Ubuntu users could see up to a 20 percent boost in graphics performance on Intel-based systems under a change that will turn off security mitigations for blunting a class of attacks known as Spectre.
Spectre, you may recall, came to public notice in 2018. Spectre attacks are based on the observation that performance enhancements built into modern CPUs open a side channel that can leak secrets a CPU is processing. The performance enhancement, known as speculative execution, predicts future instructions a CPU might receive and then performs the corresponding tasks before they are even called. If the instructions never come, the CPU discards the work it performed. When the prediction is correct, the CPU has already completed the task.
By using code that forces a CPU to execute carefully selected instructions, Spectre attacks can extract confidential data that the CPU would have accessed had it carried out the ghost instructions. Over the past seven years, researchers have uncovered multiple attack variants based on the architectural flaws, which are unfixable. CPU manufacturers have responded by creating patches in both micro code and binary code that restrict speculative execution operations in certain scenarios. These restrictions, of course, usually degrade CPU performance.
From Ars Technica - All content via this RSS feed
Unfortunately I’m one of those weirdos who does not want to click random links to websites he doesn’t know, so I’m going of the summary here.
Is there any response from the Ubuntu team as to why this choice was made? Is it by accident? is it a deliberate choice? What’s the reasoning behind it? Surely they’re not throwing security out the window for bit of performance on one of the most popular Linux distros, right?