V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
chih758
V2EX  ›  程序员

Linus Torvalds 称英特尔的补丁是垃圾

  •  1
     
  •   chih758 · 2018-01-23 10:30:09 +08:00 · 8489 次点击
    这是一个创建于 2500 天前的主题,其中的信息可能已经有所发展或是发生改变。
    英特尔向内核递交了补丁修复 Meltdown 和 Spectre 漏洞,但与间接分支预测( Spectre variant 2 )相关的补丁遭到了 Linux 之父 Linus Torvalds 的无情抨击,称该补丁是彻彻底底的垃圾。补丁会影响性能,所以英特尔不想默认启用,因为这会让基准测试结果显得很糟糕,因此英特尔的做法是在启动时候选择。Linus 认为即使从技术角度看这也是完全错误的。Linus 说,“有人正以不明的理由推动彻底的垃圾”,他称补丁是真的垃圾,“他们在做疯狂的事情,在做一些毫无意义的事情”,TMD 究竟发生了什么?

    Intel 之前的 Meltdown 补丁想把 AMD 拉下水,把补丁的启用范围设成所有 x86 处理器,现在又搞这种。

    https://www.solidot.org/story?sid=55297
    30 条回复    2018-01-23 22:34:05 +08:00
    whx20202
        1
    whx20202  
       2018-01-23 10:38:17 +08:00
    听说英特尔补丁有问题,英特尔让大家停止打,等待第二个
    f2f2f
        2
    f2f2f  
       2018-01-23 10:44:57 +08:00
    这牙膏挤出来再想收回去不容易啊
    SuperMild
        3
    SuperMild  
       2018-01-23 10:47:45 +08:00
    Linus 真帅啊!
    msg7086
        4
    msg7086  
       2018-01-23 11:02:51 +08:00   ❤️ 6
    Linus 怒斥英特尔工程师.avi
    PythonAnswer
        5
    PythonAnswer  
       2018-01-23 11:15:42 +08:00 via Android
    支持
    ivencooli
        6
    ivencooli  
       2018-01-23 11:30:10 +08:00
    Fuck U Nvidia & Intel
    xratzh
        7
    xratzh  
       2018-01-23 11:32:26 +08:00   ❤️ 1
    AMD,YES !
    timwei
        8
    timwei  
       2018-01-23 11:40:39 +08:00   ❤️ 2
    觉得跟 Linus 对肛的 Intel 工程师比较帅

    https://lkml.org/lkml/2018/1/22/598

    >> If we're going to drop IBRS support and accept the
    caveats, then let's do it as a conscious decision having seen what it
    would look like, not just drop it quietly because poor Davey is too
    scared that Linus might shout at him again. :)

    笑出声
    ihainan
        9
    ihainan  
       2018-01-23 11:43:10 +08:00
    Linus 这暴脾气……
    TuringGunner
        10
    TuringGunner  
       2018-01-23 11:56:53 +08:00
    大佬都这么真性情的吗
    shijingshijing
        11
    shijingshijing  
       2018-01-23 12:31:26 +08:00 via iPhone
    就是要有这种大佬站出来治一治这一票大厂,幸好有他,RMS,eff,不然这些大厂迟早跟忝潮的那几个流氓巨头一样。
    287300325
        13
    287300325  
       2018-01-23 16:21:11 +08:00
    这件事告诉我,你要喷别人的话,起码自己就是个大佬,这样才不会被反喷。
    ynyounuo
        14
    ynyounuo  
       2018-01-23 16:27:01 +08:00
    @geelaw
    哈哈哈哈哈
    liteyou
        15
    liteyou  
       2018-01-23 16:41:13 +08:00 via iPhone
    Linus 凭 Linux 和 git 两件作品早就封神了,随便 bb 都不太会掉下神坛来了,何况这货还在不停干怪,偶尔还干一把神
    falcon05
        16
    falcon05  
       2018-01-23 16:47:22 +08:00 via iPhone
    Linus 人狠话也多
    mason961125
        17
    mason961125  
       2018-01-23 20:12:35 +08:00
    mason961125
        18
    mason961125  
       2018-01-23 20:12:45 +08:00
    path -> patch
    begeekmyfriend
        19
    begeekmyfriend  
       2018-01-23 20:19:51 +08:00
    我脑补了传说中那张迭出中指的照片……
    402645707
        20
    402645707  
       2018-01-23 20:24:26 +08:00
    @mason961125
    可能是发现 intel 递过来的餐巾纸不仅不能擦干净屁股还弄得一手 /**shit**/
    这下吃瓜群众连指责他喷的理由都没有了
    Flygoat
        21
    Flygoat  
       2018-01-23 20:39:22 +08:00
    @geelaw #12 我也想不通为什么 Linus 拒绝 Grsecurity 或者 PaX 之类的安全技术进入主线内核。。。
    chih758
        22
    chih758  
    OP
       2018-01-23 21:00:16 +08:00
    searene
        23
    searene  
       2018-01-23 21:17:51 +08:00   ❤️ 1
    “有人正以不明的理由推动彻底的垃圾”

