Linus Torvalds Says Intel’s Spectre Fix Is ‘Complete and Utter Garbage’

Linus Torvalds Says Intel’s Spectre Fix Is ‘Complete and Utter Garbage’

Computer systems around the world are getting a raft of patches in the wake of the Meltdown and Spectre vulnerabilities. These low-level bugs affect many different CPUs and architectures, but Intel was hit harder than most. As the company starts rolling out patches, not everyone is happy with the quality of Intel’s work. In fact, original Linux developer Linus Torvalds has called Intel’s patches “COMPLETE AND UTTER GARBAGE.” He actually used caps lock, so you know he’s serious.

Spectre and Meltdown target some core features of modern CPU known as speculative execution. These features allow CPUs to “prime the pump” by doing calculations that may be needed in the future. Spectre and Meltdown abuse cache timing to leak information from the system. All you really need to know is these are serious vulnerabilities that are difficult to patch because of the low-level features they target. Google managed to come up with innovative means to patch its cloud services, but other firms have had issues.

Torvalds’ feelings on the Intel patch were made public in an email chain with Amazon engineer David Woodhouse. He takes issue with the content of the Spectre (variant 2) patch as well as the way it’s implemented on Linux systems. “Has anybody talked to them and told them they are f*cking insane?” Torvalds says at one point in the exchange.

The “insane” part, according to Torvalds, is that Intel has added redundant junk to the patch and made the entire thing optional. Administrators actually need to opt into the patch via a software flag when booting the system. Torvalds says this is because Intel’s Meltdown patch (known as “Indirect Branch Restricted Speculation” or IBRS) is so inefficient that rolling it out universally would cause substantial performance hits. In addition, Torvalds says many of the changes made by the patch are redundant when Google’s “retpoline” already provides protection.

Linus Torvalds Says Intel’s Spectre Fix Is ‘Complete and Utter Garbage’

As Torvalds points out, it looks like Intel’s approach to patching Spectre is to not patch it. The software flag is a weird half measure when we’re talking about such a serious flaw. Torvalds also complains that Intel seems determined to punt on the issue until it implements architectural changes down the road.

Intel has responded to Torvalds’ concerns without really saying anything — pretty standard for PR. The company says it’s “actively engaging with the Linux community, including Linus.” We’re not out of the woods yet, so it’s good we’ve got people like Linus Torvalds holding Intel’s feet to the fire.

Continue reading

AMD’s Reliance on TSMC Isn’t Harming the Company’s Growth Prospects
AMD’s Reliance on TSMC Isn’t Harming the Company’s Growth Prospects

It has been difficult to buy high-end PC components for nearly six months. There are a number of reasons for this, including pandemic-related impacts, the related surge in demand for all computing hardware, and supply shortages. A lot of eyeballs have been trained on foundries like TSMC, to the point that national governments have put…

AMD Discloses a Spectre-Like Vulnerability in Zen 3 CPUs
AMD Discloses a Spectre-Like Vulnerability in Zen 3 CPUs

AMD has disclosed a potential security vulnerability on its Zen 3 CPUs with similarities to the Spectre attack from several years ago, but the company believes the risk is minimal.

Intel, Researchers Debate Whether New Spectre-Type Vulnerabilities Exist
Intel, Researchers Debate Whether New Spectre-Type Vulnerabilities Exist

Researchers are claiming to have found a new type of Spectre attack that bypasses all existing protections, but that framing isn't well supported.

Should Spectre, Meltdown Be the Death Knell for the x86 Standard?
Should Spectre, Meltdown Be the Death Knell for the x86 Standard?

Spectre and Meltdown are serious CPU flaws, but do they warrant throwing out the entire closed-source CPU model?