Spectre Mitigation Performance Impact Benchmarks On AMD Ryzen 3700X / 3900X Against Intel
AMD Zen 2 processors feature hardware-based mitigations for Spectre V2 and Spectre V4 SSBD while remaining immune to the likes of Meltdown and Zombieload. Here are some benchmarks looking at toggling the CPU speculative execution mitigations across various Intel and AMD processors.
For this round of testing are some mitigation comparison tests on the Core i7 8700K, Core i9 9900K, Core i9 7960X, Ryzen 7 2700X, Ryzen 9 2950X, Ryzen 9 2990WX, Ryzen 7 3700X, and Ryzen 9 3900X. On each processor, the tests were done when booting the Linux 5.2 kernel with the default/out-of-the-box mitigations for Spectre/Meltdown/Foreshadow/Zombieload (all CPU speculative execution mitigations to date) and then again when making use of the "mitigations=off" kernel parameter for disabling these run-time-toggleable mitigations. Basically the tests are the equivalent of mitigations=off vs. mitigations=auto (default) comparison.
All systems were tested with a Crucial MX500 SATA 3.0 SSD with Ubuntu 18.04 on the Linux 5.2 Git kenrel at the time and all systems had memory at their optimal rated frequencies and satisfying the maximum number of supported memory channels. These tests aren't being done for comparing the raw performance between the systems but looking at the relative mitigation costs in different workloads impacted by these different mitigations. See our benchmarks from last week (and more on the way) if interested in the raw Intel/AMD Linux CPU performance.
The Zen 2 results come in as a bit of a surprise. With Zen 2 featuring hardware-based Spectre and Speculative Store Bypass mitigations, one might reasonably think that the relative performance impact is less than with the original Zen/Zen+ processors, but at least in our tests under Linux that wasn't exactly the case. There is the possibility that the current software mitigations are being over-applied to Zen 2 CPUs, but that is the current experience. I reached out to AMD last week with my initial findings but I have yet to hear back what they recommend as far as the software mitigations go if the existing defaults are what they expect or if some kernel updates will be needed either for checking some MSRs or CPU models for relaxing some of the kernel mitigations when running on these new AMD zen 2 CPUs.
The default Intel mitigations namely come down to "l1tf: Mitigation of PTE Inversion + mds: Mitigation of Clear buffers; SMT vulnerable + meltdown: Mitigation of PTI + spec_store_bypass: Mitigation of SSB disabled via prctl and seccomp + spectre_v1: Mitigation of __user pointer sanitization + spectre_v2: Mitigation of Full generic retpoline IBPB: conditional IBRS_FW STIBP: conditional RSB filling." In the case of AMD Zen/Zen+ CPUs, the default software mitigations are "l1tf: Not affected + mds: Not affected + meltdown: Not affected + spec_store_bypass: Mitigation of SSB disabled via prctl and seccomp + spectre_v1: Mitigation of __user pointer sanitization + spectre_v2: Mitigation of Full AMD retpoline IBPB: conditional STIBP: disabled RSB filling." And then in the case of Zen 2 with Linux 5.2, "l1tf: Not affected + mds: Not affected + meltdown: Not affected + spec_store_bypass: Mitigation of SSB disabled via prctl and seccomp + spectre_v1: Mitigation of __user pointer sanitization + spectre_v2: Mitigation of Full AMD retpoline IBPB: conditional STIBP: always-on RSB filling."
Between Zen+ and Zen 2 on Linux right now, all of the software mitigations are indicative of still active and beyond that for RSB filling goes from disabled to always-on with Zen 2. That RSB filling is even more strict with "always-on" than Intel CPUs currently relying upon "conditional" filling. RSB (Return Stack Buffer) filling is part of the Retpoline mitigations for ensuring malicious user-space code isn't exectued speculatively when RSB under-fills happen.
Here's a look at how toggling the Intel/AMD CPU mitigations compare using the Linux 5.2 kernel on these different processors. Tests via the Phoronix Test Suite.