More Work Ahead for Spectre and Meltdown
The latest version of the Linux, the Linux 4.15 kernel, has now gone stable, but there was both good and bad news surrounding this latest version of Linux, according to Linux creator Linux Torvalds.
Overall, Torvalds considered the new release a success, stating that the update was “quiet and small, and no last-minute panics, just small fixes for various issues.” However, Torvalds was quick to point out that the fallout from Spectre and Meltdown was far from over, saying, “It’s not like we’re done with Spectre/Meltdown.”
On the Linux Kernel Mailing List (LKML), Torvalds said, “The bulk of the 4.15 work is all the regular plodding ‘boring’ stuff. And I mean that in the best possible way. It may not be glamorous and get the headlines, but it’s the bread and butter of kernel development, and is in many ways the really important stuff.”
Torvalds continued, “While Spectre/Meltdown has obviously been the big news this release cycle, it’s worth noting that we obviously had all the *normal* updates going on too, and the work everywhere else didn’t just magically stop, even if some developers have been distracted by CPU issues. In the *big* picture, 4.15 looks perfectly normal, with two thirds of the full 4.15 patch being about drivers … not by CPU bug mitigation.”
It seems that work to mitigate the disaster of Spectre/Meltdown ate up a lot of development time and the work is far from over. Like most operating system developers, Linux developers are still waiting for Intel to release their complete firmware and microcode in order to fully bring Linux up to date.
Torvalds said, “It is worth pointing out that it’s not like we’re ‘done’ with Spectre/Meltdown. There is more work pending (arm, spectre-v1, misc details), and perhaps equally importantly, to actually get the biggest fix for the indirect branch mitigations, you need not just the kernel updates, you need to have a compiler with support for the ‘retpoline‘ indirect branch model.”
When talking about 4.16, the next upcoming release of the Linux Kernel, Torvalds said, “we’ll have a _normal_ and entirely boring release cycle for 4.16. Because boring really is good.” Although I think it’s safe to assume that even more work for Spectre and Meltdown will go into this next release as well.
It’s important to remember that just because there is a new version of the kernel, that doesn’t mean that your distribution will automatically switch to it. Of course, thanks to the freedom of Linux, you are free to manually upgrade your kernel, but your mileage may vary based on your chosen distribution and what version of that distribution you are using.
There is little doubt that Spectre and Meltdown have cause a big problem across all aspects of computing. From consumer desktops to routers and servers, these security flaws will have a lasting impact for quite some time, even on the Linux platform. Still, it’s good to see the Linux developers hard at work at releasing newer and more secure kernels for the Linux platform.
About the author
Matt is an IT professional with over fifteen years experience supporting network infrastructure and computers. An avid gamer, Matt enjoys his time playing and writing about his experiences both in the IT world and in the gaming communities. You can find more of his writing for LaptopNinja where he enjoys talking about everything tech.