Poll: Have patches for Spectre and Meltdown slowed down your systems?

The Spectre and Meltdown vulnerabilities are perhaps the biggest security story of the decade. Microcode, operating system, and browser updates have all rolled out in attempts to mitigate the secret-stealing potential that these vulnerabilities have introduced into computing devices everywhere. New variants of the attacks have continued to emerge as researchers test the strength of the security model of modern processor architectures, too.

For all the gloom-and-doom predictions of double-digit performance losses from all of those security patches—something that we observed in micro-benchmarks but not necessarily in real-world uses for client PCs—most folks and businesses seem to have gotten on with their lives without too much trouble. We wanted to see whether you've noticed performance slowdowns from your fully-patched systems in the wake of Spectre and Meltdown. Tell us what you've observed using the poll below.

Comments closed
    • chrcoluk
    • 1 year ago

    On servers, about a 3% drop in response time to database queries, web page loads etc. on average. The worst parts of data show about a 300% drop in performance but for a minority part of workload, best parts of data about 0.6% loss. More significant is cpu utilisation is up about 60%, meaning extra costs now involved in hosting.

    On main desktop PC, the most noticeable impact is when loading chrome it takes about 70% longer. Second most noticeable is cpu bound games, stutters are definitely increased, FF15 a game which was just about running ok became a stutter fest with meltdown patch enabled, and was fine again after patch disabled.

    On my laptop, this one was more interesting. First time loading task manager after bootup, actually had about a 60% chance of making the entire OS unresponsive and need a force reboot, so stability issues were introduced, when it did load ok it took about 8-14 seconds instead of under one second, so in terms of % about a 1500-3000% performance regression, disabling meltdown interestingly had absolutely no affect on the performance hit but did fix the stability problems. Removing the entire patch brought performance back. It was later discovered custom HIPS rules on NOD32 combined with meltdown caused this problem, so there is proof that certian types of workload can be destroyed with meltdown.

    All 3 of the above examples are meltdown only as none of my hardware has microcode updates installed for spectre.

    I took a lot of flak when I suggested on a security site that these bugs should never have been publicly disclosed until they were been actively exploited, and I think they never would have been actively exploited, they still are not to this day, they are very difficult to actively exploit, I also believe the mitigations should not be blindly enabled, its a type of panic response, as always security via defense in depth is always the best way, meaning layers can be disabled if the cost of mitigation is too high and meltdown and spectre have a high cost, not to mention spectre mitigation’s are partial only (no userland mitigation because performance impact would cause a meltdown on the internet), I mitigate on server’s as its my customer’s data and the cpu has excess unused utilisation to take the hit, I took the hit on my laptop, as I dont game on it and I can handle the performance hit (albeit with no nods32 HIPS now, I actually until I Replace that HIPS security is down on the laptop), my PC only has dec 2017 windows patch installed and no later, as I game on the PC and I want best performance out of it, I do have other security layers tho such as SRP, and other mitigation’s.

    • SoundFX09
    • 1 year ago

    My Ryzen 7 1700 and RX Vega 64 STRIX System runs about the same before any of these Vulnerabilities came out. So I am in the camp of “No, I haven’t noticed anything”.

    Then again, AMD didn’t really have to do a whole lot to patch these vulnerabilities compared to Intel.

    • demolition
    • 1 year ago

    I have a couple of older Core 2 Duo machines and they are massively affected by this patch to the point where they become unbearably slow. I know they are not speed-demons any longer but they were usable for what I needed them to do which was no longer the case post-patch. After using InSpectre to disable the patch, I could again start to use both PCs like before. I am not using these PCs for very personal stuff and the chance of an exploit actually abusing this weakness is also extremely low if you ask me. If you really wanted to get into someone’s PC, there are much easier ways to accomplish this and it will be hard to any ordinary user to protect against that.

    My i7-6700k and i7-8700k machines was not noticeably impacted which is also reflected in the benchmarks shown in different places. You need a benchmark to tell the difference on Skylake and newer systems.

    • ronch
    • 1 year ago

    I voted No, those patches haven’t slowed down my system because.. I never installed them.

    • just brew it!
    • 1 year ago

    I haven’t noticed any slowdowns on my personal systems, but I also haven’t been looking for them. Ubuntu’s Meltdown patch initially broke the Nvidia GPU driver (forcing me to revert to an older kernel until things got sorted).

