The Current Intel Coffee Lake Mitigation Performance Impact With Linux 5.9
On FSGSBASE-patched kernels we have seen some slight benefits in the area of I/O, but the mitigation overhead is much greater than the FSGSBASE benefits we previously reported on.
This is one of our first times looking at the WireGuard performance in the context of security mitigations. Indeed, the benchmark for this secure VPN tunnel that also stresses the network stack was taking about 10% longer to run with the default mitigations.
The AVIF encode benchmark is a newer addition to the test suite and when testing it with this mitigation comparison interestingly there is a small impact there.
Java workloads continue taking much longer.