Announcement

Collapse
No announcement yet.

The Spectre Mitigation Performance Impact On AMD Ryzen 5000 "Zen 3" Processors

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Spectre Mitigation Performance Impact On AMD Ryzen 5000 "Zen 3" Processors

    Phoronix: The Spectre Mitigation Performance Impact On AMD Ryzen 5000 "Zen 3" Processors

    For those wondering what the current cost is to the default Spectre mitigation protections on the new AMD Ryzen 5000 series "Zen 3" processors, here are a set of performance tests looking at that overhead with the still relevant mitigations applied by default and then if forcing them off. The Zen 3 mitigation overhead was compared then to similar AMD Zen 2 and Zen+ processors.

    http://www.phoronix.com/vr.php?view=29755

  • #2
    I'd be curious to see what is the impact of Kernel Page Tables Isolation on Zen processors. Zen3 is the first that supports INVPCID which should bring the impact down. Sure, Zen doesn't suffer from Meltdown an therefore doesn't require KPTI but (1) KPTI might be a good safeguard against future vulnerabilities of the kind and (2) INVPCID can be used by hypervisors to improve performance so it might be good proxy for how much that would improve.

    Comment


    • #3
      Disappointing that these new processors still need software mitigations!

      Comment


      • #4
        Originally posted by Danny3 View Post
        Disappointing that these new processors still need software mitigations!
        The situation is markedly better on the AMD side, as it has been since these hardware vulnerabilities were first discovered. The two machines I have handy at the moment are a Zen2 Ryzen 5 3600 and a Coffee Lake Xeon E-2278G. The vulnerabilities listed in 'lscpu' output are below, for comparison:

        Ryzen 5 3600:
        Vulnerability Itlb multihit: Not affected
        Vulnerability L1tf: Not affected
        Vulnerability Mds: Not affected
        Vulnerability Meltdown: Not affected

        Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
        Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
        Vulnerability Spectre v2: Mitigation; Full AMD retpoline, IBPB conditional, STIBP conditional, RSB filling
        Vulnerability Srbds: Not affected
        Vulnerability Tsx async abort: Not affected


        Xeon E-2278G:
        Vulnerability Itlb multihit: KVM: Mitigation: VMX disabled
        Vulnerability L1tf: Not affected
        Vulnerability Mds: Not affected
        Vulnerability Meltdown: Not affected

        Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
        Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
        Vulnerability Spectre v2: Mitigation; Enhanced IBRS, IBPB conditional, RSB filling
        Vulnerability Srbds: Mitigation; TSX disabled
        Vulnerability Tsx async abort: Mitigation; TSX disabled


        Comment


        • #5
          Originally posted by Danny3 View Post
          Disappointing that these new processors still need software mitigations!
          Designs take years to get out from the first concept to in the consumer hands. What you are seeing now is what the designers knew 5 or so years ago.

          Comment


          • #6
            Originally posted by vsteel View Post

            Designs take years to get out from the first concept to in the consumer hands. What you are seeing now is what the designers knew 5 or so years ago.
            More like 2-3years, but yeah you're totally right it takes time.

            Comment


            • #7
              does not make much a difference, in desktop is almost useless

              Comment


              • #8

                Originally posted by kobblestown View Post
                I'd be curious to see what is the impact of Kernel Page Tables Isolation on Zen processors
                Actually it is better to be off without need for these obscure and intrusive bloated MM and core context switches changes.
                You don't install a pacemaker when your heart is in good health, and that's it.

                Comment


                • #9
                  Originally posted by Alex/AT View Post

                  Actually it is better to be off without need for these obscure and intrusive bloated MM and core context switches changes.
                  You don't install a pacemaker when your heart is in good health, and that's it.
                  Yeah, but it's also better to be safe than sorry :P

                  The unified address space was considered safe--the healthy heart in your analogy--until it no longer was. It turns out the heart was sick for at least a decade.

                  If the performance impact is small, I'd rather keep KPTI as e precaution even on Ryzen. INVPCID would help in this respect so it's interesting to see by how much. Furthermore, it should also help with virtual machines if the hypervisor can make use of it. I don't understand why you don't want to have the data that would help us make informed decisions. But I surely do.

                  Comment

                  Working...
                  X