Linus Torvalds, also known as the inventor of Linux has recently posted his thoughts about Intel’s proposed fix for Spectre on the Linux Kernel mailing list. The master kernel developer who is never shy of calling our a spade has declared the Spectre and Meltdown patches sent out by Intel are “complete and utter garbage”.
He posted his thoughts on the blog, suggesting Intel’s method to fix the second type of Spectre exploit is just “insane”. The issues lie within Intel’s architecture. As The Register points out, future processors, at least for a few years, will be vulnerable to Spectre. Intel will, however, include a flag that will set up at boot, which the OS will recognise and take its own protective measures. His concern is that why is Intel is treating this as an optional countermeasure to the Spectre threat, instead of solving the problem head-on.
Trovalds goes on to ask “Is Intel really planning on making this shit architectural? Has anybody talked to them and told them they are f*cking insane?.” He adds, “Please, any Intel engineers here - talk to your managers”.
He goes on to say, “Certainly it's a nasty hack, but hey — the world was on fire and in the end we didn't have to just turn the datacentres off and go back to goat farming, so it's not all bad. It's not that it's a nasty hack. It's much worse than that.”
According to Trovalds, for the existing CPUs, it is a tolerable hack, as long as it dies by the next generation. Linus is expecting Intel to address whatever flaws Intel has on its chips architecturally which should be diagnosed and taken care of on a hardware level instead of requiring software level mitigations to solve the issue. Even if Intel address the problem at a hardware level in the coming generation of processors, the software mitigations proposed which will be carried onto in time might be unnecessary and may lead to performance issues.
He acknowledges that Intel is actually going to fix Meltdown, which is the right thing to do and anything else would be “unacceptable”. However, he is not happy about the IBRS or Indirect Branch Restricted Speculation fix. Linus is also not happy that the fix is adding a bunch of extra “garbage” code to the Kernel which is already mitigated with Google Project Zero’s “retpoline” technique, which Google announced a day later after the Spectre and Meltdown bugs went official. He points out that something is not right here as in “somebody isn't telling the truth”
In the aftermath of this post, Intel gave out a comment to the Register, “We take the feedback of industry partners seriously. We are actively engaging with the Linux community, including Linus, as we seek to work together on solutions.”
All-in-all, Meltdown and Spectre flaws will continue to haunt the dreams and minds of Intel and everyone who is affected in any way. What we have seen till now are just initial patches, the first line of defense being set up, but as days become weeks and months, we are likely to see more serious phases of debates, allegations, and mitigations. Brace yourself! as this will affect us all and is far from over.