Announcement

**robclark** · 01 December 2022, 06:03 PM

Originally posted by xfcemint View Post

The problem is that I also know what you are talking about.

You think that, because a GPU has full access to main RAM, and the in-kernel driver had a bug managing the TLB hardware on the GPU, that a microkernel userspace GPU driver having the same kind of bug would suffer the same problem (i.e. allow some unprivileged GPU code to access some main RAM assigned to another process or to a kernel).

Wrong!

Short sighted!

only thing that changes that from a hw standpoint is whether you have the iommu enabled or not, but even with the iommu enabled the missing TLB flush could still allow access to other memory mapped to the GPU.

**AlanTuring69** · 01 December 2022, 11:09 PM

Originally posted by xfcemint View Post

Well, you are getting closer, but you still didn't hit it.

What you have to imagine is that I am, actually, a terrible person, who is going to put forward the meanest and the most humiliating argument (for Linux devlopers) that anyone could ever think of.

Yes, microkernels can use a IOMMU, and if the IOMMU is handled by the kernel (which is likely), and the GPU driver is in userspace, then it follows that a microkernel would better protect the system against this kind of security bugs.

But, that is not the crucial point of my argument. To figure out the crucial point, you need to re-examine the most important sentence in my original post, which says:

"Too long article; DR."

Why are you calling this person a doctor and telling them that the article is too long? Honest question I just don't get it. Is that some movie quote?

EDIT: nvm sorry I get it, it's a Dalek quote. I guess it does make sense and that definitely reads like a Dalek speech above it

Announcement

Intel Linux Kernel Graphics Driver Patched For New Security Sensitive Bug

Comment

Comment