Windows Systems Performance Impacts from Spectre and Meltdown

[FrgMstr]

There has been a lot of discussion about Spectre and Meltdown since last week and now Microsoft has something to say about Windows Systems performance after patching.

In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.

Here is the summary of what we have found so far:

* With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
* With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
* With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
* Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

So in summation, with processors older than Skylake (launched in August 2015) changed the way branch prediction is being handled so that it is not more specific to indirect branches. There will be some penalty but not like what we will see in previous CPU architectures. Windows 7 and 8 is going to be a bigger loser than Windows 10. Thanks cageymaru.

 

[dgingeri]

They missed a generation. The don't mention anything about Broadwell, which is newer than Haswell and older than Sky Lake. Broadwell is much like Haswell, so it is likely in the "older" category, but I find it odd they completely missed that one.

 

[Lothar]

It's all a conspiracy to get people to upgrade to newer processors.

 

[sfsuphysics]

wanted to say it explains why my old i3 laptop runs like shit now... but to be fair it always has. Always on the fence of whether or to put an SSD into a $400 budget laptop to speed it up.

 

[Trigneus]

Unknown benchmarks loosely quoted for another "calm the typical user" story. Do any "typical" users visit [H]?

 

[Az Syndicate]

Will this be the nail in my 2600K?....

 

[Dregan73]

what if all this was planed, to force us to buy new cpus, conspiracy theories go......

 

[Cmdrmonkey]

Seems like a big scam to sell new hardware to people that probably don't need it based on something that may not even be a threat in the real world

The conspiracy theory about Apple was proven correct. I'm very skeptical of this. CPUs had gotten to a point in recent years where they basically didn't need to be upgraded. I had no plans to upgrade my 4770K unless my PC suffered a hardware failure. This is awfully convenient for Intel.

 

[lollerwaffle]

I temporarily stopped Win10 updates and I'm not going to install BIOS updates for a while yet either.

I mean, we have to yet see what the BIOS updates bring in terms of slowdown when they install new microcode. That'll be ontop of any Windows slowdowns, or at least compound them somewhat. So I'm taking all those benchmarks as too early. Microsoft is not saying whether they measured with udpated microcode or not.

My BIOS has been great and I don't see a need to patch it. And the Windows patches, even once I finally have to install them to get other updates, can be disabled with PowerShell scripts. So there's path forward with no slowdowns. The worst exploit so far were the browser exploits, and FF as well as Edge has already plugged them. The rest of the exploits, I'm not juicy enough of a target for them.

 

[Grimlaking]

Hey those of you that host MSSQL DB's might be interested in this article from Microsoft: https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server

 

[SixFootDuo]

Starting to think this was all an elaborate plan to get people to upgrade from their PC's.

 

[Cmdrmonkey]

Starting to think this was all an elaborate plan to get people to upgrade from their PC's.

Notice how it conveniently affects PCs that are 4+ years old, even though there have been effectively no big performance changes in mainstream Intel CPUs since Sandy Bridge in 2011. This stinks of planned obsolescence.

 

[Methadras]

Wonder what this means for 3770 i7's.

 

[TrailRunner]

Wow, 1 hour and 12 comments, several of those comments about this being a ploy to force CPU upgrades on people, and not ONE comment about this being a ploy to force people to upgrade from 7 to 10.
[H], I am disappointed in you.

 

[Cmdrmonkey]

Wow, 1 hour and 12 comments, several of those comments about this being a ploy to force CPU upgrades on people, and not ONE comment about this being a ploy to force people to upgrade from 7 to 10.
[H], I am disappointed in you.

It's both. Intel and Microsoft are colluding on this one.

 

[Spidey329]

Wow, 1 hour and 12 comments, several of those comments about this being a ploy to force CPU upgrades on people, and not ONE comment about this being a ploy to force people to upgrade from 7 to 10.
[H], I am disappointed in you.

I know, right?

 

[heatlesssun]

It's both. Intel and Microsoft are colluding on this one.

Pretty amazing. Considering that some or all of these flaws effect Linux, iOS, macOS, AMD & ARM CPUs, etc.

 

[ol1bit]

I could care less. I don't run any anti-virus or IE, and seem to be fine for the last 6 years. I have Windows 7 and Windows 10 PCs. One Windows 10 PC is running Bloomfield, If is slows down too much, back to Windows 7 I go. And for Corp sites its a crazy emergency, with thousands of servers, and BIOS updates, this will be Hell.

 

[MV75]

Nope, it's to get people to 10. How can it possibly really be about upgrading hardware when the bug is still there? Release new hardware free of the bug, hell yes to upgrading.

See there is no windows 7 / 8.1 with newer silicon listed? We already know why, that was back in their forced to update to win 10 round #566 last year to forcibly end support for a currently supported os. I wonder how it really fares against 10 on same hardware? I'm guessing exactly the same.

