Teardown of a Failed Linux LTS Spectre Fix

Chat about Linux in general
Post Reply
gm10
Level 18
Level 18
Posts: 8720
Joined: Thu Jun 21, 2018 5:11 pm

Teardown of a Failed Linux LTS Spectre Fix

Post by gm10 » Fri Sep 06, 2019 9:15 am

Interesting read on how a backporting mistake led to failed spectre mitigation in all but the current mainline kernel series (all kernel.org kernels are now fixed). At the end of the day this could happen because nobody reviews backports and those are apparently not done cleanly, either:

https://grsecurity.net/teardown_of_a_fa ... re_fix.php

Good on grsecurity to remain so factual in their blog although they must have been rather pleased considering Torvalds called them clowns and their patches pure garbage in the past. ;)
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

User avatar
catweazel
Level 19
Level 19
Posts: 9184
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by catweazel » Fri Sep 06, 2019 5:45 pm

gm10 wrote:
Fri Sep 06, 2019 9:15 am
Good on grsecurity to remain so factual in their blog although they must have been rather pleased considering Torvalds called them clowns and their patches pure garbage in the past. ;)
When I initially read your post, my first thought was, "London to a bucket of smashed crabs that Greg Kroah-Hartman did it.". He's been directly responsible for far too many huge mistakes like this one.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

gm10
Level 18
Level 18
Posts: 8720
Joined: Thu Jun 21, 2018 5:11 pm

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by gm10 » Fri Sep 06, 2019 6:07 pm

catweazel wrote:
Fri Sep 06, 2019 5:45 pm
He's been directly responsible for far too many huge mistakes like this one.
Several scary mistakes he made there. But most importantly, he shouldn't be silently doctoring around the code on his own, anyway, in particular if the thought he found a bug. Had he talked to anybody then his mistake would instantly have become obvious.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

User avatar
catweazel
Level 19
Level 19
Posts: 9184
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by catweazel » Fri Sep 06, 2019 6:09 pm

gm10 wrote:
Fri Sep 06, 2019 6:07 pm
catweazel wrote:
Fri Sep 06, 2019 5:45 pm
He's been directly responsible for far too many huge mistakes like this one.
Several scary mistakes he made there. But most importantly, he shouldn't be silently doctoring around the code on his own, anyway, in particular if the thought he found a bug. Had he talked to anybody then his mistake would instantly have become obvious.
It's called hubris.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

User avatar
Pjotr
Level 21
Level 21
Posts: 13176
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by Pjotr » Fri Sep 06, 2019 6:13 pm

Well, as far as I understand (which isn't very far), there was an incident: a bad commit, which wasn't dealt with properly. But which recently has been dealt with as it should, by Greg Kroah-Hartman. Incident solved.

The structural problem seems to be that the procedures at kernel.org, apparently aren't state of the art. Or haven't been so. Perhaps this has been a wake-up call for kernel.org?
Tip: 10 things to do after installing Linux Mint 19.2 Tina
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

gm10
Level 18
Level 18
Posts: 8720
Joined: Thu Jun 21, 2018 5:11 pm

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by gm10 » Fri Sep 06, 2019 6:19 pm

Pjotr wrote:
Fri Sep 06, 2019 6:13 pm
The structural problem seems to be that the procedures at kernel.org, apparently aren't state of the art. Or haven't been so. Perhaps this has been a wake-up call for kernel.org?
I doubt it, they've been doing it this way for far too long. The development process itself is fairly well organized with different levels of review and Torvalds at the top, just the maintenance process is pretty much just GKH doing his own thing. Speaking of which, Ubuntu's procedures are not really any better, they regularly backport bad commits even though fixes are already available in never commits.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

