cuda.core: drop unpickle UserWarning; document trust boundary only

NVBUG V13.1 mitigation is documentation, not a per-unpickle warning.
Legitimate multiprocessing IPC buffer sharing would spam UserWarning on
every round-trip.

Author: Andy-Jost

cuda_core/cuda/core/_memory/_buffer.pyx

@@ -26,7 +26,6 @@ from cuda.core.typing import DevicePointerType
 
 from cuda.core._stream cimport Stream, Stream_accept, default_stream
 from cuda.core._utils.cuda_utils cimport HANDLE_RETURN, _parse_fill_value
-from cuda.core._utils.cuda_utils import warn_ipc_buffer_unpickle
 
 import sys
 from typing import TYPE_CHECKING
@@ -143,10 +142,12 @@ cdef class Buffer:
         # pickle path cannot thread an explicit stream through. Seed the
         # imported buffer's deallocation with the current context's default
         # stream; the receiver can override via buffer.close(stream).
-        warn_ipc_buffer_unpickle()
         return Buffer.from_ipc_descriptor(mr, ipc_descriptor, stream=default_stream())
 
     def __reduce__(self) -> tuple[object, ...]:
+        # Security note (CWE-502): unpickling a Buffer performs a live CUDA IPC
+        # import using descriptor bytes from the pickle stream. Only deserialize
+        # Buffers from a principal at least as trusted as this process.
         # Must not serialize the parent's stream!
         return Buffer._reduce_helper, (self.memory_resource, self.ipc_descriptor)
 

cuda_core/cuda/core/_utils/cuda_utils.pyi

@@ -60,7 +60,6 @@ _keep_nvrtc_in_stub: 'nvrtc.nvrtcResult'
 _keep_runtime_in_stub: 'runtime.cudaError_t'
 ComputeCapability = namedtuple('ComputeCapability', ('major', 'minor'))
 _fork_warning_checked = False
-_ipc_pickle_warning_checked = False
 
 def _check_driver_error(error: cydriver.CUresult) -> int:
     ...
@@ -141,11 +140,5 @@ def reset_fork_warning() -> None:
     to check the warning behavior.
     """
 
-def reset_ipc_pickle_warning() -> None:
-    """Reset the IPC buffer unpickle warning flag for testing purposes."""
-
-def warn_ipc_buffer_unpickle() -> None:
-    """Warn that unpickling a Buffer performs an IPC import from embedded data."""
-
 def check_multiprocessing_start_method() -> None:
     """Check if multiprocessing start method is 'fork' and warn if so."""

cuda_core/cuda/core/_utils/cuda_utils.pyx

@@ -348,9 +348,6 @@ class Transaction:
 # Track whether we've already warned about fork method
 _fork_warning_checked = False
 
-# Track whether we've already warned about unpickling IPC buffers
-_ipc_pickle_warning_checked = False
-
 
 def reset_fork_warning() -> None:
     """Reset the fork warning check flag for testing purposes.
@@ -362,28 +359,6 @@ def reset_fork_warning() -> None:
     _fork_warning_checked = False
 
 
-def reset_ipc_pickle_warning() -> None:
-    """Reset the IPC buffer unpickle warning flag for testing purposes."""
-    global _ipc_pickle_warning_checked
-    _ipc_pickle_warning_checked = False
-
-
-def warn_ipc_buffer_unpickle() -> None:
-    """Warn that unpickling a Buffer performs an IPC import from embedded data."""
-    global _ipc_pickle_warning_checked
-    if _ipc_pickle_warning_checked:
-        return
-    _ipc_pickle_warning_checked = True
-    message = (
-        "Unpickling a cuda.core.Buffer imports GPU memory via the embedded "
-        "IPCBufferDescriptor. Only unpickle Buffer objects received from a "
-        "trusted same-host peer process; malicious pickle payloads can supply "
-        "crafted descriptors. Prefer explicit Buffer.from_ipc_descriptor only "
-        "with descriptors from cooperating peers."
-    )
-    warnings.warn(message, UserWarning, stacklevel=4)
-
-
 cdef inline tuple _read_fill_ptr(const char* ptr, Py_ssize_t width):
     """Extract (value, element_size) from a raw pointer of known width."""
     cdef unsigned int val