Skip to main content

News Ryzen 7000 Runs Faster With Security Mitigations Enabled on Linux

Written on .

According to a report by Phoronix, Ryzen 7000 processors are for some reason running faster with security mitigations enabled vs disabled in the new Linux version 6.0. Nobody knows why this anomaly exists in AMD’s Zen 4 architecture, but as a result of the discovery, it is recommended to keep all relevant security mitigations enabled in Linux by default.

Linux kernel 6.0 features several security mitigations for Ryzen 7000, including for Speculative Store Bypass mitigations, SSBD related to Spectre V4, and Spectre V1 mitigations relating to SWAPGS barriers and user point sanitization. For Spectre V2, there are mitigations for Retpolines conditional Indirect Branch Predictor Barriers, IBRS firmware always-on STIBP and RSB filing.

With Zen 4, you can disable the SSB Spectre V1 and Spectre V2 mitigations in Linux, with the “mitigations=off” command. But in testing, Phoronix found very surprising results. In its test suite of 190 applications running on a Ryzen 9 7950X, Phoronix finds that the chip is 3% faster overall with the mitigations enabled.

In specific tests, the biggest gains can be attributed to web browser-based apps with mitigations enabled. This includes Selenium, which saw a whopping 42.6% performance gain with the mitigations on. This is by far the most beneficial app to run with these security measures enabled.

There were also a couple of apps that saw a negative impact with the mitigations enabled. This behavior’s mainly applied to synthetic benchmarks, including Stress-NG, which saw a 26.6% degradation in CPU performance with all the security enhancements enabled.

But overall, the majority of applications benchmarked did benefit from enabling the security mitigations overall. This is a surprising phenomenon to see, since security mitigations in the past have always resulted in reduced CPU performance, due to the security enhancements either handicapping specific parts of the CPU architecture – like branch prediction, and/or forcing the CPU to use more processing power to run specific tasks.

So we would highly recommend anyone using Ryzen 7000 to keep the security mitigations on by default, for both security’s sake and for the sake of better performance.