Intel GPU Performance Hit by Security Mitigations: Ubuntu Weighs Disabling Them for 20% Boost
Ddos 
Years ago, Intel processors were found to be vulnerable to the Spectre and Meltdown flawsβarchitectural design flaws at the hardware level that cannot be fully mitigated through firmware updates. In response, Intel released a series of patches to contain these vulnerabilities, though at a notable cost to CPU performance. These patches essentially curb speculative executionβspecifically branch prediction, a fundamental feature that underpins high performance in modern CPUs.
Intelβs GPUs, likewise, suffer from similar drawbacks. Security mitigations applied to Intel GPUs can significantly hamper their performance. On Linux systems, disabling Intel GPU mitigations in OpenCL and Level Zero compute stacks has been shown to yield a performance uplift of up to 20%.
Canonical, the company behind Ubuntu, is currently evaluating the option of disabling these security mitigations system-wide to restore expected GPU performance. Intel does indeed permit the compilation of GPU compute stacks without these protections, thus Canonical would not need to rely on unofficial workarounds.
In fact, Intel has published versions of its OpenCL and Level Zero compute stacks on GitHub with security mitigations disabled by defaultβfurther reinforcing Canonicalβs confidence that disabling them would likely pose minimal practical issues.
Nonetheless, Canonical acknowledges that removing GPU-side mitigations might expose the system to unknown security risks. However, since the Ubuntu kernel already implements comprehensive CPU-side protections for Intel GPUs, the perceived risk from disabling the GPU-specific mitigations is considered to be quite low.
Intelβs security mitigations are tailored to specific architectural features, and the resulting performance degradation affects not only Intelβs integrated graphics but also their discrete Arc GPUs. It remains unclear whether Windows 11 enables these same mitigations for Intel GPUs.
Ultimately, one cannot help but sympathize with users of Intel CPUs and GPUs. Every microcode update chips away at performance, yet declining to apply them opens the door to potential exploits. As a result, many home usersβparticularly gamersβhave opted to disable CPU-side mitigations altogether, willingly accepting the associated risks for the sake of better performance.
Related Posts:
- Canonical Releases the New Minimal Ubuntu OS
- Impossible Recovery? Beating Akira Ransomware with GPUs
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
