Pierluigi Paganini
January 23, 2018
Security experts harshly criticize the patch issued by Intel to patch the Spectre variant 2 flaw affecting its processor chips.
Intel has decided to do not disable the prediction feature in future chips until the company will implement design changes in microarchitecture, but this means that the shipped chips will be “vulnerable by default” and will include a protection flag that can be set by software.
Intel published a technical note about the mitigation of the Spectre flaw
Intel explained its approach in its technical note about Spectre mitigation (“Speculative Execution Side Channel Mitigations“), the tech giant addressed the issue with an opt-in flag dubbed IBRS_ALL bit (IBRS states for Indirect Branch Restricted Speculation).
The famous Linus Torvalds expressed in an email to the Linux Kernel mailing list his disappointment, he defined the Linux Spectre Patches “UTTER GARBAGE”
“All of this is pure garbage. Is Intel really planning on making this shit architectural?” he wrote. “Has anybody talked to them and told them they are f*cking insane? Please, any Intel engineers here – talk to your managers.”
“They do literally insane things. They do things that do not make sense … The patches do things that are not sane.
WHAT THE F*CK IS GOING ON?”
The Indirect Branch Restricted Speculation, along with Single Thread Indirect Branch Predictors (STIBP) and Indirect Branch Predictor Barrier (IBPB), prevent the abuse of the prediction feature and the exploitation of the flaw.
Torvalds speculate the Intel’s decision to address the issues in this way is mainly motivated by the intention to avoid legal liability. Recalling two decades of flawed chips would have a catastrophic impact on the tech giant.
Torvalds explained that the impact of using IBRS on existing hardware is so severe that no one will set the hardware capability bits.
“Nobody sane will use them, since the cost is too damn high,” he said.
Of course, the impact on the performance depends on the hardware and workload involved.
Let me close with an abstract from the Linus Torvalds’s email:
“That’s part of the big problem here. The speculation control cpuid stuff shows that Intel actually seems to plan on doing the right thing for meltdown (the main question being _when_). Which is not a huge surprise, since it should be easy to fix, and it’s a really honking big hole to drive through. Not doing the right thing for meltdown would be completely unacceptable.
So the IBRS garbage implies that Intel is _not_ planning on doing the right thing for the indirect branch speculation.
Honestly, that’s completely unacceptable too.” wrote Torvalds.
“Have you _looked_ at the patches you are talking about? You should have – several of them bear your name.
The patches do things like add the garbage MSR writes to the kernel entry/exit points. That’s insane. That says “we’re trying to protect the kernel”. We already have retpoline there, with less overhead.
So somebody isn’t telling the truth here. Somebody is pushing complete garbage for unclear reasons. Sorry for having to point that out.
If this was about flushing the BTB at actual context switches between different users, I’d believe you. But that’s not at all what the patches do.
As it is, the patches are COMPLETE AND UTTER GARBAGE.
They do literally insane things. They do things that do not make sense. That makes all your arguments questionable and suspicious. The patches do things that are not sane.
WHAT THE F*CK IS GOING ON?”
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Spectre patches, Linus Torvalds)
[adrotate banner=”5″]
[adrotate banner=”13″]
