Following Retbleed, The Combined CPU Security Mitigation Impact For AMD Zen 2 / Ryzen 9 3950X

Written by Michael Larabel in Software on 6 September 2022. Page 1 of 5. 36 Comments

Following the July disclosure of the Retbleed CPU security vulnerability affecting older processors and an AMD change made in August, here is a fresh look at the performance impact of the Retbleed mitigations on Linux, including if opting for the IBPB-based Retbleed mitigation, and the accumulated CPU security mitigation impact for Zen 2 with the flagship Ryzen 9 3950X processor.

Being curious about the Retbleed performance impact for the Ryzen 9 3950X following my earlier Zen 1 testing as well as Intel Skylake testing, I ran some benchmarks looking at the AMD Ryzen 9 3950X in different mitigation states with the latest kernel code. As a reminder, Retbleed on the AMD side affects only Zen 2 CPUs and older -- not current generation Zen 3 or the upcoming Zen 4 processors.

The tested configurations from the Linux 6.0 Git kernel included:

mitigations=off - Run-time disabling the applicable CPU security mitigations found by default for the AMD Zen 2 processors.

Default - The out-of-the-box mitigated state for AMD Zen 2 on Linux 6.0 Git from during the merge window. This means "itlb_multihit: Not affected + l1tf: Not affected + mds: Not affected + meltdown: Not affected + mmio_stale_data: Not affected + retbleed: Mitigation of untrained return thunk; SMT enabled with STIBP protection + spec_store_bypass: Mitigation of SSB disabled via prctl + spectre_v1: Mitigation of usercopy/swapgs barriers and __user pointer sanitization + spectre_v2: Mitigation of Retpolines IBPB: conditional STIBP: always-on RSB filling PBRSB-eIBRS: Not affected + srbds: Not affected + tsx_async_abort: Not affected."

retbleed=ibpb - The default mitigations but opting for the Indirect Branch Prediction Barrier (IBPB) method for Retbleed mitigation. This is more secure but leading to a more significant performance penalty compared to the default means of untrained return thunks and STIBP protection.

retbleed=ibpb spectre_v2=on - The default mitigations but with IBPB for Retbleed and also switching the Spectre V2 mitigation to always on and protecting against user-space to user-space attacks.

retbleed=ibpb spectre_v2=on nosmt - The "safest" avenue by also disabling Symmetric Multi-Threading (SMT) support albeit meaning just 16 cores/threads and not 32 threads.

The main area of interest is the default state versus mitigations=off while the tightened modes are for additional perspective, particularly for the retbleed=ibpb option introduced this summer for Retbleed.

From there a variety of different relevant Linux workloads were tested for looking at the mitigation impact.


Related Articles