Native BHI Mitigation Performance Benchmarks On Core i9 14900K Under Linux 6.9

Written by Michael Larabel in Intel on 16 April 2024 at 06:27 AM EDT. 2 Comments
INTEL
With the new security mitigation for the "Native BHI" Spectre vulnerability affecting even the recent Intel processors, a number of Phoronix readers have been curious about the performance impact of the mitigation. Over the past week I've been running some benchmarks on recent Intel CPUs to better look into any performance implications.

With the Native BHI mitigation for Linux, the branch history needs to be cleared at system call entry and VM exit. Recent Intel CPUs have a microcode feature "BHI_DIS_S" to help with the mitigation while older Intel CPUs rely on a set of software sequences. On patched Linux kernels, the new mitigation can be disabled via the "spectre_bhi=off" boot option.

Native BHI mitigation enabled


The good news is that for at least the newer Intel CPUs with the microcode help, the BHI_DIS_S mitigation causes rather low overhead at least for real-world workloads. I haven't tested yet on any much older Intel processors for seeing the performance impact there.
Spectre BHI Native BHI Core i9 14900K

I used an Intel Core i9 14900K for running some Linux benchmarks of the impact of the stock kernel with the new default BHI_DIS_S mitigation for Spectre-BHI (Native BHI) and then repeating the tests in the spectre_bhi=off mode.
Timed Linux Kernel Compilation benchmark with settings of Build: defconfig. spectre_bhi=off was the fastest.

Timed LLVM Compilation benchmark with settings of Build System: Ninja. spectre_bhi=off was the fastest.

The good news is for most of the real-world workloads tested, there wasn't any measurable performance difference from having BHI_DIS_S engaged.
Selenium benchmark with settings of Benchmark: Kraken, Browser: Firefox. spectre_bhi=off was the fastest.

Selenium benchmark with settings of Benchmark: Octane, Browser: Firefox. spectre_bhi=off was the fastest.

Only in a few of the web browser benchmarks was there any observed real-world performance difference to this new mitigation.
Stress-NG benchmark with settings of Test: MMAP. spectre_bhi=off was the fastest.

Stress-NG benchmark with settings of Test: NUMA. spectre_bhi=off was the fastest.

Stress-NG benchmark with settings of Test: Pipe. spectre_bhi=off was the fastest.

Stress-NG benchmark with settings of Test: Malloc. spectre_bhi=off was the fastest.

Stress-NG benchmark with settings of Test: Forking. spectre_bhi=off was the fastest.

Stress-NG benchmark with settings of Test: AVL Tree. spectre_bhi=off was the fastest.

In some of the Stress-NG kernel micro-benchmarks there was some overhead to this new mitigation observed, but not entirely a surprise and not a real-world user workload.

Native BHI mitigation disabled via spectre_bhi=off option


That's about it. In the rest of the workloads having this Native Spectre BHI mitigation enabled didn't show any real difference, which is good to see compared to some of the CPU security mitigation overhead in the past.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week