They mention that there are mitigations in the kernel nowadays, so the mitigations they turned off here are now redundant. But I'm uncertain if that refers to the same cve that you mention.

> It's i915.mitigations

Since you're doing the research, you tell us. Is NEO_DISABLE_MITIGATIONS (the flag mentioned in TFA) related to i915.mitigations, and if so, how?

TFA mentions that Intel ships prebuilt driver packages with this NEO_... flag set, and that Canonical and Intel programmers talked at some length about the flag.

Based on the comments and the article, it seems like Intel is relying on a patched kernel so that the mitigations at the GPU driver stack are no longer necessary. You get security warnings if you try to run the unpatched GPU stack without a patched kernel.

If my interpretation is correct, that means as long as you're using an up-to-date, patched kernel with standard mitigations enabled, the extra security layer Intel added is no longer necessary. It could expose another bug not yet covered by patches, though, as the heavy-handed patch probably also prevented more security issues.

> After discussion between Intel and Canonical’s security teams, we are in agreement that Spectre no longer needs to be mitigated for the GPU at the Compute Runtime level. At this point, Spectre has been mitigated in the kernel...

That's not debated and nobody mentioned that it's a 'surprise' there is a perf hit.

The topic is related to now being the time to disable it as there seems to be no need for it anymore due to a kernel patch, as well as Intel themselves publishing upstream without these.

> Intel themselves have enabled this flag in their builds available on their Github release page upstream."

> At this point, Spectre has been mitigated in the kernel, and a clear warning from the Compute Runtime build serves as a notification for those running modified kernels without those patches.