Earlier this week, Intel released details about a vulnerability in its integrated graphics hardware. The advisory ID was INTEL-SA-00314 and the vulnerability of CVE-2019-14615 was discussed. Products from the 3rd generation up to and including the 10th generation are influenced, including the current Xeon, Pentium, Celeron and Atom products. Intel has been notified of this vulnerability since August and therefore already has patches and links to recommended new drivers for both Windows and Linux users (scroll down approximately halfway through this page).
All so regularly and so far nothing surprising … But since the updated drivers have been released, the Linux-oriented technical site Phoronix has been busy checking and testing the new drivers (of course on Linux) to see if there are performance fines are, or other deviations, delivered with the vulnerability patches.
Intel describes the CVE-2019-14615 vulnerability as follows: “Insufficient control flow in certain data structures for some Intel processors with Intel Processor Graphics may allow an unauthenticated user to allow information disclosure through local access.” Note the key phrase – local access – but Phoronix thinks WebGL is another possible attack vector in web browsers.
When testing Linux, Phoronix was not initially hampered by results from processors with Intel Gen9 graphics. With this hardware, the mitigation erases all states of the execution unit (EU) at each context switch – and the perceived impact on performance was minimal. We continue with the influence of the patch on the graphics of Intel Gen7 / Gen7.5 – the story changes dramatically.
Phoronix notes that the graphical limitation of the Gen7 “over two patches is much greater and depends on the fact that before each context recovery an adapted EU kernel is called for deleting EU and URB resources.” When it comes to copper tacks, the security patch “destroys the Gen7 iGPU performance,” the source says, further saying that the iGPU performance on Ivy Bridge and Haswell is “completely broken.”
Above you see a disastrous show for the Haswell Core i7 4790K post-patch system relying on its iGPU, and Phoronix offers an average of all tests from its own custom suite, as included in the image below. The overall result shows that the patched system is about 42 percent slower in a wide selection of graphic benchmarks.
The source notes that Haswell appears to be particularly hard hit by the vulnerability patches. Intel Core i7 3770K Ivy Bridge iGPU graphics card has been reduced by 18 percent in the same test suite. It is noted that the current graphic driver patches from Intel do not respond to the generic kernel parameter ‘mitigations = off’. With the time when Intel already had to sink in the driver patches, the hope that Haswell / Ivy Bridge performance will be improved in three-dimensional updates is low.
Switching to Windows OS Users, Intel notes in the patch that “Platforms based on Ivy Bridge, Bay Trail and Haswell do not currently have complete limitations for the Windows operating system. Updating the drivers for these platforms according to the below recommendation will substantively reduce the potential attack surface. “So there is hope that newer better patches will come after further development and validation.
If someone relies on a Haswell iGPU for some aspect of their daily computing and would like to run a few GPU performance tests for Windows, don’t hesitate to share your findings in the comments below.
This is a syndicated post. Read the original post at Source link .