The Current Intel Coffee Lake Mitigation Performance Impact With Linux 5.9

Written by Michael Larabel in Software on 9 October 2020. Page 1 of 4. 12 Comments

Of the many new features in Linux 5.9 with its debut set for this weekend, one of the performance-related changes is Intel FSGSBASE support finally being mainlined. A half-decade after the Linux patches first appeared for this feature present in Intel CPUs going back to Ivy Bridge, the mainline kernel is now patched for this feature that can help out I/O and other context switching heavy workloads. Given many of the same workloads were negatively impacted by the CPU security mitigations of recent years, here is a look at the current mitigated vs. unmitigated performance difference on the Linux 5.9 kernel with an Intel Core i9 9900K CPU for reference on how the mitigation impact is on recent versions of the Linux kernel.

After the FSGSBASE patches were mainlined in August I ran some tests on the Core i9 9900K with its default mitigations and then booting the same kernel with "mitigations=off" for run-time disabling of the necessary speculative execution protections relevant for the CPU under test. I hadn't gotten around to publishing that data then but here are those benchmarks in preparing for the Linux 5.9 kernel release this weekend. While motivated by the FSGSBASE landing, these results provide a fresh look overall at the current mitigation costs with the Core i9 9900K for reference purposes.

The i9-9900K was a stepping prior to more hardware mitigations being added so the results are relevant for those running the older and still common Intel CPUs prior to the newer Coffee Lake, Comet Lake, Cascade Lake, Ice Lake, and Tiger Lake processors having more hardware-based mitigations. The Linux kernel mitigations still relevant for this system were clear buffers for MDS, SSBD for Spectre V4, mitigation of usercopy/SWAPGS barriers and __user pointer sanitization for Spectre V1, IBPB Retpolines for Spectre V2, IBRS firmware STIBP with conditional RSB filling, microcode mitigation for SRBDS, and clear buffers for TAA. The i9-9900K CPU under test was not vulnerable to L1TF and Meltdown.

So here are those results with the Core i9 9900K on Linux 5.9 with the default kernel and then the same kernel booted with "mitigations=off". All benchmarks via the open-source Phoronix Test Suite benchmarking software.

Related Articles