Intel Should Now Have Gen7 Graphics Mitigated Without The Hefty Performance Hit

Earlier this month when Intel disclosed CVE-2019-14615 as a security vulnerability affecting their graphics architecture, older Gen7 graphics saw a huge hit to their performance with the initial patches for addressing this vulnerability on Ivy Bridge and Haswell processors. Fortunately, a new mitigation patch series was sent out this week where they believe the performance costs are now avoided.

The original mitigation could see the OpenGL performance drop big time.


After showing those initial performance numbers for mitigating CVE-2019-14615, Intel said they were working to avoid that performance hit on older processors. For newer Gen9 graphics, their mitigation avoids any performance penalty thanks to hardware differences, similar to Gen8 Broadwell already being covered.

Sent out Thursday night was Intel's new security mitigation for Gen7/Gen7.5 graphics. The mitigation still takes care of the issue where there is potential information disclosure but now "This security mitigation change does not trigger any known performance regression. Performance is on par with current mainline/drm-tip."

The mitigation is still involving a custom EU kernel that clears EU/URB resources prior to every context restore, but now appears to be done much more efficiently.

We'll see if Intel developers try to get this into mainline soon for Linux 5.6 and then back-port or rather wait until Linux 5.7 due to this 700 line patch only affecting Ivybridge/Haswell era users.

CVE-2019-14615 is also dubbed iGPU Leak and can be used for AES attacks, website fingerprinting, and other information disclosure.

I'll be running some fresh benchmarks soon of this new patch series to confirm Gen7/Gen7.5 graphics are in better standing.