Ryzen 7000 Runs Faster With Security Mitigations Enabled on Linux
A strange phenomenon that seemingly nobody has an answer to
According to a report by Phoronix, Ryzen 7000 processors are for some reason running faster with security mitigations enabled vs disabled in the new Linux version 6.0. Nobody knows why this anomaly exists in AMD's Zen 4 architecture, but as a result of the discovery, it is recommended to keep all relevant security mitigations enabled in Linux by default.
Linux kernel 6.0 features several security mitigations for Ryzen 7000, including for Speculative Store Bypass mitigations, SSBD related to Spectre V4, and Spectre V1 mitigations relating to SWAPGS barriers and user point sanitization. For Spectre V2, there are mitigations for Retpolines conditional Indirect Branch Predictor Barriers, IBRS firmware always-on STIBP and RSB filing.
With Zen 4, you can disable the SSB Spectre V1 and Spectre V2 mitigations in Linux, with the "mitigations=off" command. But in testing, Phoronix found very surprising results. In its test suite of 190 applications running on a Ryzen 9 7950X, Phoronix finds that the chip is 3% faster overall with the mitigations enabled.
In specific tests, the biggest gains can be attributed to web browser-based apps with mitigations enabled. This includes Selenium, which saw a whopping 42.6% performance gain with the mitigations on. This is by far the most beneficial app to run with these security measures enabled.
There were also a couple of apps that saw a negative impact with the mitigations enabled. This behavior's mainly applied to synthetic benchmarks, including Stress-NG, which saw a 26.6% degradation in CPU performance with all the security enhancements enabled.
But overall, the majority of applications benchmarked did benefit from enabling the security mitigations overall. This is a surprising phenomenon to see, since security mitigations in the past have always resulted in reduced CPU performance, due to the security enhancements either handicapping specific parts of the CPU architecture - like branch prediction, and/or forcing the CPU to use more processing power to run specific tasks.
So we would highly recommend anyone using Ryzen 7000 to keep the security mitigations on by default, for both security's sake and for the sake of better performance.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Aaron Klotz is a contributing writer for Tom’s Hardware, covering news related to computer hardware such as CPUs, and graphics cards.
-
hotaru251 Linux happy little accident.Reply
wonder if anyone will actually deep dive and see why it is happening. -
prtskg
Probably AMD has tuned the branch predictor accordingly.🤔hotaru251 said:Linux happy little accident.
wonder if anyone will actually deep dive and see why it is happening. -
sepuko They should probably test if the mitigations work at all when enabled. This performance discrepancy is somewhat smelly.Reply -
prtskg
These are older mitigations and zen 3 speed decrease with it.macgeek said:How do 5000-series (Zen 3) CPUs perform with these new mitigations? -
macgeek
Older, like from 2018?prtskg said:These are older mitigations and zen 3 speed decrease with it. -
prtskg
If spectre V2 mitigation is turned off, it reduces performance. That March 2022 only. So I was wrong.macgeek said:Older, like from 2018?
https://www.phoronix.com/review/amd-zen4-spectrev2