Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in

'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature

Patches slammed as 'complete and utter garbage' as Chipzilla U-turns on microcode

Thomas Claburn and Kat Hall Mon 22 Jan 2018 // 21:58 UTC

Intel's fix for Spectre variant 2 – the branch target injection design flaw affecting most of its processor chips – is not to fix it.

Rather than preventing abuse of processor branch prediction by disabling the capability and incurring a performance hit, Chipzilla's future chips – at least for a few years until microarchitecture changes can be implemented – will ship vulnerable by default but will include a protection flag that can be set by software.

Intel explained its approach in its technical note about Spectre mitigation, titled Speculative Execution Side Channel Mitigations. Instead of treating Spectre as a bug, the chip maker is offering Spectre protection as a feature.

The decision to address the flaw with an opt-in flag rather than activating defenses by default has left Linux kernel steward Linus Torvalds apoplectic.

Known for incendiary tirades, Torvalds does not disappoint. In a message posted to the Linux kernel mailing list on Sunday, he wrote, "As it is, the patches are COMPLETE AND UTTER GARBAGE."

"All of this is pure garbage. Is Intel really planning on making this shit architectural?" he asked. "Has anybody talked to them and told them they are f*cking insane? Please, any Intel engineers here – talk to your managers."

The kernel supremo wasn't done there. In response to the suggestion from a long-time developer that the patches were a necessary "nasty hack," Torvalds exploded:

They do literally insane things. They do things that do not make sense ... The patches do things that are not sane.

WHAT THE F*CK IS GOING ON?

A more calm response to the patches and an explanation of the code, written by veteran kernel developer David Woodhouse, is here.

Torvalds' ire arises from Intel's plan to have future processors advertise that they include a Spectre v2 fix while also requiring that the fix is enabled at boot time by setting a flag called the IBRS_ALL bit.

IBRS refers to Indirect Branch Restricted Speculation, one of three new hardware patches Intel is offering as CPU microcode updates, in addition to the mitigation created by Google called retpoline. You'll need this microcode from Chipzilla to fully mitigate Spectre on Intel CPUs, although, as detailed below, said microcode is unstable at the moment.

IBRS, along with Single Thread Indirect Branch Predictors (STIBP) and Indirect Branch Predictor Barrier (IBPB), prevent a potential attacker or malware from abusing branch prediction to read memory it shouldn't – such as passwords or other sensitive information out of protected kernel memory.

Intel chips use branch prediction to look ahead into a program's code, and do future work while completing the execution of current instructions. If the CPU guesses the right path to follow through the software, it saves time by priming itself with these instructions, which were going to be executed anyway; if not, it tosses the stuff it speculatively processed.

Being able to look into the processor's future, the Spectre attack shows, can be dangerous. A Spectre v2 attack involves poisoning the CPU indirect branch predictor so that it speculatively executes code in a way that leaves traces in its cache revealing the contents of arbitrary memory – such as the kernel memory, which the code shouldn't be able to snoop on.

Marketing spin

The expectation here, at least on Torvald's part, is that a future chip addressing past flaws should include a flag or version number that tells the kernel it's not vulnerable, so no unneeded and potentially performance-killing mitigations need to be applied. In other words, the chip should indicate to the kernel that its hardware design has been revised to remove the Spectre vulnerability, and thus does not need any software mitigations or workarounds.

Intel's approach is backwards, making the fix opt-in. Processors can, when asked, reveal to the kernel that Spectre countermeasures are present but disabled by default, and these therefore need to be enabled by the operating system. Presumably, this is because the performance hit is potentially too annoying, or because Intel doesn't want to appear to admit there is a catastrophic security blunder in its blueprints.

Annoyed by this convoluted approach, Torvalds himself suggested Intel's motivation is avoiding legal liability – recalling two decades of flawed chips would be ruinously expensive – and bad benchmarks. After all, Intel is already being sued all over the place right now.

Torvalds observed that the cost of using IBRS on existing hardware is so significant that no one will set the hardware capability bits. "Nobody sane will use them, since the cost is too damn high," he said.

The cost in terms of speed varies, depending on the hardware and workload involved. In some cases, it may be negligible, but not in all cases.

"At Lyft, we saw an approximately 20 per cent slowdown on certain system call heavy workloads on AWS C4 instances when the mitigations were rolled out," said software engineer Matt Klein in a recent post.

Panic

Meltdown/Spectre week three: World still knee-deep in something nasty

READ MORE

The Register asked Intel whether anyone cared to address Torvalds' complaint. We haven't heard back.

In a separate but related note, Intel on Monday identified the problem with its Broadwell and Haswell CPU updates to mitigate Spectre v2 attacks. Its initial patch had been causing affected machines to crash, so it's preparing a patch without the problematic bits – the Spectre v2 mitigation – that it can offer until it gets the full patch right.

"We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current [microcode] versions, as they may introduce higher than expected reboots and other unpredictable system behavior," warned Intel, effectively freezing the rollout of fixes it earlier this month promised were golden.

"We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week."

HPE is the latest biz, among Lenovo, VMware, and others, to pull Intel's firmware update from its download pages.

"For those concerned about system stability while we finalize the updated solutions, we are also working with our OEM partners on the option to utilize a previous version of microcode that does not display these issues, but removes the Variant 2 (Spectre) mitigations," Intel continued.

For those not concerned about system stability, it's all good. ®

Updated to add

After this story was filed, an Intel spokesperson emailed The Register to say: “We take the feedback of industry partners seriously. We are actively engaging with the Linux community, including Linus, as we seek to work together on solutions.”

244 Comments

Similar topics

Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more
    Katyanna Quach Sat 4 Dec 2021 // 15:48 UTC

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading

  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements
    Richard Currie Sat 4 Dec 2021 // 09:00 UTC

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading

  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked
    Thomas Claburn in San Francisco Sat 4 Dec 2021 // 01:54 UTC

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021

Your Consent Options Cookies Privacy Ts&Cs