Intel's Linux Graphics Driver Patched For New Security Issue But Can Impact Performance
If not running with an IOMMU active, CVE-2022-0330 could lead to user-space gaining access to random memory pages. This could mean either data leaks and/or random memory corruption. The issue with the Intel graphics driver stems from a missing TLB flush when releasing memory that was backing a GPU buffer object to the system memory.
Intel engineer Tvrtko Ursulin wrote on the OSS security mailing list, "Flawed assumption was that flushing the TLB at the start of every userspace GPU execution is sufficient, given the programming model where userspace is expected to declare which graphics virtual memory address ranges it will be accessing at the start of every execution. However what was not considered is that userspace can legitimately (it is allowed in uapi) _not_ declare those accesses. This allows userspace to continue GPU access to memory, while the kernel driver (i915) is unaware of it being in use, and therefore is allowed to release the backing store back to the system. Should the system then give out those pages back for a different use, the exploit situation can arise. Return of the pages back to the system can either be specifically engineered by the malicious software, or can happen innocently via system memory pressure. All Intel integrated and discrete GPUs starting from Gen8 (Broadwell) are affected."
While a fix has already been merged into the mainline Linux kernel, unfortunately the extra TLB flushing can impact the Intel performance. Tvrtko added, "Fix has already been developed and consists of explicitly flushing the TLBs before releasing memory back to the system for any GPU buffer objects which were in use from the GPU. Note that this will have a varying performance impact depending on the specific GPU, GPU workload and overall system workload."
Needless to say, I'll be firing up some benchmarks with/without this security patch for showing any performance impact across different Intel hardware.
The security fix is in drm/i915: Flush TLBs before releasing backing store. The fix does note the route for simplicity was taken and depending upon benchmark results may be refined later.