Ubuntu To Disable Intel Graphics Security Mitigations To Boost GPU Performance By Up To 20% (arstechnica.com) 15
Disabling Intel graphics security mitigations in GPU compute stacks for OpenCL and Level Zero can yield a performance boost of up to 20%, prompting Ubuntu's Canonical and Intel to disable these mitigations in future Ubuntu packages. Phoronix's Michael Larabel reports: Intel does allow building their GPU compute stack without these mitigations by using the "NEO_DISABLE_MITIGATIONS" build option and that is what Canonical is looking to set now for Ubuntu packages to avoid the significant performance impact. This work will likely all be addressed in time for Ubuntu 25.10. This NEO_DISABLE_MITIGATIONS option is just for compiling the Intel Compute Runtime stack and doesn't impact the Linux kernel security mitigations or else outside of Intel's "NEO" GPU compute stack. Both Intel and Canonical are in agreement with this move and it turns out that even Intel's GitHub binary packages for their Compute Runtime for OpenCL and Level Zero ship with the mitigations disabled due to the performance impact. This Ubuntu Launchpad bug report for the Intel Compute Runtime notes some of the key takeaways. There is also this PPA where Ubuntu developers are currently testing their Compute Runtime builds with NEO_DISABLE_MITIGATIONS enabled for disabling the mitigations.
Re: (Score:2)
Apparently you don't need the mitigations in the compute library if you have them in the kernel
Re: (Score:2)
Who needs protection from academic attacks that no-one on earth has ever used anyway?
About time some common sense was applied. Now if only all the other performance-killing "defences" against attacks no-one has every experienced were removed.
Re: (Score:2)
Agreed. There have been some discoveries that were genuine security issues. MANY that are only real issues in multi-user systems (and I mean logged in users, not someone fetching a web page). And too many that are clever tricks but only work if the 'target' cooperates fully with the "attack" (but mysteriously doesn't just sudo). Those remind me of the videos of Rube Goldberg machines that take a month to shoot and run for 3 minutes, assuming they don't just use clever editing to depict something that never
Re: (Score:3)
Who needs protection from academic attacks that no-one on earth has ever used anyway?
Every bad actor is looking for a zero-day exploit to keep in their back pocket; why would you provide them with one for free, and assume they'll never use it on you?
Re: (Score:2)
Disable Snap (Score:5, Insightful)
Disable Snap by default and fully support apt again and I might consider installing Ubuntu again. Until then they're dead to me.
Re: (Score:3)
They don't care.
Re: (Score:3)
That's called Linux Mint. All the goodness of Ubuntu, but without the compromises.
Here's a good link (Score:3)
https://www.phoronix.com/news/... [phoronix.com]
Exactly (Score:3, Informative)
Ironic (Score:1)
This is coming on the heels of their switch to Wayland only. If you ask the Wayland people why everyone should switch to Wayland when it isn't a replacement for X11 and requires help by almost the entire software industry given it's a wholly new API, the conversation normally goes:
WN: Well it's more efficient!
X: No, X11 is actually a little faster and has better latency
(Yes, I'm aware you've been told X11 is inefficient your entire life. It's also been debunked your entire life, some of you just didn't choo
No trade off (Score:2)
Re: (Score:2)
Unless they are spectre attacks against the gpu, not the cpu. In which case they are only needed if you allow GPU compute jobs over the internet.
Re: (Score:2)