User avatar
Pjotr
Level 21
Level 21
Posts: 13176
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by Pjotr » Fri Sep 06, 2019 6:25 pm

gm10 wrote:
Fri Sep 06, 2019 6:19 pm
The development process itself is fairly well organized with different levels of review and Torvalds at the top, just the maintenance process is pretty much just GKH doing his own thing. Speaking of which, Ubuntu's procedures are not really any better, they regularly backport bad commits even though fixes are already available in never commits.
Boring maintenance versus interesting development.... Yes, that has always been a weak spot of Linux, overall. Well, with the immense commercial interests connected to LTS kernels, pressure for better maintenance procedures is likely to mount...
Tip: 10 things to do after installing Linux Mint 19.2 Tina
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
catweazel
Level 19
Level 19
Posts: 9184
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by catweazel » Fri Sep 06, 2019 6:33 pm

Pjotr wrote:
Fri Sep 06, 2019 6:25 pm
Well, with the immense commercial interests connected to LTS kernels, pressure for better maintenance procedures is likely to mount...
Let's hope so.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

rene
Level 11
Level 11
Posts: 3627
Joined: Sun Mar 27, 2016 6:58 pm

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by rene » Tue Sep 10, 2019 12:32 am

gm10 wrote:
Fri Sep 06, 2019 9:15 am
Good on grsecurity to remain so factual in their blog although they must have been rather pleased considering Torvalds called them clowns and their patches pure garbage in the past. ;)
Oh, Brad Spengler is something much worse than a clown. See https://perens.com/2017/06/28/warning-g ... customers/. Also note that Torvalds comment was then in response to Spengler suing Perens over that very factual bit of legal advise.

gm10
Level 18
Level 18
Posts: 8720
Joined: Thu Jun 21, 2018 5:11 pm

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by gm10 » Tue Sep 10, 2019 5:13 am

rene wrote:
Tue Sep 10, 2019 12:32 am
gm10 wrote:
Fri Sep 06, 2019 9:15 am
Good on grsecurity to remain so factual in their blog although they must have been rather pleased considering Torvalds called them clowns and their patches pure garbage in the past. ;)
Oh, Brad Spengler is something much worse than a clown. See https://perens.com/2017/06/28/warning-g ... customers/. Also note that Torvalds comment was then in response to Spengler suing Perens over that very factual bit of legal advise.
I was thinking of this statement of Torvalds, which wasn't in response to any of that: https://lkml.org/lkml/2017/6/23/30. And there was nothing factual about that bit of "legal advice", that's the entire reason he rightly ended up losing. The legal musings of a non-lawyer have got nothing to do with facts and whoever advised him to bring this as a defamation lawsuit should probably give their law license back, too. There's ways he could have sued him and possibly won but that wasn't the one.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

rene
Level 11
Level 11
Posts: 3627
Joined: Sun Mar 27, 2016 6:58 pm

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by rene » Tue Sep 10, 2019 7:36 am

What are you on about? Yes, it was in response to that entire episode. The last sentence from Torvalds' message that you linked:
When they started talking about people taking advantage of them, I stopped trying to be polite about their bullshit.
Note the date on Torvalds' message, 22 june 2017, and Perens blog post, 28 june 2017, plus the fact that this was already being discussed on e..g Debian malinglists, and very probably privately within the Linux foundation; Spengler's action was well-known then.

Moreover, what do you mean "he rightly ended up loosing"? The only thing the judge did not grant Perens is an invocation of a very specific Californian "anti-SLAPP" law, but explicitly dismissed such without prejudice, i.e., allowing Perens to reintroduce it later (as he has said he likely will); to allow Spengler "more opportunity to present his claim" and while commenting she would however feel it unlikely Spengler could steer clear of anti-SLAPP.

What it in any case for now has ended up meaning is that Spengler was not (yet) ordered to pay 3 million but a mere 260.000 to Perens. Yeah. Perens so lost...

