Following Retbleed, The Combined CPU Security Mitigation Impact For AMD Zen 2 / Ryzen 9 3950X
Following the July disclosure of the Retbleed CPU security vulnerability affecting older processors and an AMD change made in August, here is a fresh look at the performance impact of the Retbleed mitigations on Linux, including if opting for the IBPB-based Retbleed mitigation, and the accumulated CPU security mitigation impact for Zen 2 with the flagship Ryzen 9 3950X processor.
Being curious about the Retbleed performance impact for the Ryzen 9 3950X following my earlier Zen 1 testing as well as Intel Skylake testing, I ran some benchmarks looking at the AMD Ryzen 9 3950X in different mitigation states with the latest kernel code. As a reminder, Retbleed on the AMD side affects only Zen 2 CPUs and older -- not current generation Zen 3 or the upcoming Zen 4 processors.
The tested configurations from the Linux 6.0 Git kernel included:
mitigations=off - Run-time disabling the applicable CPU security mitigations found by default for the AMD Zen 2 processors.
Default - The out-of-the-box mitigated state for AMD Zen 2 on Linux 6.0 Git from during the merge window. This means "itlb_multihit: Not affected + l1tf: Not affected + mds: Not affected + meltdown: Not affected + mmio_stale_data: Not affected + retbleed: Mitigation of untrained return thunk; SMT enabled with STIBP protection + spec_store_bypass: Mitigation of SSB disabled via prctl + spectre_v1: Mitigation of usercopy/swapgs barriers and __user pointer sanitization + spectre_v2: Mitigation of Retpolines IBPB: conditional STIBP: always-on RSB filling PBRSB-eIBRS: Not affected + srbds: Not affected + tsx_async_abort: Not affected."
retbleed=ibpb - The default mitigations but opting for the Indirect Branch Prediction Barrier (IBPB) method for Retbleed mitigation. This is more secure but leading to a more significant performance penalty compared to the default means of untrained return thunks and STIBP protection.
retbleed=ibpb spectre_v2=on - The default mitigations but with IBPB for Retbleed and also switching the Spectre V2 mitigation to always on and protecting against user-space to user-space attacks.
retbleed=ibpb spectre_v2=on nosmt - The "safest" avenue by also disabling Symmetric Multi-Threading (SMT) support albeit meaning just 16 cores/threads and not 32 threads.
The main area of interest is the default state versus mitigations=off while the tightened modes are for additional perspective, particularly for the retbleed=ibpb option introduced this summer for Retbleed.
From there a variety of different relevant Linux workloads were tested for looking at the mitigation impact.