Linus Finally Releases Linux 4.15 Kernel, Blames Intel For Delay

An anonymous reader writes: Linus Torvalds has released Linux 4.15 following the lengthy development cycle due to the Spectre v2 and Meltdown CPU vulnerability mitigation work. This update comes with many kernel improvements including RISC-V architecture support, AMDGPU Display Code support, Intel Coffee Lake graphics support, and many other improvements.
"This obviously was not a pleasant release cycle, with the whole meltdown/spectre thing coming in in the middle of the cycle and not really gelling with our normal release cycle," Linus writes. "The extra two weeks were obviously mainly due to that whole timing issue... [T]he news cycle notwithstanding, the bulk of the 4.15 work is all the regular plodding 'boring' stuff. And I mean that in the best possible way. It may not be glamorous and get the headlines, but it's the bread and butter of kernel development, and is in many ways the really important stuff.

"Go forth and play with it, things actually look pretty good despite everything. And obviously this also means that the merge window for 4.16 is open... Hopefully we'll have a _normal_ and entirely boring release cycle for 4.16. Because boring really is good."

Russian ...

[CaptainDork]

... intel.

Re:

[Anonymous Coward]

I thought everyone in the super-fun-secret club knew about Spectre and Meltdown like 6 months ago, because it took them time to code up fixes? I'm guessing Linux kernel devs weren't part of the super-fun-secret club?

Buggy Fixes

[DrYak]

I thought everyone in the super-fun-secret club knew about Spectre and Meltdown like 6 months ago, because it took them time to code up fixes? I'm guessing Linux kernel devs weren't part of the super-fun-secret club?

In general, Linux devs happens to have been working for a general class of technology (KAISER, now KPTI) that happens to also be useful against Meltdown (in addition to tons of other problems).
So from the perspective of Linux devs, not much changed (and it is the general mantra in team Linus Torvalds, that *any* bugs is a serious bug, no matter if it is a security one or not - so it's a general tendency that when there are security reports, it's business as usual).

The problem comes from the answer of the manufacturers :

- intel botched patches they were submitting (see Linus' ire about them), intel provided buggy firmware (CPU microcode) that causes problems and that Dell and HP ended-up delaying. Intel has tried to enable Meltdown circumvention for everyone even if they're almost the only constructor that's concerned, etc.

- AMD still can't really decide if version 2 of Spectre (abusing the indiredct branch prediction) can actually lead to an actual usable exploit in the wild or not. Though they at least now have determined that a few of their CPUs (since Zen, I think) are affected. So at least for now it's "enable retpoline for them, too".
etc.

Re:

[Anonymous Coward]

If it'd been intelligent, it wouldn't have referred to Ubuntu as a real distro.

Re:Has the systemd problem been fixed?

[HiThere]

systemd is not a part of the kernel. I'm giving you the benefit of the doubt here, assuming that you didn't realize that. If you don't like systemd and want to use Linux there are various options that I've considered, but not tried. There's Devuan, Slackware, etc., i.e. various distributions that don't use it at all. Or, if you want, you can customize a Debian or Gentoo installation to not use systemd. I'm not sure how long that will be possible, but it is for now.

There are also things like blackbox Linux or Linux from Scratch with allow you to assemble a system with only those pieces you desire.

That said, there are also arguments in favor of various of the BSDs. I would probably have tried them out over systemd if they could handle read/write of ext4 filesystems. There are systems I could use as an intermediate if I felt strongly enough, but systemd may not have given me any advantages, but the problems haven't been very significant, so I've never bothered.

And if you're a troll, at least this was a place to reasonably inform anyone who trusted you.

Re:

[Anonymous Coward]

systemd is not a part of the kernel.

Yet. :-)

Re:

[thegarbz]

Has the systemd problem been fixed?

No. To fix the "systemd" problem you'll need to bite the bullet and actually RTFM. Actually knowing what you're doing will solve pretty much all your problems.

Re:

[Highdude702]

This, I have never had an issue with Systemd. Sure I dont like the logging system, but other than that I hardly notice its presence, also its Linux. You can replace the init system if you so choose.

Blame Intel? He doesn't MENTION Intel

[Anonymous Coward]

He blames the Meltdown/Spectre mess in general (duh!), but he only blames the timing, which is either the discoverer's fault, or Microsoft's: the embargo was timed to coincide with patch Tuesday.

While the root cause may be placed at Intel's door, the timing of the disclosure after 10+ years of vulnerability is hardly Intel's choice, and Linus (correctly) refrains from linking them to it in any way.

Re: Does anyone really care

[Anonymous Coward]

Servers

Re:

[Luckyo]

Which notably is where both meltdown and spectre actually look really scary. Because that's the land of "compromising one specific machine can cost you a massive amount of effort, because it's still profitable".

Userland, there's actually very little worrying. There's very little value in reading random memory of any single end user machine one chunk at a time when there's nothing else you can really do. There just isn't anything that is all that valuable on such a machine to justify the effort, much less ma

Re:

[Wrath0fb0b]

Uh, if you use BitLocker, FileVault, LUKS or (True|Vera)Crypt or other disk encryption (full-disk or separate volume) then your memory must contain the master keys for any unlocked partitions.

