Intel Graphics Driver Fixes Include Assembly Sources To Satisfy GNU Linux-Libre Folks
Last month you may recall that the free software purists maintaining the GNU Linux-Libre kernel dropped the Intel "iGPU Leak" security fix for Ivybridge / Haswell as they considered the compiled shaders/kernels responsible for clearing those residual contexts to be binary blobs. A resolution is now pending for upstream.
Mitigating "iGPU Leak" for Gen7/Gen7.5 Intel graphics requires flushing the GPU between jobs by means of clearing EU/L3 residual contexts. That flushing code is compiled via the IGT user-space Intel compiler code and from the kernel side submitted to the hardware when needed. But because the GNU Linux-Libre maintainers viewed it as a "binary blobs as arrays of numbers", they dropped the fix.
All along the source code has been available via IGT (formerly Intel GPU Tools) albeit not in the kernel source tree. To appease the Linux-libre maintainers, the Assembly sources are being added to the kernel tree. But compiling the sources still requires IGT and in turn copying those files out-of-tree for building. So the Linux kernel will continue to utilize the pre-compiled version.
Those wanting to compile the bits can find these instructions and the sources.
Adding of the Assembly sources was sent in today via drm-intel-fixes as a change for the current Linux 5.8 cycle. Besides adding those sources, there are also Intel GVT virtualization fixes. In turn this should allow GNU Linux-Libre 5.8 to approve of shipping this security mitigation.