Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Bug Intel Debian Oracle

Intel Blocked Collaboration On Spectre/Meltdown Fixes, Says Linux Kernel Developer (eweek.com) 83

This week in Vancouver, Linux kernel developer Greg Kroah-Hartman criticized Intel's slow initial response to the Spectre and Meltdown bugs in a talk at the Open Source Summit North America. An anonymous reader quotes eWeek: Kroah-Hartman said that when Intel finally decided to tell Linux developers, the disclosure was siloed.... "Intel siloed SUSE, they siloed Red Hat, they siloed Canonical. They never told Oracle, and they wouldn't let us talk to each other." For an initial set of vulnerabilities, Kroah-Hartman said the different Linux vendors typically work together. However, in this case they ended up working on their own, and each came up with different solutions. "It really wasn't working, and a number of us kernel developers yelled at [Intel] and pleaded, and we finally got them to allow us to talk to each other the last week of December [2017]," he said. "All of our Christmas vacations were ruined. This was not good. Intel really messed up on this," Kroah-Hartman said...

"The majority of the world runs Debian or they run their own kernel," Kroah-Hartman said. "Debian was not allowed to be part of the disclosure, so the majority of the world was caught with their pants down, and that's not good." To Intel's credit, Kroah-Hartman said that after Linux kernel developers complained loudly to the company in December 2017 and into January 2018, it fixed its disclosure process for future Meltdown- and Spectre-related vulnerabilities... "Intel has gotten better at this," he said.

An interesting side effect of the Meltdown and Spectre vulnerabilities is that Linux and Windows developers are now working together, since both operating systems face similar risks from the CPU vulnerabilities. "Windows and Linux kernel developers now have this wonderful back channel. We're talking to each other and we're fixing bugs for each other," Kroah-Hartman said. "We are working well together. We have always wanted that."

This discussion has been archived. No new comments can be posted.

Intel Blocked Collaboration On Spectre/Meltdown Fixes, Says Linux Kernel Developer

Comments Filter:
  • To me, there appears to be very little, if anything, to Intel's credit in this whole CPU disaster. Performance instead of security. What a mess. How long will it be before there's an Intel CPU that is not inherently insecure? Will a whole new architecture need to be designed?
    • Will a whole new architecture need to be designed?

      Speaking as a layman in terms of processor engineering, it's more than a mask tweak but less than a new architecture. Given that Intel already has to tear up its entire 10nm fab line to fix the yield issues, this processor re-engineering will probably be done in parallel without delaying Ice Lake any more than it already is, but that is scant comfort. Intel already has hardware fixes [digitaltrends.com] for Whiskey Lake laptop processors. Chances are, Intel will just grin and bear it with their desktop and server parts. For th

      • Correction, Intel will provide hardware mitigation for Meltdown with its Cascade Lake 14nm parts announced last week without any details, including no release date more precise than "later this year." Benchmark wars with Epyc promise to be, well, epic.

    • To me, there appears to be very little, if anything, to Intel's credit in this whole CPU disaster. Performance instead of security.

      Given that, when the news came out, their first (and second, and third) thought was to put Marketing in charge of any response... that was to be expected.

      • by HiThere ( 15173 )

        But officially that won't happen next time. Believe it if you want to. Certainly it's proper to trust Intel's honesty and care for users.

    • Intel can fix the specific Spectre-class vulnerabilities that have recently received a lot of attention, with some impact on performance. AMD wasn't vulnerable, and Intel can do something similar to what AMD did.

      On the other hand, if you want to speak more broadly about issues like Meltdown and the various types of Spectre, AMD does have some vulnerabilities and is likely that EVERY high-performance CPU in the next five to ten years will have similar issues. Not precisely the same, but in the same general c

      • by HiThere ( 15173 )

        I have not encountered any trustworthy references to the effect that any company besides Intel had the Meltdown problem. Spectre, yes, to a small (I'm not sure how small) degree, but not Meltdown. And only some variants of Spectre.

