Benchmarking The Linux Mitigated Performance For Retbleed: It's Painful

Written by Michael Larabel in Software on 13 July 2022. Page 6 of 7. 74 Comments

On the desktop side some can argue that Retbleed mitigations may be not too important or relevant for most use-cases and try to justify "retbleed=off", but over on the server-side where security tends to be more important within organizations, you are less likely to be toying with disabling CPU security mitigations in such a production environment. Unfortunately, the Retbleed mitigation impact out-of-the-box is very noticeable for common workloads here too. This round of server benchmarks looking at the Retbleed costs were carried out on a Zen 2 based AMD EPYC 7742 2P with the default now-mitigated Linux 5.19 Git kernel compared to booting with "retbleed=off".

In the usual I/O workloads there was a noticeable performance cost to the default mitigations on this AMD Zen 2 server.

With more real-world workloads like code compilation performance for dedicated build boxes or OpenJDK Java servers, unfortunately, Retbleed does carry a noticeable impact. Especially for the code compilation performance where with some of the prior CPU security mitigations there didn't tend to be a measurable difference, with the Retbleed default mitigations there was now a clear difference on this AMD EPYC 7742 server.

Related Articles