Intel Raptor Lake Mitigation Impact Performance Comparison

A recurring question that has come up by readers since the recent launch of the Intel 13th Gen Core "Raptor Lake" processors has been whether it's still worthwhile running with the "mitigations=off" Linux kernel option to disable software-controlled CPU security mitigations to increase performance. For production systems that is never recommended due to the security risk, but for those wondering, here is a brief look at the mitigation situation on Raptor Lake with the flagship Core i9 13900K.

Raptor Lake has hardware mitigations in place (or otherwise immune) to most of the CPU security disclosures made in recent years. But when it comes to the software-involved mitigations still relevant for these latest Intel desktop CPUs, there is Speculative Store Bypass Disable (SSBD) via the prctl() interface for Spectre V4 (Speculative Store Bypass), usercopy/swapgs barriers and user pointer sanitization for Spectre V1, and for Spectre V2 there is enhanced IBRS (Indirect Branch Restricted Speculation) / conditional return stack buffer (RSB) filling for Indirect Branch Predictor Barrier (IBPB) / software sequence mitigation for the recently disclosed EIBRS Post-barrier Return Stack Buffer (PBRSB). Those are the mitigations still active for Raptor Lake CPUs on the Linux kernels and at least not nearly as complex of a mitigation landscape as it was years ago.

For those curious about the software-controlled impact from the mitigations, I did a benchmark run on Linux 6.1 Git in an out-of-the-box manner (with the default mitigations noted above) and then repeated the tests with the "mitigations=off" parameter set for the kernel options. The same Intel Core i9 13900K system was used for all of this fresh Intel Linux desktop benchmarking.