Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Untrusted GPGPU code (OpenCL etc) - is it safe? What risks?

There are many approaches when it goes about running untrusted code on typical CPU : sandboxes, fake-roots, virtualization...

What about untrusted code for GPGPU (OpenCL,cuda or already compiled one) ?

Assuming that memory on graphics card is cleared before running such third-party untrusted code,

  • are there any security risks?
  • What kind of risks?
  • Any way to prevent them ?
    • Is sandboxing possible / available on gpgpu ?
    • maybe binary instrumentation?
    • other techniques?

P.S. I am more interested in gpu binary code level security rather than hight-level gpgpu programming language security (But those solutions are welcome as well). What I mean is that references to gpu opcodes (a.k.a machine code) are welcome.

like image 249
Grzegorz Wierzowiecki Avatar asked Jan 08 '11 19:01

Grzegorz Wierzowiecki


People also ask

What is OpenCL used for?

OpenCL is an open-source programming language for cross-platform parallel programming in modern heterogeneous platforms. It can be used develop applications that are portable across devices with varied architectures such as CPU, GPU, field-programmable gate array (FPGA), etc.

What is Cuda and OpenCL?

CUDA is a proprietary API and set of language extensions that works only on NVIDIA's GPUs. OpenCL, by the Khronos Group, is an open standard for parallel programming using Central Processing Units (CPUs), GPUs, Digital Signal Processors (DSPs), and other types of processors.

Does OpenCL run on GPU?

OpenCL™ (Open Computing Language) is a low-level API for heterogeneous computing that runs on CUDA-powered GPUs. Using the OpenCL API, developers can launch compute kernels written using a limited subset of the C programming language on a GPU.

Does OpenCL use CPU?

 OpenCL can use CPUs as a compute device just it can for GPUs.  There is no local memory, CPUs cache is utilized in OpenCL just like any normal CPU program.


2 Answers

The risks are the same as with any C program. Plus you can make your whole Desktop freeze. I managed to do that once, by executing a very long calculation. The effect was that the screen did not update anymore so for instance the time on the clock widget did not change for that period. So you should use two graphics cards - one for the GPU stuff.

like image 167
Navi Avatar answered Sep 27 '22 17:09

Navi


GPU code can definitely be risky. Current GPUs do not provide memory protection, so essentially, every GPU kernel can access all video memory. I'm not sure if it is possible to access the host's memory as well (via memory mapping maybe?). It's not possible to preempt kernels, they can "hog" the GPU and this causes freezes if it is used for graphics output, too. (Usually the driver will terminate kernels that don't exit after a few seconds)

Supposedly, AMD's new GPU series do have some memory protection features, but I doubt they are used at the moment. It's possible to split up the GPU multiprocessors into multiple segments with current gen hardware (GeForce 4xx+, Radeon 6xxx+), but that's not really the same as real time-sliced, preempted multitasking. ;)

like image 35
dietr Avatar answered Sep 27 '22 16:09

dietr