https://www.phoronix.com/news/AMD-Zen-4-Mitigations-Off

Phoronix
   

  * Articles & Reviews
  * News Archive
  * Forums
  * Premium
  * Categories
  * Computers
  * Display Drivers
  * Graphics Cards
  * Linux Gaming
  * Memory
  * Motherboards
  * Processors
  * Software
  * Storage
  * Operating Systems
  * Peripherals
  * Close

  * 
  * Articles & Reviews
  * News Archive
  * Forums
  * Premium
  * Contact
  * Categories
    Computers Display Drivers Graphics Cards Linux Gaming Memory
    Motherboards Processors Software Storage Operating Systems
    Peripherals
  * [                    ] [Search]

With AMD Zen 4, It's Surprisingly Not Worthwhile Disabling CPU
Security Mitigations

Written by Michael Larabel in AMD on 30 September 2022 at 01:30 PM
EDT. 22 Comments
AMD --
While some Linux enthusiasts eagerly recommend users boot their
systems with the "mitigations=off" kernel parameter for run-time
disabling of various relevant CPU security mitigations for Spectre,
Meltdown, L1TF, TAA, Retbleed, and friends, with the new AMD Ryzen
7000 "Zen 4" processors while still needing some software
mitigations, it's surprisingly faster for the most part leaving the
relevant mitigations enabled.



                               [image]


With AMD Zen 4 processors and the currently public security
disclosures, Linux 6.0 on the Ryzen 7000 series CPUs has Speculative
Store Bypass disabled via prctl for the SSBD / Spectre V4 mitigation
and Spectre V1 mitigations of usercopy/SWAPGS barriers and __user
pointer sanitization. Then for Spectre V2 there are Retpolines,
conditional Indirect Branch Predictor Barriers (IBPB), IBRS firmware,
always-on Single Threaded Indirect Branch Predictors (STIBP), and
return stack buffer (RSB) filling. Those are the only software
security mitigations involved with Zen 4 at this time with the new
CPUs not being vulnerable to the assortment of other known
vulnerabilities affecting different CPUs.

                               [image]
              The Zen 4 mitigation status on Linux 6.0


With Zen 4 you can still boot the kernel with mitigations=off to
disable the SSB, Spectre V1, and Spectre V2 mitigations applied while
leaving the system in a "vulnerable" state. While many route to the
mitigations=off approach to avoid the performance penalties
attributed to the different mitigations, in the case of AMD Zen 4 on
the Ryzen 9 7950X it's not actually beneficial.

To much surprise, the default/out-of-the-box state with the
mitigation controls was generally faster than booting with
mitigations=off. Here are the benchmarks with a measurable difference
either way:

Running with mitigations=off was faster for a few synthetic
benchmarks like Stress-NG, OSBench, Sockperf, and the other usuals.
But keeping to the default mitigation state was surprisingly leading
to a noticeable benefit for the web browser benchmarks, Stargate DAW,
various OpenJDK workloads, and other workloads that have typically
seen performance impacts from the different security mitigations of
the past 4+ years.

Keeping to the default mitigation state was faster for the majority
of the benchmarks tested.

Or for the wide span of 190 different benchmarks carried out, keeping
to the default mitigations was about 3% faster overall than running
with mitigations=off. Basically the opposite of what we normally see
with other, older processors. As for why keeping the default
mitigations on is leading to the Ryzen 9 7950X faster is a good
question (normally it's the opposite!) but one that I hadn't bothered
digging into deeper yet with system profiling due to time constraints
and ultimately not being too important since for production systems
you should really be keeping to the default security recommendations.

