A Quick Look At The Spectre Mitigation State For AMD Zen 3 On Windows 10
Earlier this week I looked at the Spectre mitigation performance impact on AMD Zen+ / Zen 2 / Zen 3 processors given the recent launch of the Ryzen 5000 series and those newest CPUs still requiring some mitigation handling. Questions were raised about the Spectre mitigation handling on Windows, so I ran some quick tests there as I happened to have a Windows 10 install on the Ryzen 9 5900X test box at the moment for some unrelated Windows vs. Linux gaming.
The prior article looking at the Spectre mitigation performance impact on Linux found the Zen 3 impact to actually be greater than Zen 2. As explained in more detail in that prior article, Zen 3 now relies on "always-on" STIBP (Single Threaded Indirect Branch Predictors) as part of the Spectre V2 handling. Always-on STIBP carries more overhead than the conditional STIBP previously used. Since that former article I was able to confirm with AMD that always-on STIBP is indeed the intended mode of operation for Zen 3 and will remain that way. But in any case, it's not that bad since all of the AMD Zen 3 benchmarks across the various websites you've likely been looking at since launch have been with the default mitigations in place. This is just about the performance if opting to disable the default mitigations. So if disabling all the mitigation handling you may be able to squeeze out slightly better performance than the default/out-of-the-box, but at least it's not a situation where the increased mitigations / performance overhead is coming after the fact as an unexpected and costly surprise to users.
As I've been working on some Windows 10 + WSL vs. Linux benchmarks on the Ryzen 9 5900X, I ran some quick Spectre-focused tests there.
While on Linux disabling all the CPU security mitigations can be as easy as booting the kernel with the "mitigations=off" option, on Windows it's less so. InSpectre is the most straight-forward way of disabling Meltdown/Spectre mitigations under Windows. When disabling the Spectre mitigation on AMD hardware it will report it as such, but there is an important distinction... It doesn't disable the AMD STIBP handling, so that is actually still active.
The MDS tool confirmed that even when disabling the Spectre mitigations for AMD Zen 3, STIBP is left in an enabled state. IBRS (Indirect Branch Restricted Speculation) was also left enabled but from our testing the always-on STIBP is the source of the main performance overhead on Zen 3.
So when quickly firing up some benchmarks on the Ryzen 9 5900X of the out-of-the-box versus InSpectre Spectre disabled state for AMD Zen 3 where IBRS/STIBP is left enabled:
The performance is basically unchanged to little surprise since Zen 3 STIBP is left enabled (all the benchmark details in full via this OpenBenchmarking.org result file). Disabling AMD STIBP under Windows still appears to rely on it being exposed as an option by the motherboard/system vendor, to which most don't expose STIBP is a toggleable option. So long story short, InSpectre doesn't end up being worthwhile on the new AMD Zen 3 CPUs with the tests I've conducted since STIBP doesn't end up getting forced off. But as this has been the default behavior from the get-go for these fantastic new Ryzen 5000 series processors, the benchmark numbers you have been seeing since launch are the default mitigated numbers while delivering the incredible generational uplift from Zen 2 -- this is just about trying to squeezing some extra frosting on the cake.
The prior article looking at the Spectre mitigation performance impact on Linux found the Zen 3 impact to actually be greater than Zen 2. As explained in more detail in that prior article, Zen 3 now relies on "always-on" STIBP (Single Threaded Indirect Branch Predictors) as part of the Spectre V2 handling. Always-on STIBP carries more overhead than the conditional STIBP previously used. Since that former article I was able to confirm with AMD that always-on STIBP is indeed the intended mode of operation for Zen 3 and will remain that way. But in any case, it's not that bad since all of the AMD Zen 3 benchmarks across the various websites you've likely been looking at since launch have been with the default mitigations in place. This is just about the performance if opting to disable the default mitigations. So if disabling all the mitigation handling you may be able to squeeze out slightly better performance than the default/out-of-the-box, but at least it's not a situation where the increased mitigations / performance overhead is coming after the fact as an unexpected and costly surprise to users.
As I've been working on some Windows 10 + WSL vs. Linux benchmarks on the Ryzen 9 5900X, I ran some quick Spectre-focused tests there.
While on Linux disabling all the CPU security mitigations can be as easy as booting the kernel with the "mitigations=off" option, on Windows it's less so. InSpectre is the most straight-forward way of disabling Meltdown/Spectre mitigations under Windows. When disabling the Spectre mitigation on AMD hardware it will report it as such, but there is an important distinction... It doesn't disable the AMD STIBP handling, so that is actually still active.
The MDS tool confirmed that even when disabling the Spectre mitigations for AMD Zen 3, STIBP is left in an enabled state. IBRS (Indirect Branch Restricted Speculation) was also left enabled but from our testing the always-on STIBP is the source of the main performance overhead on Zen 3.
So when quickly firing up some benchmarks on the Ryzen 9 5900X of the out-of-the-box versus InSpectre Spectre disabled state for AMD Zen 3 where IBRS/STIBP is left enabled:
The performance is basically unchanged to little surprise since Zen 3 STIBP is left enabled (all the benchmark details in full via this OpenBenchmarking.org result file). Disabling AMD STIBP under Windows still appears to rely on it being exposed as an option by the motherboard/system vendor, to which most don't expose STIBP is a toggleable option. So long story short, InSpectre doesn't end up being worthwhile on the new AMD Zen 3 CPUs with the tests I've conducted since STIBP doesn't end up getting forced off. But as this has been the default behavior from the get-go for these fantastic new Ryzen 5000 series processors, the benchmark numbers you have been seeing since launch are the default mitigated numbers while delivering the incredible generational uplift from Zen 2 -- this is just about trying to squeezing some extra frosting on the cake.
4 Comments