Native BHI Mitigation Performance Benchmarks On Core i9 14900K Under Linux 6.9
With the new security mitigation for the "Native BHI" Spectre vulnerability affecting even the recent Intel processors, a number of Phoronix readers have been curious about the performance impact of the mitigation. Over the past week I've been running some benchmarks on recent Intel CPUs to better look into any performance implications.
With the Native BHI mitigation for Linux, the branch history needs to be cleared at system call entry and VM exit. Recent Intel CPUs have a microcode feature "BHI_DIS_S" to help with the mitigation while older Intel CPUs rely on a set of software sequences. On patched Linux kernels, the new mitigation can be disabled via the "spectre_bhi=off" boot option.
The good news is that for at least the newer Intel CPUs with the microcode help, the BHI_DIS_S mitigation causes rather low overhead at least for real-world workloads. I haven't tested yet on any much older Intel processors for seeing the performance impact there.
I used an Intel Core i9 14900K for running some Linux benchmarks of the impact of the stock kernel with the new default BHI_DIS_S mitigation for Spectre-BHI (Native BHI) and then repeating the tests in the spectre_bhi=off mode.
The good news is for most of the real-world workloads tested, there wasn't any measurable performance difference from having BHI_DIS_S engaged.
Only in a few of the web browser benchmarks was there any observed real-world performance difference to this new mitigation.
In some of the Stress-NG kernel micro-benchmarks there was some overhead to this new mitigation observed, but not entirely a surprise and not a real-world user workload.
That's about it. In the rest of the workloads having this Native Spectre BHI mitigation enabled didn't show any real difference, which is good to see compared to some of the CPU security mitigation overhead in the past.
With the Native BHI mitigation for Linux, the branch history needs to be cleared at system call entry and VM exit. Recent Intel CPUs have a microcode feature "BHI_DIS_S" to help with the mitigation while older Intel CPUs rely on a set of software sequences. On patched Linux kernels, the new mitigation can be disabled via the "spectre_bhi=off" boot option.
The good news is that for at least the newer Intel CPUs with the microcode help, the BHI_DIS_S mitigation causes rather low overhead at least for real-world workloads. I haven't tested yet on any much older Intel processors for seeing the performance impact there.
I used an Intel Core i9 14900K for running some Linux benchmarks of the impact of the stock kernel with the new default BHI_DIS_S mitigation for Spectre-BHI (Native BHI) and then repeating the tests in the spectre_bhi=off mode.
The good news is for most of the real-world workloads tested, there wasn't any measurable performance difference from having BHI_DIS_S engaged.
Only in a few of the web browser benchmarks was there any observed real-world performance difference to this new mitigation.
In some of the Stress-NG kernel micro-benchmarks there was some overhead to this new mitigation observed, but not entirely a surprise and not a real-world user workload.
That's about it. In the rest of the workloads having this Native Spectre BHI mitigation enabled didn't show any real difference, which is good to see compared to some of the CPU security mitigation overhead in the past.
2 Comments