded by Torvalds in a
public email chain between him and David Woodhouse, an engineer
at Amazon in the U.K., regarding Intel’s solution as relating to
the Linux kernel. The issue is (as far as I can tell as someone
far out of their depth) a clumsy and, Torvalds argues, “insane”
implementation of a fix that essentially does nothing while also
doing a bunch of unnecessary things.

The fix needs to address Meltdown (which primarily affects Intel
chips), but instead of just doing so across the board, it makes
the whole fix something the user or administrator has to opt
into at boot. Why even ask, if this is such a huge
vulnerability? And why do it at such a low level when future
CPUs will supposedly not require it, at which point the choice
would be at best unnecessary and at worst misleading or lead to
performance issues?
Meanwhile, a bunch of other things are added in the same patch
that Torvalds points out are redundant with existing solutions,
for instance adding protections against an exploit already
mitigated by Google Project Zero’s “retpoline” technique.

Why do this? Torvalds speculates that a major part of Intel’s
technique, in this case “Indirect Branch Restricted Speculation”
or IBRS, is so inefficient that to roll it out universally would
result in widespread performance hits. So instead, it made the
main Meltdown fix optional and added the redundant stuff to make
the patch look more comprehensive.

Is Intel really planning on making this **** architectural? Has
anybody talked to them and told them they are f*cking insane?

They do literally insane things. They do things that do not make
sense. That makes all your [i.e. Woodhouse’s] arguments
questionable and suspicious. The patches do things that are not
sane.

…So somebody isn’t telling the truth here. Somebody is pushing
complete garbage for unclear reasons. Sorry for having to point
that out.

Woodhouse (who in a long-suffering manner asks they “be done
with the shouty part”), later in the thread acknowledges
Torvalds’ criticism, calling IBRS is “a vile hack” and agreeing
that “There’s no good reason for it to be opt-in.” But he but
notes some points that are, if not exactly in favor of Intel’s
approach, at least explain it a bit.

Intel, for its part, offered the following statement: “We take
the feedback of industry partners seriously. We are actively
engaging with the Linux community, including Linus, as we seek
to work together on solutions.” So at least they seem to still
be on a first-name basis.

At any rate, this is all very deep discussion and really only a
small slice of it. I’m not highlighting this because I think
it’s technically interesting (I’m not really qualified to say
so) or consequential in terms of what users will see (it’s hard
to say at this point) but rather to simply point out that the
Meltdown/Spectre debacle is far from over — in fact, it’s barely
begun.

What we saw a few weeks back was the initial wave of craziness
and the first line of defense being established. But the work of
protecting the billions of devices affected by these problems is
going to go on for years as conflicts like this work themselves
out. And Linus Torvalds, as profane as his criticisms are wont
to be, is one of the many people working hard on behalf of the
open-source community and the people who ultimately benefit from
it down the line.

If there weren’t detail-oriented, no-BS, old-school coders out
there watching out for the likes of you and me, the great
complacent unwashed out here in userland, we would have to take
whatever Intel and the others hand us and thank them in our
ignorance. I for one am glad to have people smarter and more
uncompromising than myself fighting on our behalf, however
“shouty” they may be.

Comments:

Hugh Cry · University of Calgary, Canada
Because Linux is bug free, right? Torvalds is sitting in a glass
house.
Like · Reply · 10 · Jan 22, 2018 12:48pm

Gene Keenan · Works at Self-Employed
https://www.theverge.com/.../intel-advises-pause...
Like · Reply · 5 · Jan 22, 2018 12:55pm

Vince Feminella · Head Brewer at Screwy Brewing Company
uh...while Linux runs on Intel, its far from being a CPU
architecture.
Like · Reply · 10 · Jan 22, 2018 12:59pm

Mace Moneta
This has nothing to do with being "bug free" it's about the way
a bug was (not) fixed.
Like · Reply · 38 · Jan 22, 2018 1:00pm · Edited

https://techcrunch.com/2018/01/22/li...eclares-intel-
fix-for-meltdown-spectre-complete-and-utter-garbage/