Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Intel Bug Linux

Linus Torvalds Calls Intel Patches 'Complete and Utter Garbage' (lkml.org) 507

An anonymous reader writes: On the Linux Kernel Mailing List, Linus Torvalds ended up responding to a long-time kernel developer (and former Intel engineer) who'd been describing a new microcode feature addressing Indirect Branch Restricted Speculation "where a future CPU will advertise 'I am able to be not broken' and then you have to set the IBRS bit once at boot time to *ask* it not to be broken."

Linus calls it "very much part of the whole 'this is complete garbage' issue. The whole IBRS_ALL feature to me very clearly says 'Intel is not serious about this, we'll have a ugly hack that will be so expensive that we don't want to enable it by default, because that would look bad in benchmarks'. So instead they try to push the garbage down to us. And they are doing it entirely wrong, even from a technical standpoint. I'm sure there is some lawyer there who says 'we'll have to go through motions to protect against a lawsuit'. But legal reasons do not make for good technology, or good patches that I should apply."

Later Linus says forcefully that these "complete and utter garbage" patches are being pushed by someone "for unclear reasons" -- and adds another criticism. The whole point of having cpuid and flags from the microarchitecture is that we can use those to make decisions. But since we already know that the IBRS overhead is huge on existing hardware, all those hardware capability bits are just complete and utter garbage. Nobody sane will use them, since the cost is too damn high. So you end up having to look at "which CPU stepping is this" anyway. I think we need something better than this garbage.
This discussion has been archived. No new comments can be posted.

Linus Torvalds Calls Intel Patches 'Complete and Utter Garbage'

Comments Filter:
  • by aglider ( 2435074 ) on Monday January 22, 2018 @02:52AM (#55976085) Homepage

    You are right, Linus, as usual.

    But I'd prefer the Linux Kernel Development team to push a complete proposal on the table.
    Like totally ditching the support to Intels starting with the releases on next March 1st (or better April?).

    • Linus Haiku (Score:5, Funny)

      by Moblaster ( 521614 ) on Monday January 22, 2018 @02:58AM (#55976099)

      Linus proclaims thus:
      This patch is a piece of shit.
      So what else is new?

      • Re:Linus Haiku (Score:5, Interesting)

        by AmiMoJo ( 196126 ) on Monday January 22, 2018 @03:35AM (#55976217) Homepage Journal

        So I'm gonna submit his email as evidence in my small claims court action against Intel.

      • Re:Linus Haiku (Score:5, Insightful)

        by sacrilicious ( 316896 ) <qbgfynfu.opt@recursor.net> on Monday January 22, 2018 @10:56AM (#55978059) Homepage

        Linus proclaims thus: This patch is a piece of shit. So what else is new?

        If you mean "useful, straight communication from Linus as usual", then I'm with ya.

        But if you're trying to imply that Linus indiscriminately calls *everything* a piece of shit, then you're so offbase that I'll wonder if you're astroturfing on behalf of Intel. When Linus criticizes stuff, he's spot on. This patch is indeed a piece of shit.

        • by gosand ( 234100 )

          Linus proclaims thus:
          This patch is a piece of shit.
          So what else is new?

          If you mean "useful, straight communication from Linus as usual", then I'm with ya.

          But if you're trying to imply that Linus indiscriminately calls *everything* a piece of shit, then you're so offbase that I'll wonder if you're astroturfing on behalf of Intel. When Linus criticizes stuff, he's spot on. This patch is indeed a piece of shit.

          Haiku yours is not
          The point missed by you it was
          It was a joke. Whoosh.

          • Re:Linus Haiku (Score:4, Informative)

            by Bootsy Collins ( 549938 ) on Monday January 22, 2018 @02:06PM (#55979835)

            Haiku yours is not The point missed by you it was It was a joke. Whoosh.

            For what it's worth, your post isn't a haiku either. Nor was the original "Linus Haiku". A haiku need not have a 5-7-5 syllable structure; and a 5-7-5 syllable structure does not make something a haiku. Haiku require a cutting word (kireji), and carry imagery of the natural world.

