Computer systems around the world are getting a raft of patches in the wake of the Meltdown and Spectre vulnerabilities. These low-level bugs affect many different CPUs and architectures, but Intel was hit harder than most. As the company starts rolling out patches, not everyone is happy with the quality of Intel’s work. In fact, original Linux developer Linus Torvalds has called Intel’s patches “COMPLETE AND UTTER GARBAGE.” He actually used caps lock, so you know he’s serious.
Spectre and Meltdown target some core features of modern CPU known as speculative execution. These features allow CPUs to “prime the pump” by doing calculations that may be needed in the future. Spectre and Meltdown abuse cache timing to leak information from the system. All you really need to know is these are serious vulnerabilities that are difficult to patch because of the low-level features they target. Google managed to come up with innovative means to patch its cloud services, but other firms have had issues.
Torvalds’ feelings on the Intel patch were made public in an email chain with Amazon engineer David Woodhouse. He takes issue with the content of the Spectre (variant 2) patch as well as the way it’s implemented on Linux systems. “Has anybody talked to them and told them they are f*cking insane?” Torvalds says at one point in the exchange.
The “insane” part, according to Torvalds, is that Intel has added redundant junk to the patch and made the entire thing optional. Administrators actually need to opt into the patch via a software flag when booting the system. Torvalds says this is because Intel’s Meltdown patch (known as “Indirect Branch Restricted Speculation” or IBRS) is so inefficient that rolling it out universally would cause substantial performance hits. In addition, Torvalds says many of the changes made by the patch are redundant when Google’s “retpoline” already provides protection.
As Torvalds points out, it looks like Intel’s approach to patching Spectre is to not patch it. The software flag is a weird half measure when we’re talking about such a serious flaw. Torvalds also complains that Intel seems determined to punt on the issue until it implements architectural changes down the road.
Intel has responded to Torvalds’ concerns without really saying anything — pretty standard for PR. The company says it’s “actively engaging with the Linux community, including Linus.” We’re not out of the woods yet, so it’s good we’ve got people like Linus Torvalds holding Intel’s feet to the fire.