Overtime defenses for Spectre-based attacks have taken their toll.
  • @[email protected]English
    2518 days ago

    This is fine for single user systems. If your system allows more than 1 users, this is probably not something you want to do.

    • oce 🐆English
      1818 days ago

      The point is the Linux Kernel is covering the same security mitigations which make the CPU level ones redundant. If all users are using the Linux Kernel, why would it be an issue?

      • @[email protected]English
        918 days ago

        Depends on how you use your system if you have multiple users. CPU mitigations wont protect GPU workloads, and vice versa. If your CPU was mitigating GPU workloads, that would probably be a massive performance loss.

        • @[email protected]English
          1118 days ago

          That’s not how this works.

          The vulnerability is all on the CPU side. The GPU workloads being referenced are only vulnerable on the CPU instruction set used to pass workloads to the GPU.

          Talking about CPU and GPU workloads as entirely separate in this context is misleading as the vulnerability is with CPU code execution that passes tasks to the GPU.

          The GPU is not vulnerable to this particular attack, only the CPU is.

          As you can see here impacted hardware is all CPU side, you can also read about how the proposed attacks work.

          https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/spectre.html

          • @[email protected]English
            318 days ago

            Forgive me. Just trying to understand. How does the kernel flag NEO_DISABLE_MITIGATIONS have any affect on the CPU? Seems to be targeted towards OpenCL and Level Zero, which are APIs to access GPU hardware directly.

    • @[email protected]English
      618 days ago

      Or if you run untrusted code. Including code that might be susceptible to a compromised developer or a supply chain attack.

    • Björn TantauEnglish
      318 days ago

      I read in another comment about this that the safeguards in the kernel would still remain. The hardware just wouldn’t do it by itself.

  • @[email protected]
    English
    1518 days ago

    One thing Ubuntu users should know is that the change will only provide performance boosts when GPUs are handling workloads running the OpenCL framework or the OneAPI Level Zerointerface. That likely means that people using games and similar apps will see no benefit.

  • deadcatbounce
    English
    -118 days ago

    Think of all that money that they could have saved by even looking for those security issues once reported.

    Fuck you Ubuntu people, typical crap corporate move. Is it even not opt-in?