All I know is that I'm not updating to the latest monthly update, that's for sure. And what about consoles..... ? lol. Systems that already run to the 9th just to barely run what they run, they'll enjoy a slow down too.

 

[heatlesssun]

I wonder how it really fares against 10 on same hardware? I'm guessing exactly the same.

In terms of raw performance running Win32 sure. There are other considerations like battery life, which is a much more important concern now than over 8 years ago when 7 launched as most PC at the time sold were still desktops. But we are talking about flaws that predate even Windows 7. Had this been discovered 8 years ago no doubt we'd be hearing the argument of Microsoft using this to force people to upgrade to Windows 7.

 

[admiralperpetual]

Wonder what this means for 3770 i7's.

or us 3570k's...

 

[maddude]

I doubt this is a master plan by Intel, as it would drive consumers straight to AMD.

If anything, AMD was the real discoverer of these exploits and published them to driver their own sales! *tinfoil hat tightens*

 

[lollerwaffle]

Nope, it's to get people to 10. How can it possibly really be about upgrading hardware when the bug is still there? Release new hardware free of the bug, hell yes to upgrading.

See there is no windows 7 / 8.1 with newer silicon listed? We already know why, that was back in their forced to update to win 10 round #566 last year to forcibly end support for a currently supported os. I wonder how it really fares against 10 on same hardware? I'm guessing exactly the same.

All I know is that I'm not updating to the latest monthly update, that's for sure. And what about consoles..... ? lol. Systems that already run to the 9th just to barely run what they run, they'll enjoy a slow down too.

It looks like it won't be the same. The reason being, the Windows 7 display driver model (DDM) is very, very different from the Windows 10 one. The Win7 one has font rendering in the kernel code, and the Win10 one does not. What that means is, whenever text is rendered on your desktop on in any desktop application, Win7 will make a LOT more kernel code transitions, which trigger the workaround of clearing certain CPU states and slowing down things compared to pre-patch. So in many 'regular Joe User' cases, Win7 will definitely be slower. How much, that remains to be seen.

Source: https://www.theverge.com/2018/1/9/16868290/microsoft-meltdown-spectre-firmware-updates-pc-slowdown

As far as 'it's to get people to 10', I don't buy it. Microsoft is already pushing VERY hard to get people to 10, I don't think they need this issue to push it further. They are patching Win7/8, it's just there are architectural differences that will make 7/8 slower compared to 10, that's not some sort of planned obsolescence. I mean the amount of long shot for this to be true is looney tunes conspiracy level, which I am not accusing you of, given you may not know the above.

But seriously ask yourself, if you are staying on Microsoft platforms, don't you slowly but surely see the final last gasp of Win7 in view? It's coming and it's reasonable at this point, IMO.

 

[MV75]

In terms of raw performance running Win32 sure. There are other considerations like battery life, which is a much more important concern now than over 8 years ago when 7 launched as most PC at the time sold were still desktops. But we are talking about flaws that predate even Windows 7. Had this been discovered 8 years ago no doubt we'd be hearing the argument of Microsoft using this to force people to upgrade to Windows 7.

Mmmmm maybe. Back then they weren't aggressive or as bastardly about it all like the forced windows 10 upgrade. Plus you still had full control of everything in 7 as well as full features that weren't constantly being eroded. Upgrading was an entirely different landscape back then without the bastard precedents that have created this backfire distrust of the company.

 

[MV75]

It looks like it won't be the same. The reason being, the Windows 7 display driver model (DDM) is very, very different from the Windows 10 one. The Win7 one has font rendering in the kernel code, and the Win10 one does not. What that means is, whenever text is rendered on your desktop on in any desktop application, Win7 will make a LOT more kernel code transitions, which trigger the workaround of clearing certain CPU states and slowing down things compared to pre-patch. So in many 'regular Joe User' cases, Win7 will definitely be slower. How much, that remains to be seen.

Source: https://www.theverge.com/2018/1/9/16868290/microsoft-meltdown-spectre-firmware-updates-pc-slowdown

What I'm getting at is what about my setup, win 8.1 on kaby lake, not haswell?

 

[lollerwaffle]

What I'm getting at is what about my setup, win 8.1 on kaby lake, not haswell?

I have no authoritative answer to that. I'll give you my guess: Kaby Lake has instructions that mitigate the performance impact of the workarounds. There is no reason to assume that Win8.1's patch won't take advantage of those instructions just the same as Win10. The same for Win7. Reason being, a LOT of corporations still run Win7. They will be pissed to all hell if there is a larger performance impact than needed because Microsoft develops different patch code for different OS's just to sell Windows 10. They could not afford that stunt, and frankly, I personally don't think they are that evil.

I know 8.1 also had DDM changes, but I do not know if that moved font rendering code from kernel to user space like Win10 did. MS' official statement doesn't say one way or the other and I am too lazy to deep dive into DDM changes for 8.1 Your question is a good one though.

