The Combined Impact Of Mitigations On Cascade Lake Following Recent JCC Erratum + TAA
Following the initial tests earlier this month from the disclosures of the JCC Erratum (Jump Conditional Code) that required updated Intel CPU microcode to address and on the same day the TSX Async Abort (TAA) vulnerability that required kernel mitigations to address, which I have run benchmarks of those CPU performance impacts individually, readers have requested tests looking at the current overall impact to the mitigations to date.
In this article are benchmarks for Intel Cascade Lake using dual Xeon Platinum 8280 processors. Keep in mind Cascade Lake has hardware mitigations in place for L1TF, Meltdown, and some Spectre protections. The different configurations tested for this article included:
No Mitigations + Old ucode: Disabling the in-kernel mitigations using "mitigations=off" kernel parameter and reverting to the previous CPU microcode revision compared to what was released earlier this month due to the JCC Erratum.
No Mitigations: Disabling the in-kernel mitigations while using the latest CPU microcode (thus with the JCC Erratum fix applied and unable to disable that short of moving to an older microcode release).
Default Mitigations: The current out-of-the-box state with the default security mitigations applied and using the current microcode release.
Default Mitigations + TSX: The default mitigations but also having TSX support enabled, which in turn introduces the new TAA mitigation.
Default Mitigations + No HT + TSX: The two above configurations of sticking to the default mitigations but disabling Hyper Threading while also having TSX support enabled.
Tests were done on the same system. The various mitigation details at each step are documented in the system table. For those wondering about the overall mitigation impact for earlier Intel CPU microarchitectures (such as Skylake) before having some hardware mitigations in place, fresh tests there will be coming soon.
This testing was done on Ubuntu 19.10 with the Linux 5.4 kernel. Note: Ubuntu does not carry any patched assembler support for aiming to help offset the impact of the JCC Erratum microcode update, like we have covered with Clear Linux where they have been the first to carry the yet-to-be-merged patches, so the old vs. new microcode difference will ultimately improve in a future Ubuntu Linux release.