Those wanting to dig through all 190 benchmarks in full can find all
of my data here. Long story short, with AMD Zen 4 it doesn't look to
be worthwhile booting with "mitigations=off" but in fact can
negatively impact some real-world workloads.
22 Comments
Tweet
[INS::INS]
Related News
AMD PMF Cool & Quiet Framework Readied For Linux 6.1
Linux 6.0 Merges The AMD Performance Fix For The Old "Dummy Wait"
Workaround
A 20 Year Old Chipset Workaround Has Been Hurting Modern AMD Linux
Systems
AMD Hardware Ray-Tracing Hopes To Be Ready For Blender 3.5
AMD RDNA 3 Being Announced On 3 November
More AMD Ryzen Laptops See Suspend-To-Idle Fix
About The Author Author picture

Michael Larabel is the principal author of Phoronix.com and founded
the site in 2004 with a focus on enriching the Linux hardware
experience. Michael has written more than 20,000 articles covering
the state of Linux hardware support, Linux performance, graphics
drivers, and other topics. Michael is also the lead developer of the
Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated
benchmarking software. He can be followed via Twitter, LinkedIn, or
contacted via MichaelLarabel.com.

Popular News This Week
A 20 Year Old Chipset Workaround Has Been Hurting Modern AMD Linux
Systems
Rust-Written Apple DRM Linux Kernel Driver Renders First Cube
Fedora Linux Disabling Mesa's H.264 / H.265 / VC1 VA-API Support Over
Legal Concerns
Linux 6.0 Merges The AMD Performance Fix For The Old "Dummy Wait"
Workaround
Wayland's Weston 11.0 Released With HDR Display & Multi-GPU
Preparations
Btrfs Async Buffered Writes Slated For Linux 6.1 - 2x Throughput
Improvement
AMD RDNA3 GPUs Can Have A Lot More Vector Registers Than RDNA2
OpenJDK Java's Native Wayland Support Progressing
Latest Linux News
Google Announces Lyra V2 Low Bit-Rate Voice Codec
With AMD Zen 4, It's Surprisingly Not Worthwhile Disabling CPU
Security Mitigations
Linux 6.1 Change Aims To Auto-Detect Logitech HID++ High Resolution
Scrolling Support
AMD Sends Last Minute Fixes To Linux 6.0 For RDNA3 Graphics Cards
Intel Arc Graphics A750 + A770 Are Ready To Run On Open-Source Linux
Drivers
Zink Enables OpenGL Threading For "Huge Perf Gains"
Microsoft Adds AV1 Decode Support To Their Mesa D3D12 Driver
Ubuntu 22.10 Beta Released For Linux 5.19 + GNOME 43 Powered Linux
Desktop
Intel Outlines Arc A750 Graphics Card For $289, More Arc Graphics
Details
Google Shutting Down Its Stadia Game Streaming Service
Show Your Support, Go Premium

Phoronix Premium allows ad-free access to the site, multi-page
articles on a single page, and other features while supporting this
site's continued operations.

Latest Featured Articles
AMD Ryzen 7 7700X Linux Performance
Revisiting AMD EPYC 7773X "Milan-X" Performance With Linux 6.0 +
Ubuntu 22.10
AMD Ryzen 9 7900X / Ryzen 9 7950X Benchmarks Show Impressive Zen 4
Linux Performance
AMD Zen 4 AVX-512 Performance Analysis On The Ryzen 9 7950X
AMD Ryzen 9 7900X / 7950X Linux Gaming Performance
Support Phoronix

The mission at Phoronix since 2004 has centered around enriching the
Linux hardware experience. In addition to supporting our site through
advertisements, you can help by subscribing to Phoronix Premium. You
can also contribute to Phoronix through a PayPal tip or tip via
Stripe.

Phoronix Media
---------------------------------------------------------------------

  * Contact
  * Michael Larabel
  * OpenBenchmarking.org

Phoronix Premium
---------------------------------------------------------------------
 

  * Support Phoronix
  * While Having Ad-Free Browsing,
  * Single-Page Article Viewing

Share
---------------------------------------------------------------------

  * Facebook
  * Twitter

  * Legal Disclaimer, Privacy Policy, Cookies | Contact

  * Copyright (c) 2004 - 2022 by Phoronix Media.

  * All trademarks used are properties of their respective owners.
    All rights reserved.