
Linus rejects 'beyond stupid' AWS-made Linux patch - jonbaer
https://www.zdnet.com/article/linus-torvalds-rejects-stupid-aws-made-linux-patch-for-intel-cpu-snoop-attack/
======
jedieaston
Here's the actual message from Linus (and the responses from the developer as
well):
[https://lore.kernel.org/lkml/CAHk-=wgXf_wQ9zrJKv2Hy4EpEbLuqt...](https://lore.kernel.org/lkml/CAHk-=wgXf_wQ9zrJKv2Hy4EpEbLuqty-
Cjbs2u00gm7XcYHBfw@mail.gmail.com/)

~~~
muststopmyths
That thread shows a decent back-and-forth discussion about the merits of the
patch compared to the clickbait title of the article here.

The dude is prickly but so many software people of the same era were(are?)
like that.

------
redis_mlc
As a DBA, I feel that AWS has a conflict-of-interest in making PRs that
decrease performance, then telling me, "Just pay for a bigger instance."

Luckily, database instances are a small percentage of a fleet, but even so,
they're also usually the most expensive ones.

(Meltdown and Spectre had a huge impact on databases near the limits of their
existing instance size, unexpectedly tipping them over into the next tier and
doubling the cost.)

~~~
ajross
The cloud industry as a whole might have that conflict of interest. But AWS
itself is a single player in a really quite competetive industry. Configuring
their kernels to be deliberately slow would be a clear disadvantage vs. Google
and Microsoft et. al.

~~~
weare138
Obviously I can't say for certain Amazon has an agenda here but I could see
how this would benefit them.

[ _puts on additional tin foil hat_ ]

I don't think Amazon would be targeting the big players like Google and MS.
All of them can easily afford to take the loss. But this could affect the
smaller VM providers (DO, Linode, Upserve, etc.) with less capital. Losing
even just a few percentage points of CPU performance would cut into already
thin margins. If there is a conspiracy here, I think they would be targeting
the smaller players in the industry.

------
fpoling
If an attacker can indeed just observe cache changes from a sibling core, what
is the purpose of the patch indeed?

~~~
talawahtech
AWS has non-virtualized "metal" instances as well. Customer may be be running
container workloads on those instances with SMT disabled.

------
uberman
While I don't disagree with the conclusion, I really wish he would not fly off
the handle like this all the time. I seem to recall that he promised to stop
this sort of behavior.

~~~
ikiris
He is nowhere near flying off the handle here. You should take a step back and
reexamine how you view communication from others and where you set
expectations of thought process and culture matching your own.

~~~
uberman
Any code review that included the argument:

 _" Oh, I'm _soo_ special and pretty and such a delicate flower, that I want
to flush the L1D on every task switch"_

Is completely inappropriate. If you feel like that is somehow appropriate in a
review then it is you who need to "step back and reexamine how you view
communication from others and where you set expectations of thought process
and culture matching your own".

~~~
treden
I'd rather work with someone who makes good (or even bad) jokes about my code
in reviews than a humorless bore who spends all their time policing everyone's
appropriateness according to his own stodgy cultural standards.

~~~
happytoexplain
Why not neither? Why not a person within the normal range of emotional
intelligence, rather than either a humorless policer or an antagonistic smart
person? Why are you defending his tone with such hostility?

~~~
treden
The belief that one can or should judge another person (ie, on the normalness
of their emotional intelligence) is quite boring, and is particularly annoying
in coworkers. It is by definition fun to work with people who joke around, if
one starts with thick skin, an open mind, and the confidence to occasionally
be the butt of the joke.

------
fomine3
Related story:
[https://news.ycombinator.com/item?id=23290443](https://news.ycombinator.com/item?id=23290443)

------
phkahler
Article ends with "Herrenschmidt said the patches aren't trying to solve
problems happening inside of a customer VM running SMT and nor are they about
protecting VMs against other VMs on the same system."

Well then what the fuck IS it for?

~~~
talawahtech
AWS has non-virtualized "metal" instances as well. Customer may be be running
container workloads on those instances with SMT disabled.

~~~
phkahler
If it's not a VM you dont need to worry about the cache.