Doubly not quite sure by the way whether or not you know who Perens is given that you'd feel it possible to consider him just any "non-lawyer". Bruce Perens legal opinion in matters surrounding open-source is worth a heck of a lot more than those of 99% of lawyers. Which is not to say of course that's in fact necessary in this case, given the utter obviousness with which Spengler violates the copyright of thousands upon thousands of kernel contributors, but hey, he does "secuwity", so it's all good, right?

gm10
Level 18
Level 18
Posts: 8720
Joined: Thu Jun 21, 2018 5:11 pm

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by gm10 » Tue Sep 10, 2019 8:11 am

rene wrote:
Tue Sep 10, 2019 7:36 am
Moreover, what do you mean "he rightly ended up loosing"? The only thing the judge did not grant Perens
Spengler sued for defamation, i.e. harming somebody's reputation through misrepresentation of the facts. Spengler lost because the blog post in question (not actually the one you linked but a previous one that got deleted) wasn't about facts.
rene wrote:
Tue Sep 10, 2019 7:36 am
Doubly not quite sure by the way whether or not you know who Perens is given that you'd feel it possible to consider him just any "non-lawyer". Bruce Perens legal opinion in matters surrounding open-source is worth a heck of a lot more than those of 99% of lawyers.
See, whether that's true or not, I could not sue you for this because it's just a matter of opinion (which, unlike the original blog post, does not try to impact anybody's business). ;)
rene wrote:
Tue Sep 10, 2019 7:36 am
given the utter obviousness with which Spengler violates the copyright of thousands upon thousands of kernel contributors, but hey, he does "secuwity", so it's all good, right?
You should tell them, it's weird none of them ever sued if it's that utterly obvious. I still suggest asking an actual lawyer first. Don't forget to mention to them that grsecurity isn't actually distributing any kernels. ;)
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

rene
Level 11
Level 11
Posts: 3627
Joined: Sun Mar 27, 2016 6:58 pm

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by rene » Tue Sep 10, 2019 8:29 am

gm10 wrote:
Tue Sep 10, 2019 8:11 am
You should tell them, it's weird none of them ever sued if it's that utterly obvious.
A fair number of people agree. I.e., just today: https://lkml.org/lkml/2019/9/9/4 -- although admittedly I believe I do recognize that email address as being from a person I would not want to be associated with. As to why e.g. Linus hasn't sued... that seems likely related to why he has never sued. I.e., him believing in technology rather than legal proceedings...
gm10 wrote:
Tue Sep 10, 2019 8:11 am
Don't forget to mention to them that grsecurity isn't actually distributing any kernels. ;)
Utterly irrelevant in this case. It certainly distributes the grsecurity patch, a work obviously derived from a GPLv2 work and as such itself necessarily under the GPLv2 or a compatible license. I'll leave this at this quote from Perens blog post:
By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer’s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. Grsecurity’s Stable Patch Access Agreement adds a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed.

gm10
Level 18
Level 18
Posts: 8720
Joined: Thu Jun 21, 2018 5:11 pm

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by gm10 » Tue Sep 10, 2019 8:43 am

Again, he isn't distributing any GPL licensed software, just patches to it. I'm not an US-based lawyer but even I know that there is ample case law in the US that distributing patches does not infringe copyright even on closed-source software. The same is codified law in the jurisdiction I live in. But let's not start a legal discussion here, I only give Linux advice for free. ;)
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

rene
Level 11
Level 11
Posts: 3627
Joined: Sun Mar 27, 2016 6:58 pm

Re: Teardown of a Failed Linux LTS Spectre Fix

Post by rene » Tue Sep 10, 2019 9:04 am

Yes he is. He is distributing the grsecurity patch, a work itself as said necessarily under either the GPLv2 or a compatible license. The contention here is that, see above quote from Perens post, said work, said derivative work of the Linux kernel, failed to be licensed when Spengler added a condition expressly forbidden by the GPLv2. To thus be infringing.

Don't worry, I'm also not starting a legal discussion. Just enumerating obvious truths.,.. :)

Post Reply

Return to “Chat about Linux”