    原谅我笑了,这句话翻译的很好很传神。
    bukip
        24
    bukip  
       2018-01-23 21:23:38 +08:00
    "英特尔的做法是在启动时候选择"

    没明白,为什么启动时候选择就垃圾了?
    feverzsj
        25
    feverzsj  
       2018-01-23 21:28:09 +08:00
    intel 的补丁确实是垃圾,数据中心应用场景性能下降 20~30%是普遍现象,但现在暂时没有其他补救方法,如果你的节点是自己独占的,那么的确没有必要开启,这也是 linus 鄙视 Grsecurity 原因,因为它们都没有从根本上寻找解决方法
    mason961125
        26
    mason961125  
       2018-01-23 21:31:44 +08:00   ❤️ 2
    感觉 Linus 喷 Intel 的原因在于,Intel CPU 的锅,最终背的是 Linux。
    wangyucn
        27
    wangyucn  
       2018-01-23 21:35:14 +08:00   ❤️ 1
    @bukip

    解读:

    >Big simplification: Proper way to fix an hardware bug like this, is that newer cpu gets protected by default, and they answer they are when queried.

    So you can ask the CPU "what's your status on bug X" and the cpu answers "i'm good, you don't need to do anything" (newer fixed chips), or "i know about it but was already built, and need microcode update/special behavior to protect myself" (current chips with microcode update), "no answer / I'm not good" (old chips without update).

    So new stuff is protected, and you add more protection (and slowdowns, and special stuff) for older chips that don't know how to deal with it.

    What Intel is trying to do here, is to go the other way: the chips, even the new ones, will stay vulnerable by default, and when queried they say "I have a fix but I don't use it, you can enable it by asking !" and the kernel is supposed to enable it.

    It's terrible for a lot of reasons, like "boot an older os and it's vulnerable since it doesn't know to call this", "additional code to enable this feature has to run for all of eternity for new chips now, instead of having to run for older chips and being phased out over time", etc ...

    The reason why Intel does that seems obvious: by default the chip does not lose speed since the fix is not enabled, and so instead of "intel chips lose 30% speed over night because of a flaw" it becomes "intel adds a special security mode that protects you even more for critical applications, at the cost of some speed". Purely marketing speech and decision at the cost of proper engineering decisions, and they need and try to get OSes like Linux to play along. That's what he means by "[it] shows intel had no intention of fixing those flaws".

    Additionally there seems to be a second issue in that the quality and behavior of the patches they submitted are trying to hide this deceptively simple but technically terrible behavior by making it look/sound obtuse and complicated.

    In other words, intel is using its presence and weight to try and push a shitty solution, but one that is better for them marketing wise. Linus is flabbergasted to be treated like an idiot or a obedient drone that should apply such obvious abusive patches.

    (搬运自 reddit 和 hacker news,
    https://www.reddit.com/r/sysadmin/comments/7s47h9/linus_torvalds_is_not_happy_about_inte
    choury
        28
    choury  
       2018-01-23 21:39:59 +08:00 via Android
    @Flygoat 就像每次取地址都对指针判空一样,虽然能防止 crash,但是根本方案还是代码不出错,不传空指针过来
    bukip
        29
    bukip  
       2018-01-23 22:04:04 +08:00
    @wangyucn 还是因为不同年代的 CPU
    HandSonic
        30
    HandSonic  
       2018-01-23 22:34:05 +08:00
    AMD, YES!
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1357 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 39ms · UTC 17:41 · PVG 01:41 · LAX 09:41 · JFK 12:41
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.