Disabling Intel GPU Security Mitigations Yields Up to 20% Performance Boost in Linux

Intel GPUs, much like their CPU counterparts, suffer from performance penalties due to built-in security mitigations. According to a report by Phoronix, disabling these security measures for Intel’s OpenCL and Level Zero compute stack in Linux can result in a performance boost of up to 20%. Canonical, the company behind the Ubuntu operating system, is considering disabling these mitigations due to the significant performance impact they have on Intel GPUs. Intel reportedly allows its GPU compute stack to be compiled without these security features, providing Canonical with a straightforward path to achieving its performance goals. This move is further supported by the fact that Intel’s OpenCL and Level Zero stacks are available on GitHub with mitigations disabled by default. Ubuntu's kernel already includes the necessary security mitigations for Intel CPUs, rendering the additional GPU-side protections somewhat redundant. Despite the potential risks, Canonical believes the performance gains are substantial enough to justify the trade-off. The security vulnerabilities that these mitigations aim to prevent are specific to the GPU architecture, and since GPUs do not run the operating system, the impact of these vulnerabilities is less critical compared to CPU vulnerabilities. For instance, the Spectre vulnerability, which was first identified in 2017, led to significant performance hits for Intel CPUs. The Spectre-v2 mitigations alone can cause a 35% performance decrease in affected Intel chips. These security patches modify critical components within the CPU, such as the branch predictor, leading to reduced performance. While AMD CPUs are also impacted by security mitigations, they generally experience less severe performance drops because their architecture is less susceptible to such exploits. The same principle applies to GPUs, where security mitigations are less necessary and less impactful. This is particularly true in the consumer market, where users often prioritize performance over security. Therefore, Intel and Canonical’s decision to disable these mitigations on the GPU side is more palatable than it would be for CPUs. The situation is less clear on Windows, as there is no readily available information about whether these mitigations are enabled by default for Intel GPUs. However, given that Intel has provided the option to disable them in Linux, it is reasonable to expect similar updates or options to emerge on Windows in the future, should the mitigations currently be active. In summary, the trade-off between performance and security in GPU computing is becoming more pronounced. For now, users running Intel GPUs on Ubuntu can look forward to significant performance improvements by disabling these security mitigations, while the broader implications for other platforms remain to be seen.