The always outspoken Linus Torvalds, best known for his continuing work on the innermost code of Linux systems, has harsh words to say and accusations to level against Intel. His evaluation of Intel’s latest proposed fix for the Meltdown/Spectre issue
These and other kind epithets are awarded by Torvalds in a public email chain between him and David Woodhouse, an engineer at Amazon in the U.K., regarding Intel’s solution as relating to the Linux kernel. The issue is (as far as I can tell as someone far out of their depth) a clumsy and, Torvalds argues, “insane” implementation of a fix that essentially does nothing while also doing a bunch of unnecessary things.
The fix needs to address Meltdown (which primarily affects Intel chips), but instead of just doing so across the board, it makes the whole fix something the user or administrator has to opt into at boot. Why even ask, if this is such a huge vulnerability? And why do it at such a low level when future CPUs will supposedly not require it, at which point the choice would be at best unnecessary and at worst misleading or lead to performance issues?
Meanwhile, a bunch of other things are added in the same patch that Torvalds points out are redundant with existing solutions, for instance adding protections against an exploit already mitigated by Google Project Zero’s “retpoline” technique.
Why do this? Torvalds speculates that a major part of Intel’s technique, in this case “Indirect Branch Restricted Speculation” or IBRS, is so inefficient that to roll it out universally would result in widespread performance hits. So instead, it made the main Meltdown fix optional and added the redundant stuff to make the patch look more comprehensive.
Is Intel really planning on making this shit architectural? Has anybody talked to them and told them they are f*cking insane?
They do literally insane things. They do things that do not make sense. That makes all your [i.e. Woodhouse’s] arguments questionable and suspicious. The patches do things that are not sane.
…So somebody isn’t telling the truth here. Somebody is pushing complete garbage for unclear reasons. Sorry for having to point that out.
Woodhouse (who in a long-suffering manner asks they “be done with the shouty part), later in the thread acknowledges Torvalds’ criticism, calling IBRS is “a vile hack” and agreeing that “There’s no good reason for it to be opt-in.” But he but notes some points that are, if not exactly in favor of Intel’s approach, at least explain it a bit.
Intel, for its part, offered the following statement: “We take the feedback of industry partners seriously. We are actively engaging with the Linux community, including Linus, as we seek to work together on solutions.” So at least they seem to still be on a first-name basis.
At any rate, this is all very deep discussion and really only a small slice of it. I’m not highlighting this because I think it’s technically interesting (I’m not really qualified to say so) or consequential in terms of what users will see (it’s hard to say at this point) but rather to simply point out that the Meltdown/Spectre debacle is far from over — in fact, it’s barely begun.
What we saw a few weeks back was the initial wave of craziness and the first line of defense being established. But the work of protecting the billions of devices affected by these problems is going to go on for years as conflicts like this work themselves out. And Linus Torvalds, as profane as his criticisms are wont to be, is one of the many people working hard on behalf of the open-source community and the people who ultimately benefit from it down the line.
If there weren’t detail-oriented, no-BS, old-school coders out there watching out for the likes of you and me, the great complacent unwashed out here in userland, we would have to take whatever Intel and the others hand us and thank them in our ignorance. I for one am glad to have people smarter and more uncompromising than myself fighting on our behalf, however “shouty” they may be.