A flaw was found in the kernels implementation of the i915 graphics driver where lack of control flow for data structures may allow a local authenticated user to disclose information when issuing ioctl commands to an attached i915 devices. How it works: 1 - Userspace creates a batchbuffer 2 - Batchbuffer sent to kernel via ioctl 3 - ioctl (2) issues it as an "Execution Unit" for the hardware. 4 - The kernel schedules another process to run. 5- Another process (running as user) can access the previous Execution Unit results by re-using Execution Units results. Affected hardware: This flaw affects Gen7, 7.5 and Gen9 hardware only. See [1] The Intel graphics developer guides for information on how to identify your hardware to find if it is affected. Additional information: [1] https://software.intel.com/en-us/articles/intel-graphics-developers-guides [2] https://bwidawsk.net/blog/index.php/2013/08/i915-command-submission-via-gem_exec_nop/
Mitigation: Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system; however, the power management functionality of the card will be disabled and the system may draw additional power. See the kcs “How do I blacklist a kernel module to prevent it from loading automatically?“ (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module from autoloading. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if the graphical login functionality is required.
Upstream Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc8a76a152c5f9ef3b48104154a65a68a8b76946 https://lists.freedesktop.org/archives/intel-gfx/2020-January/225945.html
The upstream patch mentioned only fixes Skylake and above. The problem is also there on Ivybridge and Haswell, and the proposed upstream solutions are currently killing performance on those devices.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1793118]
Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, 8 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7, and 8 may address this issue. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise MRG 2.
We have fixed this in all the Gen 9 Intel hardware. The upstream patches for Gen7 are quite intrusive and have had a number of follow on fixes in progress. I'm not comfortable shipping those in a Z stream update just to fix this for Gen 7 Intel hardware. These fixes will eventually be pulled in via our normal Y stream rebase process. (likely for 8.5). As such I'm closing this bug as I don't see us proceeding with the gen7 fixes at this stage outside of 8.Y stream. I've opened another bug for internal tracking of the Y stream backport.
Ok, I think we can close this up.