        • Is ARM the company a trustworthy enough reference [arm.com] about the Meldown variant they discovered in their Cortex-A75 core?
          • by HiThere ( 15173 )

            Yes, but as another comment indicated, only the chips based on Intel designs had the Meltdown problem, so I still tend to think of it as an Intel defect. Were I considering purchasing an ARM, of course, the manufacturer would be more significant.

            Since I'm not, to me that's still an Intel defect. Where you draw the line is, in a sense, arbitrary...or at least situational.

            • Yes, but as another comment indicated, only the chips based on Intel designs had the Meltdown problem

              Could you point out the comment that indicated both ARM and IBM's RISC designs were "based" on Intel designs, I couldn't remember it, and I just reviewed the 0 or higher scored them and couldn't find one.

              The fundamental design that's gotten everyone into trouble including AMD, which copied the Pentium Pro (just not the Meltdown part), goes back to IBM in 1967 [wikipedia.org] when they were creating the highest end System/36

              • by HiThere ( 15173 )

                Sorry, I didn't mean to include current IBM designs. I know nothing about them. Are you saying that they are vulnerable to Meltdown?

                As for the 1967 design problem, I believe that's about when the problem was originally identified...though at the time the exploits were considered only theoretically possible, not actually possible. Still, that was when mitigation measures were first considered.

                • IBM says they've vulnerable to Meltdown [ibm.com]. And, hmmm, adding this item from them [ibm.com] it's much worse than the one new microarchitecture ARM discovered was vulnerable to a Meltdown variant, looks like POWER 7+, 8, and 9 processors, can't confirm if 7 is affected, but this is clearly pretty much all of their currently supported CPUs. The first item also implies problems, without mentioning Meltdown specifically, with POWER 4 through 6 CPUs. Ah, and following a link in that first one, per RedHat z/Architecture C [redhat.com]

                  • by HiThere ( 15173 )

                    Yi! I'm going to guess that IBM has some sort of technology sharing arrangement with Intel, but that's admittedly a guess. It's hard to believe that IBM would make that kind of tech goof on it's own.

                    • Every company but AMD, which has by definition the very tightest technology sharing arrangement with Intel made the Meltdown screwup. Every company including AMD has multiple Spectre screwups. Why is it so hard for you to believe this is a general industry problem? Or to put it another way, I'll repeat a question I asked to another participant in this discussion, "Show us on the doll where Intel touched you." Because I find this monomania about Intel inexplicable.
    • Performance instead of security.

      Time to brush up on old jokes? [twitter.com]

    • by Anonymous Coward

      Intel still ignores OpenBSD.

    • To me, there appears to be very little, if anything, to Intel's credit in this whole CPU disaster.

      There definitely is something to Intel's credit. Their CPUs were faster and the security issues are ultimately non-issues for the vast majority of users. The only reason I won't consider Intel at the moment ... AMD are currently the performance kings.

    • To Jefrey Dahmer's credit, he stopped killing and eating people after he was caught, convicted and imprisoned.

  • by Anonymous Coward

    This week in Vancouver, Linux kernel developer Greg Kroah-Hartman criticized Intel's slow initial response to the Spectre and Meltdown bugs in a talk at the Open Source Summit North America. An anonymous reader quotes eWeek:

    Be careful there, Intel is so inept they will likely mistake you calling them slow with calling their CPUs slow, and they will send their lawyers after you with claims of illegal benchmarks.

    Jokes aside, never EVER sign an NDA with Intel. Tell them to get fucked, and go talking about them anyway.

    You should also consider exempting them from any responsible security disclosures. We have.
    Everything gets published immediately without waiting on a reply from Intel, and in fact we won't even bother informing Int

  • Ok, so Intel landed on the shady side of the performance/security tradeoff. That probably kept CPU prices artificially high for you for a while because it helped their market position. But don't worry, soon you will be allowed to give them more money for new processors which are less vulnerable. I'm sure this is the right incentive to never let something like this happen again.

    Also, how should they know their CPUs have so many problems? NOBODY knew, apart from some geeks who write papers nobody understands.

Dennis Ritchie is twice as bright as Steve Jobs, and only half wrong. -- Jim Gettys

Working...