            These are closer to senryu than haiku.

    • by Anonymous Coward on Monday January 22, 2018 @03:07AM (#55976115)

      And how does excluding 80-90% of the installed user base help Linux exactly?

      I understand the sentiment, it's just not a professional way of handling the situation.

      • And how does excluding 80-90% of the installed user base help Linux exactly?

        I understand the sentiment, it's just not a professional way of handling the situation.

        It doesn't help anyone and neither does the patch in question. Until new CPU models from Intel hit the market, this shitty patch will do exactly nothing. And we should thank Linus for telling Intel to make the new CPU models less shitty than they were obviously planning to.

      • by Zaiff Urgulbunger ( 591514 ) on Monday January 22, 2018 @09:07AM (#55977367)

        I understand the sentiment, it's just not a professional way of handling the situation.

        Linus always tells it like it is, which you can either view as professional or not. But from an engineering perspective, it seems better to do that than just say something polite so you don't upset people.

        It appears to me he's directing his displeasure at Intel management/legal/marketing making decisions where really they shouldn't.

        And how does excluding 80-90% of the installed user base help Linux exactly?

        I very much doubt he's going to do anything of the sort. I would suggest the exact opposite in fact; he wants the best solution for all and is complaining that Intel's patches are constructed for their own benefit (legal/ass-covering), rather than that of their customers.

      • by sjames ( 1099 ) on Monday January 22, 2018 @10:39AM (#55977943) Homepage Journal

        Why not? Somebody has to call bullshit on this.

        What would you have him do, get some PR flunky to "corporatize" the message until nobody is really sure what it's all about?

    • by mwvdlee ( 775178 ) on Monday January 22, 2018 @03:40AM (#55976235) Homepage

      I went in expecting the usual Linus ranting, and although he doesn't disappoint in that department, he also has a valid point.

      As I understand it, Intel proposes to build in a switch in future CPU's which tells the CPU to stop being insecure. The switch is going to be off by default and must be switched on by the kernel during boot. Intel proposes to let all future CPU's be insecure by default.

      • by cas2000 ( 148703 ) on Monday January 22, 2018 @04:23AM (#55976417)

        by doing this it magically becomes the operating system's fault that the CPUs are insecure by design.

        "we documented how OS vendors could turn on the secure mode and cripple performance at the same time. they chose not to use it, so any security flaws are their fault".

      • by rgmoore ( 133276 )

        I went in expecting the usual Linus ranting, and although he doesn't disappoint in that department, he also has a valid point.

        Linus usually has a valid point when he goes on one of his rants. They aren't just a cranky guy slagging people at random; they're his way of calling out especially bad bullshit. That's the only reason people are willing to put up with them.

    • Considering how messy were the recent Intel-contributed patches applied to various servers (unexpected reboots for instance), Linus must be at least partially right.
  • Don't forget guys (Score:5, Informative)

    by Anonymous Coward on Monday January 22, 2018 @03:06AM (#55976113)

    Don't forget guys Intel are the biggest contributor of code to the Linux kernel and it was they who wrote that code that would have crippled AMD as well as Intel cpus against their own flaw. Luckily AMD picked up on it and submitted a "elseif" statement to Intels code so AMD users wouldn't be neeedlessly affected by Intels cpu flaw.

  • by DrTJ ( 4014489 ) on Monday January 22, 2018 @03:21AM (#55976167)

    From the email correspondance; Linus says to mr Woodhouse:

    "As it is, the patches are COMPLETE AND UTTER GARBAGE.

    They do literally insane things. They do things that do not make
    sense. That makes all your arguments questionable and suspicious. The
    patches do things that are not sane.

    WHAT THE F*CK IS GOING ON?"

    In the post, Linus is not addressing much technical detail (just mentions "garbage MSR writes" whatever than means), but his bullshit detector goes off big time.

