Intel Preparing New Driver Option To Disable GPU Security Mitigations
This patch was sent out on Saturday that fixes up the Haswell GT1 support following the public attention this week over the low-end Haswell graphics support managing to be broken for the past several kernel release cycles while a prior version of that patch has been floating on the bug report thread for weeks.
What caused that regression, which led to hangs at boot, was the Haswell mitigation of last year's "iGPU Leak" vulnerability. The Ivy Bridge / Haswell mitigation for that security vulnerability really wrecked the performance but improved with time. But it still poses significant overhead to a follow-up patch is set to allow users to finally be able to disable the functionality.
This patch allows users to override the security mitigations default for the Intel graphics driver. "The clear-residuals mitigate is a relatively heavy hammer and under some circumstances the user may wish to forgo the context isolation in order to meet some performance requirement. Introduce a generic module parameter to allow selectively enabling/disabling different mitigations."
By default the iGPU Leak mitigation is still active but the i915.mitigations=off can now be used to disable it at run-time. (This is just in reference to the Intel graphics driver and this and any future security issues. The mitigations=off kernel option in general is for the separate CPU security mitigation situation.)
If all goes well these patches should be mainlined for Linux 5.12. Well, ideally the Haswell GT1 fix will get picked up still for the 5.11 cycle and is also marked for back-porting to stable series of Linux 5.7 and newer. The mitigation control patch will presumably wait until the Linux 5.12 merge window.