Over the past month on Phoronix there have been a lot of benchmarks of Intel’s new Core Ultra Series 3 “Panther Lake” with the Core Ultra X7 358H. One of the areas of Panther Lake not explored yet is around the CPU security mitigation impact, which is the focus of today’s benchmarking. The performance tests today are not only looking at the impact of the Core Ultra X7 SoC at its default versus running in a “mitigations=off” configuration but also comparing the overall CPU security mitigation impact with the run-time toggle going back all the way to Intel Haswell era laptops.
Recent generations of Intel CPUs are much more secure than in the past and the mitigation cost has been greatly reduced for those CPU security / speculative execution mitigations still needed with the newer core designs. For Panther Lake with its Cougar Cove P cores and Darkmont E cores, there still are some mitigations needed and applied by default. For Spectre V1 there are usercopy/SWAPGS barriers and __user pointer sanitization enabled. For Spectre V2 on Panther Lake there is enhanced/automatic Indirect Branch Restricted Speculation (IBRS) and conditional Indirect Branch Predictor Barrier (IBPB). For the Branch History Injection (BHI) attacks protection there is the BHI_DIS_S controls. For Speculative Store Bypass, SSB can be disabled via prctl. That’s it in terms of the default CPU security vulnerabilities/mitigations in place by the Linux 7.0 kernel. Much better than older CPUs with Meltdown, MDS, L1TF, Retbleed, TSA, TAA, and the various other vulnerabilities where Panther Lake is not affected.
For seeing what performance overhead there is to the default mitigations that remain with Panther Lake, on Linux 6.19 I ran some benchmarks at the kernel defaults and then again when the Core Ultra X7 358H was booted with the “mitigations=off” option to disable the relevant mitigations at boot time. No other changes were made to the Intel Panther Lake laptop besides the additional run in the mitigations=off mode.
After looking at those Intel Panther Lake results, are also some Intel laptops re-tested going back to the Haswell days for the mitigation impact at their defaults compared to the mitigations=off run. All laptops were tested on an Ubuntu 26.04 snapshot with the Linux 6.19 kernel for a modern look at the software stack. The CPU microcode and other software was kept the same in just looking at the impact of mitigations=off.
