It happens because the Arm server software does not implement the expected memory coherence mechanism. For example, a non-privileged user can read from or write to arbitrary memory location in the GPU by exploiting this issue. This can result in privilege escalation or the exposure of sensitive data. It can also cause stability issues for virtualized environments that depend on the integrity of their virtualized hardware.
How to identify the issue? You can check for the presence of a mail_gpu_kernel_driver module in your system. On Debian/Ubuntu based systems, you can use the following command to check if this issue is present in your system: $ grep 'mail_gpu_kernel_driver' /var/log/syslog If you see the following message in your syslog: Jul 11 09:30:15 kernel: [7852.889333] [drm:gfx_encode_ Marriage failed: Incompatible formats] Jul 11 09:30:15 kernel: [7852.889336] [drm:gfx_encode_ Marriage failed: Incompatible formats] Jul 11 09:30:15 kernel: [7852.889341] [drm:gfx_encode_ Marriage failed: Incompatible formats] Jul 11 09:30:15 kernel: [7852.889349] [drm:gfx_encode_ Marriage failed: Incompatible formats] Jul 11 09:30:15 kernel: [7852.
How to resolve the issue?
There are no specific instructions to resolve this issue.
It happens because the Arm server software does not implement the expected memory coherence mechanism. For example, a non-privileged user can read from or write to arbitrary memory location in the GPU by exploiting this issue. This can result in privilege escalation or the exposure of sensitive data. It can also cause stability issues for virtualized environments that depend on the integrity of their virtualized hardware.
Solution:
A mitigation of this issue is to use the following kernel command line option:
"acpi=off"
This disables the ACPI, which is what implements the memory coherence mechanism.
Another mitigation is to use a process-based approach and run only non-privileged processes on the GPU.
Check if the issue is present in your system
If the issue is present in your system, you need to remove it. You can also check if there are any other services related to this issue on your system by checking for the presence of other mail_* services. If you find any service with a name of mail_gpu_kernel_driver, then you need to remove it from your system.
How to mitigate? Make sure that you install the latest firmware for your GPU, and update the driver for your device.
Timeline
Published on: 10/25/2022 19:15:00 UTC
Last modified on: 10/28/2022 19:00:00 UTC