STIBP, collaborate and listen: Linus floats Linux kernel that 'fixes' Intel CPUs' Spectre slowdown
Meanwhile: Another kernel dev is 'unfscking' the source code, with predictable results
Linus Torvalds has stuck to his “no swearing” resolution with his regular Sunday night Linux kernel release candidate announcement.
Probably the most important aspect of the weekend's release candidate is that it, in a way, improves the performance of STIBP, which is a mitigation that stops malware exploiting a Spectre security vulnerability variant in Intel processors.
In November, it emerged that STIBP (Single Thread Indirect Branch Predictors), which counters Spectre Variant 2 attacks, caused nightmare slowdowns in some cases. The mitigation didn't play well with simultaneous multi-threading (SMT) aka Intel's Hyper Threading, and software would take up to a 50 per cent performance hit when the security measure was enabled.
Linux 4.20-rc5, emitted on Sunday, addresses this performance issue by making the security defense optional: processes can decide to use it via a system call, and all SECCOMP processes get it. Thus, if an application needs the side-channel mitigation and doesn't suffer a slowdown hit, it can enable STIBP.
In other words, apps can decide to take their chances and not apply the STIBP defenses for Spectre. There is, to our knowledge, no known malware in the wild actively leveraging the Spectre CPU holes to potentially steal secrets and other information from running processes.
Torvalds remarked that this release candidate has lots of code: “rc5 is the biggest rc so far (with the obvious exception of rc1), and it looks fairly unusual in the diffstat too, with almost a third being arch updates."
“So it all looks a bit odd, although none of it is hugely alarming,” he added – and yes, the STIBP fix is one of the reasons the architecture side “is a bit bigger than usual.”
He's also noticed it's almost Christmas, so there's a bit of housekeeping about release timing. “I think we all want to have a calm holiday season without either the stress of a merge window or the stress of prepping for one,” Torvalds said.
F*** right off
Things are going much more smoothly for Linus than for Intel's Jarkko Sakkinen, who offered up a patch that removes the word “fuck” (“****”, as Sakkinen put it) from kernel source code comments. So what once read, “Only Sun can take such nice parts and fuck up the programming interface like this. Good job guys...” now reads, “hug up the programming interface.”
Sakkinen said his intent was serious – he wanted the code comments to comply with the Linux kernel's code of conduct adopted this year. As you might expect, editing old code comments drew predictable accusations of censorship.
After some debate, Sakkinen acknowledged that, as a Finn, he'd missed some context, and offered to rewrite the swear-word-scrubbing patch – after all, not everyone wants to be hugged. But the F-bomb is toast, in Sakkinen's eyes. ®
Sponsored: Becoming a Pragmatic Security Leader