How Time Flies, Two Years Since Spectre And Meltdown Were Officially Disclosed
Looking At The Impact Of All Mitigations On Linux Performance
As long as speculative execution exists on multi-core processors we are going to see exploits similar in nature to Spectre and Meltdown which means the focus needs to be on protecting your systems from that at the least possible cost in processing power. In order to see how well Linux has balanced performance and security, Phoronix took a daily snapshot of Ubuntu 20.04 LTS from last week and benchmarked the performance of a variety of silicon, from the new Core i9 10980XE through Xeon Platinum 8280’s.
The systems were configured with mitigations for ITLB, L1TF, MDS, Meltdown, Speculative Store Bypass (Spectre V2), Spectre V1, Spectre V2, and TSX Async Abort (TAA) but multi-threading was not disabled. The results demonstrate Intel’s success at addressing the issue with changes in chip design, while the older chips with these mitigations applied all ran around ~85% as fast as when unpatched, the new Intel Core i9 10980XE provided 97% of the processing power it produced when unpatched.
This is very good news for everyone.
To commemorate that anniversary, I was running some fresh benchmarks of various Intel desktop and server processors with the in-development Ubuntu 20.04 LTS to look at the performance impact today with the default CPU vulnerability mitigations and then again with the mitigations disabled at run-time.
A 15% slow down with all security patches applied to older CPUs is not a good compromise. There is a need to go back and make the older patches more efficient. Once the older CPU got firmware patched, Intel and AMD need to go back to improve these patches so that they do improve speed on all the older CPUs.
I totally agree with the first commenter: the mentioned i9 is a 1,280€(!) CPU (price from June 2020). No regular user will own this. All others will be affected since 2018, not only performance-wise. And I absolutely don’t believe current architectures like e.g. “Zen 2” will be top notch in preventing both hardcore vulnerabilites. This sucks so hard it hurts to use CPUs from Intel, AMD and ARM in mid-2020 still.