There was one (never accepted) patch for Linux, TRESOR [wikipedia.org], that would actually keep the key in some borrowed X86_64 registers. This was intended as a mitigation against cold-boot attempts, but could be repurposed here.

Re:

[Luckyo]

And getting back to userland, how many users find anything like this relevant? We're talking a fraction of a percent here at best.

And now, what would be the value of this data to a random internet hacker? What would they do with it? The entire purpose of disk encryption is to guard against someone who also has physical access to you and your machine. At this point, we're going back to "high value target" principle.

In userland, there are few if any high value targets. The value comes from large amount of low

Re:Does anyone really care

[Anonymous Coward]

3% on the desktop last year, estimated to be 5% this year. As for the server market, 79% as of 2014 and has risen every year since. Plus all your little gadgets around the house: routers, modems, phones, TV's, set-top-boxes, IoT devices. Linux is everywhere, you could almost guarantee that there's a Linux powered device in your house and you might not know about it. And as the Kernel makes them tick, changes to it are important.

Re:Does anyone really care

[HiThere]

I agree that kernel changes are important, but this article is really light on what those changes are. A name doesn't tell you much unless you already know what that name stands for. I can't tell whether I have any reason to care about this update or not.

In fact, I'm rather annoyed by the way kernel changes reporting is done. Most articles that even pretend to be instructive pass you a link to a change log as if it were an explanation. I'm not a kernel hacker, and I don't really want to be one. I've got other things on my plate. So usually I just end up assuming that whatever the changes are they won't make any difference to me. This time there was the mention of certain specific drivers being included, and those don't matter to me. But at least that was intelligible. I'm guessing that this kernel DOESN'T include the Spectre fix, but that's a guess. (An earlier version apparently included it as a default choice with optional disabling...unless that was Meltdown.)

So I consider kernel news important, but done so poorly as to be annoyingly confusing.

Linux Weekly News

[webnut77]

The Linux Weekly News [lwn.net] usually has some pretty good information about kernel changes.

The most recent release requires a subscription, however all others are free to read.

Re:

[findoutmoretoday]

Today in Linux, tomorrow in Android

Jesus Christ

[RightwingNutjob]

Stop with the whiny editorializing in the headlines. Headlines are for facts, not for your opinion about how long it should take people who do real work to do it.

Actually...

[Anonymous Coward]

Headlines are for creating an emotional reaction in people to make them more likely to click on the article to read and/or comment. Guess who it worked on?

Re:

[Anonymous Coward]

"EditorDavid" is doing his job: troll the users to create as many page impressions as possible. It's not to fix submission errors, check the source, or even to check the facts. "His" role is to generate advert impressions on a dying site.

Re: Jesus Christ

[liefer]

Linus said himself that he was very unhappy with how long its taken them to get it out, and how it's been years since they last had such a long delay. Seems like a fairly accurate headline to me

Re:

[tgeek]

Holy Cow! You're bitching about the word "finally" in a headline??? Is it that particular adverb that offends you? Or would you be just as outraged had the chosen adverb been "quickly"?

Re:

[pots]

What editorializing? The new kernal has been released, it was delayed, the reason, says Linus, was meltdown/spectre. All of that is contained in the headline, all of those things are facts, nothing else is contained in the headline.

Are you commenting in the wrong story? Also, regardless of the story you're reading: headlines are not for facts. Headlines are there to grab people's attention and get them to read the full story. They're basically advertisements.

Linuis and Elon should Have a beer together

[wolfheart111]

Imagine what they would come up with... faster than light travel or something like that im sure. Seriously, Imagine what a group of these fine folks could do.... save our fucked up world maybe.

Re:

[stooo]

Yeah, even tesla partnered with NVidia, so this could be interesting :)

Re:

[TeknoHog]

BTW, we just had the presidential election in Finland on Sunday. Linus's father was one of the 8 candidates and he got the least votes, much to my dismay; he stood out as the intelligent and frank one among all the typical politicians who try not to hurt the feelings of the drooling masses. It's easy to see where Linus got his way of speech :)

Re: Things are so amok r now

[wolfheart111]

Anythings possible... kinda scary.

Re:

[Anonymous Coward]

Currently no protection, but also no danger - the actual exploits still don't exist, and aren't expected to show up anytime soon (the vulnerabilities are damn obscure and difficult to exploit) - plus one thing to notice the exploit in action would be a massive CPU load spike - the proof-of-concept programs were extremely CPU-heavy.

Thing is currently there are counter-measures in place that change the old exploit approach of "just call a fixed address" into "map the entire memory and locate the address you n

Re:

[Anonymous Coward]

Apparently security researchers already have a proof of concept for exploits, something I learned off one researcher on twitter who seemed legit so to speak. I don't remember the details. I don't believe for a second that there is "no danger", as the claim itself seem exaggerated and a caricature in itself.