AMD EPYC 7003 "Milan" Linux Benchmarks - Superb Performance
As should be of little surprise in the server space for 2021 and especially with EPYC 7003 series being drop-in compatible with EPYC 7002 Rome platforms with an updated BIOS, the Linux support is in good shape for these new processors. All of the core functionality and such is good to roll. On more recent stable versions of the Linux kernel are some extras like the k10temp temperature monitoring as well as AMD_Energy driver support, RAPL, and other bits. But even if running an older kernel, EPYC 7003 should be good to go and running well on the latest Linux distributions as well as the enterprise Linux platforms.
In fact, all of the pre-launch testing of the EPYC 7003 series processors was done on Daytona -- the same reference platform around since Rome. With the updated BIOS and BMC software, Daytona was ready for the new Milan processors without imposing any new support constraints. All of the benchmarks of Milan today are from the Daytona reference platform while beginning soon will also have out benchmarks from retail boards.
My testing so far with AMD EPYC Milan has been under Ubuntu 20.04.2 LTS and Ubuntu 20.10 without any problems -- both with the stock kernel as well as jumping ahead to Linux 5.11 stable and Linux 5.12 Git for additional tests in order to enjoy the newest features.
On the instruction front, the key EPYC 7003 additions include:
AVX2 VAES / VPCLMULQDQ - Zen 3 supports additional AVX2 instructions for faster encryption/decryption performance.
SEV-ES Enhancements - AMD continues to beef up their Secure Encrypted Virtualization (SEV) encrypted state code. With Zen 3 there are new debug registers and interrupt injection restrictions. AMD has been upstreaming SEV code since Naples and continues building upon that within the mainline Linux kernel.
Secure Nested Paging - The big SEV addition with Zen 3 is Secure Nested Paging (SEV-SNP). Secure Nested Paging adds new integrity features to SEV/SEV-ES to help protect against malicious hypervisors. AMD has begun the trek of upstreaming bits related to SEV-SNP and will be pushing more forward soon. They also offer SEV-SNP kernel patches in early form via GitHub.
CET Shadow Stack - EPYC 7003 also supports the Control Flow Enforcement (CET) shadow stack for helping to protect against ROP attacks. Intel open-source engineers for a while have been working on the infrastructure to handle CET shadow stack with the Linux kernel and that work will likely be upstreamed in a coming kernel version post-5.12.
INVLPGB - Zen 3 adds the INVLPGB instruction to use in place of interrupts to broadcast page invalidates. INVLPGB is wired up as part of the Znver3 enabled instructions in the GCC and LLVM Clang compiler support. The only Linux kernel code around INVLPGB at the moment is in the KVM code for the INVLPGB intercept bits while likely moving ahead we'll see the kernel and virtualization hypervisors beginning to make use of it when available.
PCID - Zen 3 processors support Process Context Identifiers (PCID). The Linux kernel is good to go on that front in making use of PCID where available.
Memory Protection Keys for Users - EPYC 7003 also supports MPK for users. Last year AMD sent in their MPK kernel patches for EPYC.
So long story short, AMD EPYC 7003 series is ready to roll on Linux today as far as all core functionality goes. There still are some bits pending for mainline like SEV-SNP but there are the patches available from GitHub for those wanting to patch their own systems in the time being and will likely see some ISVs doing so.