I imagine most everyone here knows about Meltdown and Spectre, especially since it's the biggest security vulnerability ever as far as I know. Meanwhile, trying to actually fix it has been problematic, with initial fixes causing instability.
Much has been made of Linus Torvald's criticism of Intel's suggested patches to the Linux kernel, but it's important to understand why. He's accused Intel of passing the buck by making software developers responsible for dealing with it while also hoping that people will ignore the fix in the face of the performance hits:
- The whole IBRS_ALL feature to me very clearly says "Intel is not
serious about this, we'll have a ugly hack that will be so expensive
that we don't want to enable it by default, because that would look
bad in benchmarks".
So instead they try to push the garbage down to us. And they are doing
it entirely wrong, even from a technical standpoint.
I'm sure there is some lawyer there who says "we'll have to go through
motions to protect against a lawsuit". But legal reasons do not make
for good technology, or good patches that I should apply.
And that's actually ignoring the much _worse_ issue, namely that the
whole hardware interface is literally mis-designed by morons.