News: 0001502830

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

AMD "Cleaner Shader" Coming For GFX11.0.3 GPUs To Help Ensure User/App Isolation

([Radeon] 5 Hours Ago AMD Cleaner Shader)


A new patch posted today for the AMDGPU Linux kernel graphics driver is introducing a "cleaner shader" explicitly for GFX11.0.3 GPUs like the Radeon 780M integrated graphics to help ensure that there is sufficient data isolation between different workloads running on the GPUs. The motivation isn't clear if there is some GFX11.0.3 security vulnerability, some AMD Linux customer particularly concerned about security on said GPUs, or some other motivation for focusing this latest cleaner shader work on GFX11.0.3 hardware.

AMD driver engineer Srinivasan Shanmugam posted the patch on Wednesday for adding this cleaner shader microcode for execution on GFX11.0.3 RDNA3 graphics processors.

Shanmugam sums up in [1]the patch :

"This commit adds the cleaner shader microcode for GFX11.0.3 GPUs. The cleaner shader is a piece of GPU code that is used to clear or initialize certain GPU resources, such as Local Data Share (LDS), Vector General Purpose Registers (VGPRs), and Scalar General Purpose Registers (SGPRs).

Clearing these resources is important for ensuring data isolation between different workloads running on the GPU. Without the cleaner shader, residual data from a previous workload could potentially be accessed by a subsequent workload, leading to data leaks and incorrect computation results.

The cleaner shader microcode is represented as an array of 32-bit words (`gfx_11_0_3_cleaner_shader_hex`). This array is the binary representation of the cleaner shader code, which is written in a low-level GPU instruction set.

When the cleaner shader feature is enabled, the AMDGPU driver loads this array into a specific location in the GPU memory. The GPU then reads this memory location to fetch and execute the cleaner shader instructions.

The cleaner shader is executed automatically by the GPU at the end of each workload, before the next workload starts. This ensures that all GPU resources are in a clean state before the start of each workload.

This addition is part of the cleaner shader feature implementation. The cleaner shader feature helps resource utilization by cleaning up GPU resources after they are used. It also enhances security and reliability by preventing data leaks between workloads."

There has been other GPU workload isolation work previously from AMD and other efforts to ensure vRAM is cleared/zeroed-out and similar. I believe this is the first time though seeing a "cleaner shader" being proposed for a specific GPU/graphics IP variant. The code patch also confirms the default behavior of just checking for GFX 11.0.3 IP block version and then otherwise not enabling the cleaner shader. It would be interesting to know the motivation for this GFX11.0.3 focus if there is something hardware/security-wise at play, a particular customer request, or other factors.

In any event this AMD cleaner shader for GFX11.0.3 hardware is now under review for Linux.



[1] https://lists.freedesktop.org/archives/amd-gfx/2024-October/116365.html



Espionage724

I stopped a long time ago to try to find anything in the bug list of dpkg.
We should run for an entry in the Guinness Book of Records.
-- Stephane Bortzmeyer