AMD Zen 1 Linux Performance Hit From Retbleed, Accumulated CPU Mitigation Impact

Written by Michael Larabel in Software on 20 July 2022. Page 1 of 6. 39 Comments

Last week I posted my initial benchmarks for the Linux impact of mitigating Retbleed as the newest CPU speculative execution vulnerability. As noted in the prior Retbleed articles, on the AMD side it's Zen 1/1+/2 processors affected as well as older Bulldozer CPUs. That earlier article included Zen 2 benchmarks while in this article are Zen 1 tests given its situation is slightly different.

With Zen 1 and CPUs lacking STIBP (Single Threaded Indirect Branch Predictors) for the Retbleed mitigations it's enabling the untrained return thunks mitigation approach but technically SMT also needs to be disabled for complete mitigation. Of course, disabling SMT means losing out on half the threads for these original Ryzen and EPYC processors. By default Linux isn't disabling SMT but can be done using the "retbleed=auto,nosmt" kernel option (or "mitigations=auto,nosmt" more broadly).

For seeing the mitigation impact on Zen 1, I dusted off an AMD Ryzen 7 1700 and tested it in the following configurations atop Linux 5.19 Git:

Current Linux Default - The out-of-the-box mitigated state on Linux 5.19 as it currently stands. This currently means in terms of CPU mitigations including retbleed: Mitigation of untrained return thunk; SMT vulnerable + spec_store_bypass: Mitigation of SSB disabled via prctl + spectre_v1: Mitigation of usercopy/swapgs barriers and __user pointer sanitization + spectre_v2: Mitigation of Retpolines IBPB: conditional STIBP: disabled RSB filling. AMD Zen 1 is not affected by itlb_multihit, L1TF, MDS, Meltdown, MMIO Stale Data, SRBDS, or TSX Async Abort (TAA).

mitigations=off - Booting Linux 5.19 Git with the "mitigations=off" flag that disables all relevant run-time selectable CPU security mitigation options for AMD Zen 1.

retbleed=off - Disabling the newly-introduced Retbleed mitigations (untrained return thunks for Zen 1) but leaving the other CPU mitigations in place for other affected vulnerabilities.

mitigations=auto,nosmt - The "full" mitigation of also disabling SMT support so limited to just the eight physical cores with one thread per core.

From there dozens of benchmarks were run for seeing the impact of these different options on the AMD Ryzen 7 1700.


Related Articles