Ryzen 7000 Runs Faster With Security Mitigations Enabled on Linux

News
By
last updated

A strange phenomenon that seemingly nobody has an answer to

AMD Ryzen 7000
(Image credit: AMD)

According to a report by Phoronix, Ryzen 7000 processors are for some reason running faster with security mitigations enabled vs disabled in the new Linux version 6.0. Nobody knows why this anomaly exists in AMD's Zen 4 architecture, but as a result of the discovery, it is recommended to keep all relevant security mitigations enabled in Linux by default.

Linux kernel 6.0 features several security mitigations for Ryzen 7000, including for Speculative Store Bypass mitigations, SSBD related to Spectre V4, and Spectre V1 mitigations relating to SWAPGS barriers and user point sanitization. For Spectre V2, there are mitigations for Retpolines conditional Indirect Branch Predictor Barriers, IBRS firmware always-on STIBP and RSB filing.

With Zen 4, you can disable the SSB Spectre V1 and Spectre V2 mitigations in Linux, with the "mitigations=off" command. But in testing, Phoronix found very surprising results. In its test suite of 190 applications running on a Ryzen 9 7950X, Phoronix finds that the chip is 3% faster overall with the mitigations enabled.

In specific tests, the biggest gains can be attributed to web browser-based apps with mitigations enabled. This includes Selenium, which saw a whopping 42.6% performance gain with the mitigations on. This is by far the most beneficial app to run with these security measures enabled.

There were also a couple of apps that saw a negative impact with the mitigations enabled. This behavior's mainly applied to synthetic benchmarks, including Stress-NG, which saw a 26.6% degradation in CPU performance with all the security enhancements enabled.

But overall, the majority of applications benchmarked did benefit from enabling the security mitigations overall. This is a surprising phenomenon to see, since security mitigations in the past have always resulted in reduced CPU performance, due to the security enhancements either handicapping specific parts of the CPU architecture - like branch prediction, and/or forcing the CPU to use more processing power to run specific tasks.

So we would highly recommend anyone using Ryzen 7000 to keep the security mitigations on by default, for both security's sake and for the sake of better performance.

Aaron Klotz
Aaron Klotz
Contributing Writer

Aaron Klotz is a contributing writer for Tom’s Hardware, covering news related to computer hardware such as CPUs, and graphics cards.

See more CPUs News
7 Comments Comment from the forums
  • hotaru251
    Linux happy little accident.

    wonder if anyone will actually deep dive and see why it is happening.
    Reply
  • prtskg
    hotaru251 said:
    Linux happy little accident.

    wonder if anyone will actually deep dive and see why it is happening.
    Probably AMD has tuned the branch predictor accordingly.🤔
    Reply
  • sepuko
    They should probably test if the mitigations work at all when enabled. This performance discrepancy is somewhat smelly.
    Reply
  • macgeek
    How do 5000-series (Zen 3) CPUs perform with these new mitigations?
    Reply
  • prtskg
    macgeek said:
    How do 5000-series (Zen 3) CPUs perform with these new mitigations?
    These are older mitigations and zen 3 speed decrease with it.
    Reply
  • macgeek
    prtskg said:
    These are older mitigations and zen 3 speed decrease with it.
    Older, like from 2018?
    Reply
  • prtskg
    macgeek said:
    Older, like from 2018?
    If spectre V2 mitigation is turned off, it reduces performance. That March 2022 only. So I was wrong.
    https://www.phoronix.com/review/amd-zen4-spectrev2
    Reply