This data is from running the FIO "randread" benchmark from Phoronix Test Suite on a Zen2 CPU in a QEMU guest.
The first graph shows an overview of different host-level Retbleed mitigations and how they affect the guest's performance.
The second graph shows the experiment repeated with ASI as it exists in the RFC, but rebased to v6.10. This minimal implementation doesn't make much effort to avoid address space transitions. So it performs comparitively to IBPB-on-VMExit.
The third graph shows a more optimised form of ASI where address space transitions are very rare. This version maps QEMU's userspace addresses into the restricted address space, on the assumption that the platform has functional SMAP and no L1TF-type vulnerabilities. In this incarnation is competitive versus this platform's key bespoke mitigation, while also mitigating a much wider range of attacks with the same technology. In other words it provides
a) similar security properties to the existing broad mitigation (IBPB-on-VMExit), and
b) similar performance properties to the existing narrow mitigation
The dreadful scripts used to run these benchmarks are here. The ASI code is here.
