Linus Torvalds Growing Frustrated By Buggy Hardware & Theoretical CPU Attacks

Written by Michael Larabel in Linux Kernel on 21 October 2024 at 06:55 AM EDT. 129 Comments
LINUX KERNEL
Over the past week Linux creator Linus Torvalds has been active on a Linux kernel mailing list thread around avoiding barrier_nospec() in copy_from_user() due to being "overkill and painfully slow." The conversation evolved into low-level discussions over CPU behavior and how to best handle, differing behavior/requirements with new Intel CPUs supporting Linear Address Masking (LAM), and the overall headaches these days around CPU security mitigations.

Torvalds raised that some suggested code likely doesn't work for Intel CPUs with LAM like Arrow Lake and Lunar Lake. But in the lack of certainty around some CPU behavior, it was suggested to preemptively modify some kernel code. That's where Linus Torvalds wrote a late Sunday night response with another classic Torvalds style message:
Honestly, I'm pretty damn fed up with buggy hardware and completely theoretical attacks that have never actually shown themselves to be used in practice.

So I think this time we push back on the hardware people and tell them it's *THEIR* damn problem, and if they can't even be bothered to say yay-or-nay, we just sit tight.

Because dammit, let's put the onus on where the blame lies, and not just take any random shit from bad hardware and say "oh, but it *might* be a problem".

Linus

On the matter of new Intel LAM CPUs, Intel engineer Kirill Shutemov commented this morning on that thread:
LAM brings own speculation issues[1] that is going to be addressed by LASS[2]. There was a patch[3] to disable LAM until LASS is landed, but it never got applied for some reason.

[1] https://download.vusec.net/papers/slam_sp24.pdf
[2] https://lore.kernel.org/all/[email protected]
[3] https://lore.kernel.org/all/5373262886f2783f054256babdf5a98545dc986b.1706068222.git.pawan.kumar.gupta@linux.intel.com

LASS is the Linear Address Space Separation support as a new security feature to prevent malicious virtual address space accesses across user/kernel mode. That kernel code is a whole separate bag from the discussions Linus Torvalds has been having around avoiding barrier_nospec() in copy_from_user().

Intel CPU in a beverage


Long story short, Linus Torvalds is not happy with buggy hardware and the ever increasing CPU security issues with their chaotic state particularly around theoretical vs. practical attacks.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week