Phoronix: Tietoturvakorjaukset syövät jopa 20 % Intelin GPU-suorituskyvystä Linuxilla, Ubuntu poistaa ne käytöstä

[Kaotik]

Phoronix raportoi Intelin näytönohjainten hävittävän jopa 20 % laskentasuorituskyvystään tietoturvakorjauksiin. Asia selvisi Ubuntun kehittäjä Canonicalin Ubuntu Launchpad -bugiraportin kautta.

Bugiraportin mukaan Canonical ja Intel ovat tehneet yhteistyötä ja päättäneet poistaa suojaukset käytöstä Ubuntussa. Molempien yhtiöiden tietoturvaosastojen mukaan Spectre-suojausten poistaminen GPU:n Compute Runtime -tasolta on tässä vaiheessa jo turvallista ja ilmeisesti rajoitukset voi halutessaan asettaa myös takaisin päälle lataamalla päivitykset GitHubista.

" * Users can expect up to 20% performance improvement"
...
[ Where problems could occur ]

* As we are proposing to eliminate a vulnerability mitigation, there is the possibility that this would open up an unknown avenue for attack. To provide some confidence for this sizable risk, both Intel and Canonical security have signed off on this change, and Intel even distributes without these mitigations from their Compute Runtime Github repo without any known exploits.

* As with any change, this change could open up some other bug that was covered up by the mitigations. As with the previous point, we have some confidence because Intel already publishes without these mitigations.

* As we have mentioned that Intel already includes this change, it is appropriate to mention that Intel statically links their builds for Compute Runtime and has some differences in their debian packaging, which means that we could have unknown behavioral differences between the archive version and the versions published in their Github repo."

"After discussion between Intel and Canonical’s security teams, we are in agreement that Spectre no longer needs to be mitigated for the GPU at the Compute Runtime level. At this point, Spectre has been mitigated in the kernel, and a clear warning from the Compute Runtime build serves as a notification for those running modified kernels without those patches. For these reasons, we feel that Spectre mitigations in Compute Runtime no longer offer enough security impact to justify the current performance tradeoff.

Intel themselves have enabled this flag in their builds available on their Github release page upstream."

Lähde: Disabling Intel Graphics Security Mitigations Can Boost GPU Compute Performance By 20% - Phoronix

 

[Kahakka]

Phoronix raportoi Intelin näytönohjainten häviävän jopa 20 % laskentasuorituskyvystään tietoturvakorjauksiin.

Menettävän

 

[Kaotik]

Menettävän

Riitta poikki ja hävittävän väliin.