Initial Benchmarks Of The Intel Downfall Mitigation Performance Impact
With yesterday's disclosure of the Intel Downfall speculative execution vulnerability and the updated CPU microcode and Linux kernel patches I have been very busy testing the performance impact of this mitigation. Here are some initial numbers and workloads I have found to be impacted as a result of this security mitigation for Skylake to Icelake/Tigerlake client and server processors.
As covered in yesterday's articles around Downfall, the microcode-based security mitigation can impact the performance of software relying on AVX2/AVX-512 GATHER instructions if gather is being used in an application's hot code path. Unlike many of the past CPU security vulnerability mitigations where the performance impact was for workloads with lots of I/O or other user-space and kernel interactions, with the Downfall mitigation it can impair entirely user-space bound software if there is enough VGATHER* instruction use.
Intel has reported up to 50% performance penalties in extreme cases but from my testing over the past day it thankfully has tended to be less than that but still significant. It's also important to reiterate that it's for GATHER use and not just AVX2/AVX-512 in general as well as the latest Intel client/server CPUs not being vulnerable to Downfall. But considering Intel Xeon Scalable Ice Lake was still latest-generation at the start of the year prior to the Sapphire Rapids debut, there is a lot of server and client systems out in the wild that are affected.
A GitHub code search can show some of the popular code-bases making use of VGATHER* instructions. There's emulators like PPSSPP, the Skia graphics library, OpenJDK Java, BLIS, Unity run-time, etc. But besides using the gather instructions, those operations need to be done in hot code-paths for the Downfall mitigation to make a meaningful difference to performance. But even so in less than one day of benchmarking I've found a number of the software packages I commonly use for performance testing to indeed be impacted by this mitigated microcode for Downfall. In this article are some of the workloads I've found to be impacted by yesterday's microcode update and testing on a few different systems.