Announcement

Collapse
No announcement yet.

Intel's Linux Graphics Driver Patched For New Security Issue But Can Impact Performance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel's Linux Graphics Driver Patched For New Security Issue But Can Impact Performance

    Phoronix: Intel's Linux Graphics Driver Patched For New Security Issue But Can Impact Performance

    Intel's "i915" kernel graphics driver has been patched for a software issue that could lead to malicious user-space trigger DMAR read/write faults or worse is the possibility of user-space gaining access to random memory pages. Unfortunately, the security fix comes with performance implications...

    https://www.phoronix.com/scan.php?pa...-CVE-2022-0330

  • #2
    Intel laptop users will suffer...

    Comment


    • #3
      I hope this won't be a disaster like last time, where everyone had to suffer for at least half a year due to performance AND power regressions of a haphazardly put together security fix.

      Comment


      • #4
        This one seems like it's only Half Intels fault. I think it's odd for the User Space not to require declarations. Seems like a lack of hardening of the stack.

        Comment


        • #5
          Skylake, Kaby Lake, Whiskey Lake and Comet Lake users have already suffered a massive blow to performance, so much there's an i915 module parameter: i915.mitigations=off which I just enable without caring too much. All these i915 vulnerabilities are impossible to exploit remotely unless you're running WebGL and even that is not certain.

          Comment


          • #6
            Woo, ivybridge T430!

            Comment


            • #7
              Originally posted by birdie View Post
              Skylake, Kaby Lake, Whiskey Lake and Comet Lake users have already suffered a massive blow to performance, so much there's an i915 module parameter: i915.mitigations=off which I just enable without caring too much. All these i915 vulnerabilities are impossible to exploit remotely unless you're running WebGL and even that is not certain.
              100% agree. All this vulnetrabilities and mitigations are needed for cloud providers on their servers - put for personal laptop is a useless idiotic junk. I would like to have a single config option in kernel config to confiure all those spectres, meltdowns and other cache flushes away from my kernel.

              Comment


              • #8
                yeah..pages need to be flushed at beginning and at the end, for those situations in the article..

                Comment


                • #9
                  Originally posted by asriel View Post
                  a single config option in kernel config to confiure all those spectres, meltdowns and other cache flushes away from my kernel.
                  mitigations=off should get you close

                  Comment


                  • #10
                    Originally posted by Ipkh View Post
                    This one seems like it's only Half Intels fault. I think it's odd for the User Space not to require declarations. Seems like a lack of hardening of the stack.
                    Well the other part, which I think is the core problem, is that it's somebody's fault that all of the laptops didn't have IOMMU enabled. Was IOMMU not available that generation? Did firmware vendors fail to enable it? Did integrators turn it off like RHEL customers turn off SELinux?

                    Comment

                    Working...
                    X