Language Selection

English French German Italian Portuguese Spanish

Intel graphics patch "wrecks" Gen7 iGPU Linux performance

Filed under
Graphics/Benchmarks
  • Intel graphics patch "wrecks" Gen7 iGPU Linux performance

    Earlier this week Intel released details about a vulnerability in its integrated graphics hardware. Its advisory ID was INTEL-SA-00314 and it talked about the CVE-2019-14615 vulnerability. Products from 3rd Gen Core up to 10th Gen are affected including the contemporaneous Xeon, Pentium, Celeron and Atom products. Intel was made aware of this vulnerability as far back as August so already has patches available and links to recommended new drivers for both Windows and Linux users (scroll down this page about half way).

    All so regular and nothing surprising so far… However, since the updated drivers have been released, Linux-centric tech site Phoronix has been busy checking and testing the new drivers (on Linux of course) to see if there are any performance penalties, or other aberrations, delivered with the vulnerability patches.

    Intel describes the CVE-2019-14615 vulnerability as follows: "Insufficient control flow in certain data structures for some Intel Processors with Intel Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access." Please note the key phrase - local access - but Phoronix thinks that WebGL within web browsers is another possible attack vector.

    In its Linux testing, Phoronix was initially unperturbed by results on processors sportin

  • Intel's Mitigation For CVE-2019-14615 Graphics Vulnerability Obliterates Gen7 iGPU Performance

    Yesterday we noted that the Linux kernel picked up a patch mitigating an Intel Gen9 graphics vulnerability. It didn't sound too bad at first but then seeing Ivy Bridge Gen7 and Haswell Gen7.5 graphics are also affected raised eyebrows especially with that requiring a much larger mitigation. Now in testing the performance impact, the current mitigation patches completely wreck the performance of Ivybridge/Haswell graphics performance.

    The vulnerability being discussed and analyzed this week is CVE-2019-14615. This CVE still hasn't been made public over 24 hours later (though there are the Intel SA-00314 details for this disclosure), but from going through kernel patches and other resources, it certainly caught our interest right away and have been benchmarking it since yesterday evening. The CVE-2019-14615 vulnerability amounts to a new information disclosure issue due to insufficient control flow in certain data structures. Local access is required for exploiting this control flow issue in the hardware, but it's not yet known/published if say WebGL within web browsers could exploit this issue. This is a hardware issue with all operating systems being affected. Our testing today, of course, is under Linux.

Intel graphics patch "wrecks" Gen7 iGPU Linux performance

  • Intel graphics patch "wrecks" Gen7 iGPU Linux performance

    Earlier this week Intel released details about a vulnerability in its integrated graphics hardware. Its advisory ID was INTEL-SA-00314 and it talked about the CVE-2019-14615 vulnerability. Products from 3rd Gen Core up to 10th Gen are affected including the contemporaneous Xeon, Pentium, Celeron and Atom products. Intel was made aware of this vulnerability as far back as August so already has patches available and links to recommended new drivers for both Windows and Linux users (scroll down this page about half way).

    All so regular and nothing surprising so far… However, since the updated drivers have been released, Linux-centric tech site Phoronix has been busy checking and testing the new drivers (on Linux of course) to see if there are any performance penalties, or other aberrations, delivered with the vulnerability patches.

More Details On Intel's CVE-2019-14615 Graphics Vulnerability

  • More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

    As for CVE-2019-14615 the Intel graphics vulnerability disclosed this week affecting Gen7 through Gen9 graphics architectures, it's been dubbed "iGPU Leak" by the researchers involved. Thanks to the researcher who originally discovered this vulnerability having reached out to us, we now have some more information on this issue they describe as a "dangerous vulnerability."

    This is the vulnerability that initially piqued our interest over the big graphics performance hit to older Ivybridge/Haswell processors with integrated graphics where in the initial patches we've seen quite dramatic losses.. Fortunately though the current Gen9 graphics have a mitigation where we're seeing fortunately no change in performance. As relayed yesterday, however, they hope for no Gen7 graphics performance penalty in the final version of their mitigation.

Intel Gen7 Graphics Mitigation Will Try To Avoid Performance

More Benchmarks Of The Initial Performance Hit

  • More Benchmarks Of The Initial Performance Hit From CVE-2019-14615 On Intel Gen7 Graphics

    On Wednesday I shined the light on the initial performance hit from Intel's CVE-2019-14615 graphics vulnerability particularly striking their "Gen7" graphics hard. That initial testing was done with Core i7 hardware while here are results looking at the equally disturbing performance hits from Core i3 and i5 affected processors too.

    This article offers some benchmarks with Core i3/i5 results added in alongside the i7 CPUs previously tested with the Gen7 graphics found most commonly with Ivy Bridge and Haswell processors. Each distinct system was tested before/after from the CVE-2019-14615 posted on Wednesday.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Linux and Security

  • Why Not WireGuard

    The latest thing that is getting a lot of attention is WireGuard - the new shooting star in terms of VPN. But is it as great as it sounds? I would like to discuss some thoughts, have a look at the implementation and tell you why WireGuard is not a solution that will replace IPsec or OpenVPN. In this article I would like to debunk the myths. It is a long read. If you are in need of a tea of coffee, now is the time to make it. Thanks to Peter for proof-reading my chaotic thoughts. I do not want to discredit the developers of WireGuard for their efforts or for their ideas. It is a working piece of technology, but I personally think that it is being presented as something entirely different - as a replacement for IPsec and OpenVPN which it simply is not. As a side-note, I think that the media is responsible for this and not the WireGuard project itself. There has not been much positive news around the Linux kernel recently. They have reported of crushing processor vulnerabilities that have been mitigated in software, Linus Torvalds using too harsh language and just boring developer things. The scheduler or a zero-copy network stack are not very approachable topics for a glossy magazine. WireGuard is.

