Announcement

Collapse
No announcement yet.

AMD "Cleaner Shader" Coming For GFX11.0.3 GPUs To Help Ensure User/App Isolation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • caspiot
    replied
    I suspect this is:
    a) a mitigation against a speculative route for data exfiltration that a big customer noticed and wanted to prevent before their LLM Secret Sauce leaked out;
    b) the same, but before any such route was discovered, just to cover their asses

    Leave a comment:


  • illwieckz
    replied
    Originally posted by archkde View Post
    As if using AI to detect patterns and then performing selective wiping would be any of more reliable, more efficient and faster than just zeroing everything…
    What I talk about is to recognize interesting patterns to extract sensitive data for malevolent purpose, this is a tool for a spy, not a tool for someone protecting itself from spies. This is given as an example of what zeroing would protect against.

    The idea is that a third party software (like a video game) can allocate many framebuffers and run heuristics on captured content, and when a match occurs, it can then exfiltrate the data from the victim's computer running the game to the spy's computer. Here is where AI may help the spy job, to reduce bandwidth of what is extracted by being trained in advance and then matching interesting patterns on the victim's computer by processing the video memory without exfiltrating the whole video memory.

    Leave a comment:


  • archkde
    replied
    Originally posted by illwieckz View Post
    Also I actually wonder if some AI can be used to help recognizing interesting patterns in said allocated memory.
    As if using AI to detect patterns and then performing selective wiping would be any of more reliable, more efficient and faster than just zeroing everything…

    Leave a comment:


  • Venemo
    replied
    Originally posted by Espionage724 View Post
    And what is this really to be needing black-box microcode to implement?
    The shader ISA is well documented, so this isn't really a black box. You can examine it if you want. The thing is, if they want to use shaders in the kernel, they need to write them in binary because there is no shader compiler inside the kernel.

    Leave a comment:


  • illwieckz
    replied
    Originally posted by varikonniemi View Post

    Why would it be expensive to zero the framebuffer when allocated? It's not like you allocate new buffers in a hot path?
    I don't know, I'm not the one who told me that. I'm just reporting what I've heard.

    I agree that buffers are not expected to be allocated every now and then, so I would expect this to be somewhat minor (I hope it can be).

    Leave a comment:


  • cb88
    replied
    Originally posted by varikonniemi View Post

    Why would it be expensive to zero the framebuffer when allocated? It's not like you allocate new buffers in a hot path?
    Shaders are cyclic so you'd be doing this protentally every frame... 1.5us and the cache clear would cause noticeable perf drop probably, more so the cache clear. Because whatever else was using that can't come back around and be like oh... my shit is still here lets get it.

    Leave a comment:


  • cb88
    replied
    Originally posted by Vermilion View Post
    Sounds like something that would cause a noticeable performance drop.
    It says in the commit it takes about 2500 clocks or roughly 1-1.5 microseconds, so probably inconsequential to you if you need secure workloads.

    Leave a comment:


  • varikonniemi
    replied
    Originally posted by illwieckz View Post

    Michael There is something that affects all GPUs from any brand: when you allocate a framebuffer, it contains existing data, so for example it can contain the content of your terminal window displayed on the same desktop. Then you can capture the framebuffer content and you can run an OCR on it to extract text or do other things. It's not that different to do a malloc on CPU memory and then read the content of the allocated memory. The last time I spoke about it with some graphics driver developers I was told that preventing this would kill performance, and this would be true for any hardware. Also I actually wonder if some AI can be used to help recognizing interesting patterns in said allocated memory.

    So I guess it's more about “some AMD Linux customer particularly concerned about security on said GPUs”, I would request that if I was an army (in the same way I would request that every memory allocation on CPU memory should zero the memory before returning the pointer).
    Why would it be expensive to zero the framebuffer when allocated? It's not like you allocate new buffers in a hot path?

    Leave a comment:


  • Michael
    replied
    Originally posted by illwieckz View Post

    Michael There is something that affects all GPUs from any brand: when you allocate a framebuffer, it contains existing data, so for example it can contain the content of your terminal window displayed on the same desktop. Then you can capture the framebuffer content and you can run an OCR on it to extract text or do other things. It's not that different to do a malloc on CPU memory and then read the content of the allocated memory. The last time I spoke about it with some graphics driver developers I was told that preventing this would kill performance, and this would be true for any hardware. Also I actually wonder if some AI can be used to help recognizing interesting patterns in said allocated memory.

    So I guess it's more about “some AMD Linux customer particularly concerned about security on said GPUs”, I would request that if I was an army (in the same way I would request that every memory allocation on CPU memory should zero the memory before returning the pointer).
    Right, I am just questioning though why only GFX11.0.3 is seeing the special treatment.

    Leave a comment:


  • illwieckz
    replied
    The motivation isn't clear if there is some GFX11.0.3 security vulnerability, some AMD Linux customer particularly concerned about security on said GPUs, or some other motivation for focusing this latest cleaner shader work on GFX11.0.3 hardware.
    Michael There is something that affects all GPUs from any brand: when you allocate a framebuffer, it contains existing data, so for example it can contain the content of your terminal window displayed on the same desktop. Then you can capture the framebuffer content and you can run an OCR on it to extract text or do other things. It's not that different to do a malloc on CPU memory and then read the content of the allocated memory. The last time I spoke about it with some graphics driver developers I was told that preventing this would kill performance, and this would be true for any hardware. Also I actually wonder if some AI can be used to help recognizing interesting patterns in said allocated memory.

    So I guess it's more about “some AMD Linux customer particularly concerned about security on said GPUs”, I would request that if I was an army (in the same way I would request that every memory allocation on CPU memory should zero the memory before returning the pointer).

    Leave a comment:

Working...
X