 

[LMT MFA]

I could care less. I don't run any anti-virus or IE, and seem to be fine for the last 6 years. I have Windows 7 and Windows 10 PCs. One Windows 10 PC is running Bloomfield, If is slows down too much, back to Windows 7 I go. And for Corp sites its a crazy emergency, with thousands of servers, and BIOS updates, this will be Hell.

Could you? Cuz it sounds like you couldn't.

 

[GoodBoy]

So where does Broadwell fit into this? It's right between Haswell and Skylake... 5th Gen. I have a Broadwell-E cpu. so hoping it's closer to the Skylake side of the performance..

 

[GoodBoy]

I temporarily stopped Win10 updates and I'm not going to install BIOS updates for a while yet either.

I mean, we have to yet see what the BIOS updates bring in terms of slowdown when they install new microcode. That'll be ontop of any Windows slowdowns, or at least compound them somewhat. So I'm taking all those benchmarks as too early. Microsoft is not saying whether they measured with udpated microcode or not.

My BIOS has been great and I don't see a need to patch it. And the Windows patches, even once I finally have to install them to get other updates, can be disabled with PowerShell scripts. So there's path forward with no slowdowns. The worst exploit so far were the browser exploits, and FF as well as Edge has already plugged them. The rest of the exploits, I'm not juicy enough of a target for them.

That's pretty brave. I would patch up if I was you.. But to answer your question: https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/page4.html

Horrible storage performance aside (they found anywhere from 7% to 41% drop in SSD performance with the patch+firmware) we consistently saw less than a 5% reduction in gaming performance, you’re looking at around a 3-4% drop for the most part when CPU limited, less (~1%) when GPU limited. SSD performance doesn’t impact frame rates, we’ve seen this when comparing slow hard drives with ultra snappy SSDs, there’s really nothing to gain there. Where a drop in storage performance can hurt is with game load times...

and the larger performance drops was in write times on SSD's, vs read times, which in some but not all situations/tests had some large performance drops, in other situations the read times took a smaller performance hit.

 

[WhoMe]

So will it be the same for Linux?

 

[Deleted member 243478]

So does this mean I can RMA my CPU as faulty lol

 

[unfortunateson]

My result set of a quick Novabench test on an i5-Skylake PC running Windows 7 before/after patching shows a slight boost in CPU score (2%) but my SSD write speeds are lowered 17% and reads are lowered 9%.

 

[MV75]

That's pretty brave. I would patch up if I was you.. But to answer your question: https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/page4.html



and the larger performance drops was in write times on SSD's, vs read times, which in some but not all situations/tests had some large performance drops, in other situations the read times took a smaller performance hit.

Why brave? Run a safe browser, FF with ad block, don't visit dodgy sites (open spam mail), or use crappy applications, seems like there is no avenue for attack, nor any reason to patch.

I do now wonder if it's per device the slow down happens? Would a (just say at the basics level for now), raid 0 mitigate any slow downs compared to a single device as you're splitting the throughput between at least two devices. Or would it increase cpu usage even further handling both at the same time?

 

[umeng2002]

So does this mean I can RMA my CPU as faulty lol

You'll get a $35 check in the mail in 5 years from a class-action suit.

 

[Derangel]

Why brave? Run a safe browser, FF with ad block, don't visit dodgy sites (open spam mail), or use crappy applications, seems like there is no avenue for attack, nor any reason to patch.

I do now wonder if it's per device the slow down happens? Would a (just say at the basics level for now), raid 0 mitigate any slow downs compared to a single device as you're splitting the throughput between at least two devices. Or would it increase cpu usage even further handling both at the same time?

You should go look at all the times malicious code has been injected into "safe" websites. Visiting "safe" sites won't protect you if happen to visit during a time that something has been injected into it.

 

[Grimlaking]

The impact would be the same and the additional latency would be per transaction. So a raid zero would feel it less. I don't really notice it myself with an nvme drive.

 

[Grimlaking]

revisiting MSSQL server licensing is going to be painful for some. Isn't it per core?

Yes... Yes it is at 25k per 4 cores. That same 25k would buy a dual cpu server at 16 cores each with 384gb of ram dual dual port 10gb nics and 3 independent fc cards... Not that I've checked.

 

[rgMekanic]

It's all a conspiracy to get people to upgrade to newer processors.

Working great to get me to want to upgrade to Threadripper

 

[bugleyman]

revisiting MSSQL server licensing is going to be painful for some. Isn't it per core?

Yup.

 

[polonyc2]

Microsoft has been trying to get people to upgrade to new CPU's for years by discontinuing support on W10...now these exploits give them another reason by causing mass panic...easier to get people to upgrade by screaming about security flaws...sorry but I'm keeping my i7 980X for the foreseeable future...I don't notice any slowdowns...anyone that does it's probably a placebo effect