  • Kees Cook: security things in Linux v5.4

    Linux kernel v5.4 was released in late November. The holidays got the best of me, but better late than never!

Changing TTY prompt, font and colors

Changing colors and font in a virtual terminal isn't easy (see below). Changing colors and font in a terminal emulator, on the other hand, is just a matter of adjusting preferences in a GUI dialog. Last year, for example, I changed the color scheme in my terminal emulator. Read more

Python Programming

  • Integrating MongoDB with Python Using PyMongo

    In this post, we will dive into MongoDB as a data store from a Python perspective. To that end, we'll write a simple script to showcase what we can achieve and any benefits we can reap from it. Web applications, like many other software applications, are powered by data. The organization and storage of this data are important as they dictate how we interact with the various applications at our disposal. The kind of data handled can also have an influence on how we undertake this process. Databases allow us to organize and store this data, while also controlling how we store, access, and secure the information.

  • EuroPython 2020: Presenting our conference logo for Dublin

    The logo is inspired by the colors and symbols often associated with Ireland: the shamrock and the Celtic harp. It was again created by our designer Jessica Peña Moro from Simétriko, who had already helped us in previous years with the conference design.

  • Finding the Perfect Python Code Editor

    Find your perfect Python development setup with this review of Python IDEs and code editors. Writing Python using IDLE or the Python REPL is great for simple things, but not ideal for larger programming projects. With this course you’ll get an overview of the most common Python coding environments to help you make an informed decision.

  • PyCoder’s Weekly: Issue #408 (Feb. 18, 2020)
  • Airflow By Example (II)
  • PyCon: The Hatchery Returns with Nine Events!

    Since its start in 2018, the PyCon US Hatchery Program has become a fundamental part of how PyCon as a conference adapts to best serve the Python community as it grows and changes with time. In keeping with that focus on innovation, the Hatchery Program itself has continued to evolve. Initially we wanted to gauge community interest for this type of program, and in 2018 we launched our first trial program to learn more about what kind of events the community might propose. At the end of that inaugural program, we accepted the PyCon Charlas as our first Hatchery event and it has grown into a permanent track offered at PyCon US.

  • Using "python -m" in Wing 7.2

    Wing version 7.2 has been released, and the next couple Wing Tips look at some of its new features. We've already looked at reformatting with Black and YAPF and Wing 7.2's expanded support for virtualenv. Now let's look at how to set up debugging modules that need to be launched with python -m. This command line option for Python allows searching the Python Path for the name of a module or package, and then loading and executing it. This capability was introduced way back in Python 2.4, and then extended in Python 2.5 through PEP 338 . However, it only came into widespread use relatively recently, for example to launch venv, black, or other command line tools that are shipped as Python packages.

  • New Python Programmer? Learn These Concepts First.

    As a novice Python developer, the world is your oyster with regards to the type of applications that you can create. Despite its age (30 years—an eternity in tech-world terms), Python remains a dominant programming language, with companies using it for all kinds of services, platforms, and applications. For example, Python lets you create web applications via Django or other frameworks such as Flask. Perhaps you want to create games instead? For that, learn Pygame for 2D games (or Panda3D for 3D). Or maybe you’re more enterprise-minded, and want to create useful utilities (such as automatically cataloguing e-books); in that case, Python works well with frameworks and software such as Calibre.

Screencasts/Audiocasts/Shows: Void Linux-based Project Trident 20.02, LINUX Unplugged, Linux Headlines and Tom Christie on Django

  • Project Trident 20.02 overview | A c based desktop-focused operating system

    In this video, I am going to show an overview of Project Trident 20.02 and some of the applications pre-installed.

  • Project Trident 20.02 Run Through

    In this video, we are looking at Project Trident 20.0, now based on Void Linux. 

  • Long Term Rolling | LINUX Unplugged 341

    We question the very nature of Linux development, and debate if a new approach is needed. Plus an easy way to snapshot any workstation, some great feedback, and an extra nerdy command-line pick.

  • 2020-02-18 | Linux Headlines

    Red Hat moves up Fortune’s 100 Best Companies to Work For list, Mozilla releases significant changes to its WebThings Gateway, and O’Reilly publishes analytics for its online learning platform.

  • Podcast.__init__: APIs, Sustainable Open Source and The Async Web With Tom Christie

    Tom Christie is probably best known as the creator of Django REST Framework, but his contributions to the state the web in Python extend well beyond that. In this episode he shares his story of getting involved in web development, his work on various projects to power the asynchronous web in Python, and his efforts to make his open source contributions sustainable. This was an excellent conversation about the state of asynchronous frameworks for Python and the challenges of making a career out of open source.