Initial Benchmarks Of The Spectre “SWAPGS” Mitigation Performance Impact


Yesterday the SWAPGS vulnerability was made public as a new variant of Spectre V1 that affects all operating systems and is believed to affect only Intel CPUs. The SWAPGS discovery by Bitdefender was quietly mitigated by Microsoft for Windows 10 last month while yesterday the patches were posted for the mainline Linux kernel as the Grand Schemozzle. As soon as learning of this SWAPGS vulnerability and seeing the kernel code, I began running some preliminary performance tests to look at the impact of this latest CPU mitigation.

The kernel code added yesterday to mainline by Thomas Gleixner commented on the issue:

“The performance deterioration departement is not proud at all to present yet another set of speculation fences to mitigate the next chapter in the ‘what could possibly go wrong’ story.

The new vulnerability belongs to the Spectre class and affects GS based data accesses and has therefore been dubbed ‘Grand Schemozzle’ for secret communication purposes. It’s officially listed as CVE-2019-1125.”

Especially with that text, I was quite interested in seeing what the performance is looking like as a result of this latest kernel activity for tightening up the Intel CPU security. This morning I have results wrapped up on an Intel Core i9 9900K processor. SWAPGS or the “Grand Schemozzle” is believed to affect all Intel CPUs from at least Ivybridge through their latest products.

The Core i9 9900K processor was indeed reported as affected when running on the patched kernel. I fired off some benchmarks of the Linux 5.3 kernel code as of Sunday compared to the latest code as of overnight that’s been patched for SWAPGS and mitigated by default unless explicitly disabling Spectre V1 mitigations or all CPU vulnerability mitigations in general. Contrary to Red Hat’s report initially saying AMD CPUs are affected, the Linux kernel is not applying this SWAPGS mitigation to AMD hardware (AMD has also issued a statement that they believe they are unaffected by this new Spectre V1 variant).

Over the days ahead I’ll work on more SWAPGS benchmarks particularly on a generation or two older to see if the performance impact is any more noticeable. On the following pages are these initial results from the Core i9 9900K system running Ubuntu 19.04 with Linux 5.3 Git.