The Downfall Mitigation Impact For Xeon E-2300 Series On Linux 6.5

Last month the Downfall CPU security vulnerability was disclosed that impacts various AVX/AVX-512 workloads. Now that there's been a few weeks for the Linux kernel code to settle around the mitigation and the latest Intel CPU microcode becoming more broadly available, here is a fresh look at the performance impact of the Downfall mitigation on affected AVX workloads.

This round of testing is looking at the Intel Downfall CPU performance impact on the Xeon E-2300 series "Rocket Lake" processors given that they remain the latest-generation Xeon E parts for the time being and are still being sold via retail channels and distributors. As a reminder, Skylake to Icelake servers are impacted as well as Skylake to Tigerlake client processors by this vulnerability. The CPU microcode-based mitigation can impact the performance of software making use of AVX VGATHER* instructions in an application's hot code path. For more background information on Downfall see last month's announcement.

Today's testing was looking at the Downfall mitigation impact with a Xeon E-2336 processor running within an ASRock Rack E3C252D4U 1U server. Ubuntu 22.04 LTS was running on this server with the Linux 6.5 stable kernel. The following configurations were tested on this latest stable Linux kernel release:

Vulnerable, No Microcode: Running Linux 6.5 but using the current stock firmware supplied by Ubuntu 22.04 LTS (0x57) that lacks the Downfall mitigation.

Mitigated, Latest Microcode: Running the same software/hardware with the exception of moving to the 0x59 Rocket Lake microcode that has the Downfall mitigation in place and thus on Linux 6.5 is recognized as properly mitigated.

mitigations=off, Latest ucode: Keeping to Linux 6.5 and the 0x59 microcode on the Xeon E-2366 server but using the "mitigations=off" kernel option to disable all of the CPU security mitigations on the Linux server being tested.