According to a Phoronix analysis, Ryzen 7000 CPUs operate quicker with security mitigations enabled vs. disabled in the latest Linux version, 6.0. Nobody understands why this anomaly exists in AMD’s Zen 4 architecture. Still, as a result of the finding, all relevant security mitigations in Linux should be activated by default. Several security mitigations for Ryzen 7000 are included in Linux kernel 6.0, including Speculative Store Bypass mitigations, SSBD related to Spectre V4, and Spectre V1 mitigations dealing with SWAPGS barriers and user point sanitization. In addition, Retpolines conditional Indirect Branch Predictor Barriers, IBRS firmware always-on STIBP, and RSB filing are mitigated for Spectre V2.
The “mitigations=off” command in Linux may be used to deactivate the SSB Spectre V1 and Spectre V2 mitigations in Zen 4. However, throughout testing, Phoronix discovered some rather interesting outcomes. Phoronix discovers that the chip is 3% quicker overall with the mitigations enabled in their test suite of 190 programs running on a Ryzen 9 7950X. The highest increases in individual testing can be ascribed to web browser-based programs with mitigations enabled. This includes Selenium, which achieved a staggering 42.6% speed boost with the mitigations enabled. This is by far the most helpful software to use with these security features enabled.
There were also a few apps that suffered when the mitigations were activated. This phenomenon is mostly observed in synthetic benchmarks, such as Stress-NG, which reported a 26.6% decrease in CPU performance when all security measures were activated.
So, to benefit security and performance, we strongly advise anyone utilizing Ryzen 7000 to keep the security mitigations on by default.
