Benchmarks Of Intel's Latest Linux Microcode Update
With all of the confusion last week over Intel's short-lived CPU microcode license change that forbid benchmarking only for them to change it a short time later -- to a much nicer license in that the microcode files can be easily redistributed and don't curtail it in other manners (and also re-licensing their FSP too), here are some performance benchmarks when trying out this latest Intel microcode on Linux.
Intel issued the microcode update in the wake of the L1 Terminal Fault (L1TF) vulnerability more commonly being referred to as Foreshadow. On Intel Xeon Scalable hardware the microcode version is now 0x200004d versus 0x2000043 that shipped with Ubuntu 18.04 LTS. On a dual Xeon Gold 6138 server, I carried out some before/after benchmarks of the microcode upgrade. The system was running Ubuntu 18.04 LTS with the Linux 4.19 Git state as of 24 August that incorporates the latest L1TF/Foreshadow patches as well as other Spectre updates merged for the 4.19 kernel.
Tests were done on the bare metal system and again when running as a KVM-based virtual machine on the hardware that in turn was also running Ubuntu 18.04 with the Linux 4.19 Git kernel. That VM was able to access 80% of the system's CPU resources (64 threads). During all of this testing, the default Spectre/Meltdown mitigations were present of KPTI, __user pointer sanitization, full generic retpoline IBPB IBRS_FW, and for L1TF is the default "PTE Inversion; VMX: conditional cache flushes SMT vulnerable." In terms of the impact of the L1TF/Foreshadow kernel patches itself, see these recent benchmarks for the performance hit of Linux VMs for this latest speculative execution vulnerability; in this article is just looking for any performance change out of the microcode update with this default mitigation.
For those wondering about the overall performance change this year from the various Spectre/Meltdown mitigations, a comparison looking at that will be posted shortly.