    It is clear that he thinks the patches are sub-optimal, but that in itself cannot be the first time in Linux kernel history. There seems to be something else behind, or why would he ask "WHAT THE F*CK IS GOING ON" question? Why does he play the "questionable" and "suspicious" card? Does he think that there is something shady going on from Intel, that goes beyond the technical stuff?

    Can anyone shed some light?

    • by Anonymous Coward on Monday January 22, 2018 @03:48AM (#55976263)

      Linus is pointing out that the patches as submitted do things that should not be necessary. For example, the Linux kernel now uses this code technique called “retpoline” to avoid one of the Spectre bug variants. But this set of new patches also includes a performance-hurting workaround for the same Spectre variant that was already worked around. Why would that be necessary? It suggests that maybe Intel isn’t fully disclosing everything that they know, and that maybe the “retpoline” workaround is insufficient for reasons that Intel is keeping secret.

      • by ytene ( 4376651 ) on Monday January 22, 2018 @06:21AM (#55976717)
        You make some really interesting points around retpoline, but I wonder if this latest from Intel fails to account for this because they are being disingenuous, or because they continue to be a bunch of idiots?

        We're seeing similar problems to this with other very-long-established technologies, such as Windows [with Windows 10]. Things that have worked for decades up until W10 are breaking, or they are breaking in new and frustrating ways.

        For example, I have a triple-screen setup and using removable SSDs via a caddy unit, I can boot my computer into 2 different W10 instances, as well as multiple Linux builds. The 2 W10 instances behave in completely different ways, despite being set up, by me, with EXACTLY the same approach [scripted]. On one of them the Task Bar keeps relocating itself around the desktop, on the other it remains static. I've been back-and-forth with Microsoft and they don't know why...

        At the root of the problem I suspect they have changed something in W10, written by someone no longer at the company, possibly poorly documented and possibly with unknown consequences.

        Maybe Intel are having similar issues... A decision was made a very long time ago to do something insecure and stupid with speculative execution, but the person who made that decision is no longer with the company, so a new Team are trying to fix it and simply don't know what they're doing...

        I honestly don't know what the source is, but I do know that I am seeing "existing" functionality break with much greater frequency on core platforms like this. It just smacks of carelessness...
    • by ledow ( 319597 ) on Monday January 22, 2018 @04:04AM (#55976325) Homepage

      He's saying that you shouldn't have to "opt-in" to the security that everybody expects when you boot up your processor.

      At the moment, the processor just says "Hey, if you flip some magic bits when I boot I'll slow myself down and try to apply a fix".

      The processor should instead say "Hey, I'm one of the fixed models, don't bother trying to fix me again".

      It's a marketing / legal tactic so they can say the processor runs at such-a-speed (but insecurely) whereas anyone who actually cares about using the processor has to - every boot - flips lots of magic bits to make it secure and kill its performance. If you forget, insecure. If you do it wrong, insecure. If your OS doesn't support it, insecure.

      What Linus wants, and I can't disagree with, is a flag to this "this processor isn't vulnerable, so you don't need to do anything." which, if it's not present, they know that they have to apply as many protections as they can but can say "Hey, you have an insecure processor, we'll do our best" in the syslogs.

  • by LubosD ( 909058 ) on Monday January 22, 2018 @04:36AM (#55976449)

    Is it just my impression that Intel didn't do squat during the past half year, and only started searching for fixes now that the vulnerabilities are public?

    What's also shocking to me, Intel is introducing new CPU models to the market that still don't have the flaws fixed. They really think the whole problem is overrated and no urgent action is needed.

  • by Areyoukiddingme ( 1289470 ) on Monday January 22, 2018 @09:47PM (#55982925)

    Linus said some bad words about Intel's behavior to Mr. Woodhouse, an Amazon employee.

    Amazon is a major cloud provider.

    Linus is now in his late 40s.

    So.... the headline should read "OLD MAN YELLS AT CLOUD! CLOUD ANSWERS!"

Trap full -- please empty.

Working...