The Peculiar State Of CPU Security Mitigation Performance On Intel Tiger Lake
First is a look at the Sockperf network API benchmark that has long been an easy test case for showing the mitigation impact over the past nearly three years of issues. With Kaby Lake R and Whiskey Lake before the hardware mitigations started rolling out, there was significant performance benefits to booting with mitigations disabled. With Ice Lake there still was some minor benefit to booting with mitigations=off given that previous-generation CPU baked in a lot of protections. But now with Tiger Lake when disabling mitigations there is a small hit to the performance. And somewhat embarassingly, the mitigated/unmitigated Tiger Lake performance for this network throughput test still doesn't match the unmitigated Whiskey Lake results and similar performance to unmitigated Kaby Lake R.
With Sockperf's latency test on Tiger Lake the performance was basically the same regardless of mitigation state.
When firing up a few Java benchmarks, the mitigation state for Tiger Lake doesn't show much of a difference except that the unmitigated performance is leaning towards slightly less performance than with mitigations enabled.