Linux Inventor and Open Source God Linus Torvalds declared the Meltdown and Spectre patches as “Garbage” and “worthless”. Intel Corroborated that their patches reduce CPU performance by 35%.

 

Open source community is not going easy on Intel. The Intel’s Specter and Meltdown patches are being analyzed and constantly facing criticism for slowing down the computer &  complicated installation procedure.

Linus Torvalds, Inventor of Linux Kernel and Open Source God has publically criticized the Meltdown and SPectre patches. In RFC 09/10 Linus pointed out some serious issues in Specter and Meltdown patches produced by Intel.

According to Linux Torvalds, the Intel’s Meltdown and Specter Patches are essentially doing following things

  1. Writing garbage MSR to the Kernel entry/exit points.
  2. Increasing overhead on the system.
  3. Hard to install, the user or administrator has to opt into at boot.

See Also

Malware Alert: Fake Meltdown & Spectre patches installing Smoke Loader Malware

An Engineer, David Woodhouse at Amazon.uk did acknowledge the concerns of Linus and following were his observations.

Analysis over “Garbage Putting” patches by Intel

In spectre, CPU is targeted to trick into executing an indirect branch. This targeted branch contains malicious code that will allow the installation of Higher level Trojans into system files.

Intel and AMD employ parallelism by using a technique called Branching. The Branching refers to a piece of code that alters the flow of Procedure, like an if – then – else statement.

Branching allows CPUs to have a wider range of instruction set to be used. And branch prediction allows estimation of Branching before confirmation of branching itself. This allows greater CPU utilization and increased parallelism in CPUs.

The Spectre basically inserts branches into Microcode.

 3 features of Intel & AMD’s new Microcodes.

IBPB –  (Indirect Branch Predictor Barrier), this is a “complete barrier” for branch prediction. IBPB does not let CPU to execute branch targets learned on the previous stage.

And the cost of IBPB method may reach an order of magnitude of ~4000, according to Linus. The setting of IBPB ensures that earlier code behaviour does not affect later indirect branch prediction.

STIBP – (Single Thread Indirect Branch Predictors ) This essentially protects a hyperthread sibling from next branch predictions which were learned on another sibling. This STIBP is very useful while multiple programs are running in same userspace, and in Virtualization.

IBRS – ( Indirect Branch Restricted Speculation ), This mode distinguishes permission while executing branches. IBRS on value 1, i.e. if IBRS is SET, then it ensures that fewer targets on greater privileged modes are not executed by less privileged source.

With IBRS the CPU can not tell the difference between different userspace processes.

So, if a guest process has lower level privilege in a userspace, and it asks another branch from another userspace to execute a malicious code, the IBRS won’t be able to stop it.

According to David Woodhouse, with IBRS, a full IBPB barrier on the context switch and vmexit, and STIBP while execution is required, for complete protection.

 Instead of doing above, Intel used Google’s Retpoline Update to block Indirect Branches. Google rolled out this update in early January to their Industry partners and applied themselves to counter Indirect Branch exploitation vulnerability.

What Intel did was instead of solving the issue at hand they made it optional to apply the actual patch and yet did some redundant and unnecessary things for show and tell purpose.

If Intel had to apply the Retpoline patch by google, why didn’t they just did that? And why did they made it “optional”?

Intel did respond to Linus in the following statement

“We take the feedback of industry partners seriously. We are actively engaging with the Linux community, including Linus, as we seek to work together on solutions.” – Intel

Intel Asks Users not to Install Spectre & Meltdown Patches

Intel corresponded that

We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions [of the patches], as they may introduce higher than expected reboots and other unpredictable system behaviour,

 

It is recommended that You should remove Meltdown and Spectre Patches if you are facing performance issues. Although the patches are mainly decreasing high-performance servers.

I am also getting inputs that consumer grade systems are also facing performance issues.

Keep yourself updated with latest developments of Tech world, follow Techscoop.in on FacebookTwitter and Google+.

You might also like

Intel’s New 8th Generation Intel Core Processor has 3xFPS with Radeon RX & Vega M Graphics

 

Comments

comments

Load More Related Articles
Load More By Sushant Bhargav
Load More In Tech News

Check Also

How to Speedup your Macbook | Basic Maintenance and Tricks

How to speed up your MacBook without overheating it. Basic Macbook maintenance is necessar…