As the first benchmarks now show, the protective measures against the “Inception” vulnerability on current Zen processors from AMD can lead to a very high loss of performance of up to 54 percent in applications. The Phoronix website, which specializes in Linux, carried out the benchmark with an Epyc 7763 (“Milan”) on the free operating system and then evaluated it accordingly. The results vary greatly and sometimes show “imperceptible” and sometimes “significant” performance losses.
Fix by Inception can cost a lot of performance
Applications that have to do with databases, code compilation, engineering and image processing have to complain about the most serious drop in performance, but pack programs such as 7-Zip also have to lose a lot of feathers on a system secured against Inception. The greatest performance losses have to be accepted with the database management system MariaDB (54%), DaCapo (33%) and compiling Linux (29%) and Gimp (28%).
Everyday applications can also be affected
As the performance losses in 7-Zip (13%) show, everyday applications can also be affected, while Mozilla Firefox (1.2%) or the 3D graphics suite Blender3D (1.4%) hardly react to the fix . The extensive Linux benchmarks from Phoronix, which were carried out with the three following kernel configurations, provide further details:
- Out of: No inception reductions. All other CPU security measures were set to default values. This test examines only the overhead of inception mitigation.
- safe RET no microcode: The purely kernel-based mitigation using the prior family 19h CPU microcode without the inception mitigation.
- safe RET: The default safe RET mode when using the latest CPU microcode.
- IBPB: The alternative IBPB-based mitigation approach.
Details on these various mitigations can be found in the official Inception Speculative Return Stack Overflow (“SRSO”) kernel documentation, while “safe RET” mode is set as the default mode for AMD Zen processors in the Linux kernel versions that have been patched since last week.
New AGESA firmware against Inception
According to AMD itself, it plans to release new versions of its AGESA firmware to protect against Inception. The manufacturer offers an overview of this in its official security bulletin under the ID “AMD-SB-7005”.
Source: Phoronix