    The patches are definitely causing grief for people at my day job though. Certain workloads take unacceptably large hits, and these issues are still actively being worked.

    • odizzido
    • 1 year ago

    Since I haven’t installed any of the patches no, I haven’t. Cheese I guess is my answer?

    • DPete27
    • 1 year ago

    How far back have the patches been applied to?

      • frenchy2k1
      • 1 year ago

      Depends. Intel has released patches till the first “core i” processors I think, and most of the OS patches have been distributed, particularly for Meltdown, but most of the Spectre patches require microcode update through the BIOS and most MB makers only patched till H/Z/X9X.

      My Sandy bridge E systems (X79) are out of luck.

      I’m not particularly at risk though…

    • moose17145
    • 1 year ago

    Home? No. Nothing too noticeable. I mean I guess certain webpages sometimes feel like they are rendering slightly slower… but maybe that is all placebo effect? My system is a 8 core Broadwell-E (6900K), so even with the patches, as long as it’s somewhat multithreaded, the chip should have processing power to spare despite the patches.

    Now at work? Oh christ yes… These patches combined with all the other stuff we are running combined with all the machines also being bitlockered… every little percentage point of performance taken away ends up feeling more and more noticeable….

      • meerkt
      • 1 year ago

      [quote<]certain webpages sometimes feel like they are rendering slightly slower... but maybe that is all placebo effect?[/quote<]No. On the web that's called progress.

    • Ninjitsu
    • 1 year ago

    I have no clue whether patches were ever released for my systems. I think something rolled out on the software side for Win 7 and 10, and I didn’t notice any slowdown for that. On the hardware side I don’t know if Haswell or Ivy Bridge ever received any patches in the end, I certainly didn’t see any firmware update from motherboard vendors. There seemed to be so many reports of things breaking anyway, that I didn’t bother after a while.

    • chuckula
    • 1 year ago

    Would have posted sooner but…. well you know.

      • derFunkenstein
      • 1 year ago

      at least it’s not [url=https://techreport.com/news/33109/intel-acknowledges-haswell-and-broadwell-reboots-after-patches?post=1065510<]rebooting after every word[/url<] on you any longer.

    • auxy
    • 1 year ago

    How come there is no option for “I have elected not to patch my systems” or “I have disabled protections”? (;’ω’)

      • Prototyped
      • 1 year ago

      That’s the cheese option one would think. I voted for the cheese option.

    • Ryu Connor
    • 1 year ago

    Hard to notice something you manually disabled.

    • timon37
    • 1 year ago

    There should also be a “Yes, my PCs and other devices have noticeably slowed down, as they always seem to with each passing month while I scratch my head wondering why, and sooner or later I will be forced to upgrade the hardware…”

    • reckless76
    • 1 year ago

    I haven’t noticed a difference, but I’m not even sure if I’m all patched up. And I keep myself in ignorance because once I know for sure they’re installed, I’ll likely notice a huge difference in performance whether or not there actually is any.

    • TheRazorsEdge
    • 1 year ago

    I maintain multiple ESXi clusters due to a requirement for isolated networks. The older hosts were hit really hard.

    Not sure if this is due to ESXi or Windows patches (predominantly running Windows guests).

    McAfee HIPS and VSE are also noticeably more of a burden on older servers, regardless of physical vs virtual.

    On the bright side, there will be an early tech refresh because of this, so I won’t complain too loudly.

    • Srsly_Bro
    • 1 year ago

    Can we get a different option?

    Asking if it has slowed down the system, with “no, I haven’t noticed”, isn’t quite right.

    It should be, “I haven’t noticed a slow downs despite the patches.”

    Or just, “I haven’t noticed any slow downs.”

    A person can’t really say “no” without verifying if patches did slow down the system after updating.

    • notfred
    • 1 year ago

    I run Linux on old hardware – Core 2 Quads and a Core i7 920. These have all noticeably slowed in general usage.

    Many of the workarounds take different forms on different processors. The more modern processors have additional capabilities and instructions (e.g. INVPCID) available that make the workarounds less of an impact. My ancient hardware lacks this and so has to take a more convoluted workaround with more of a performance impact.

    • xrror
    • 1 year ago

    For those who want to test, there’s still GRC’s InSpectre utility where you can toggle the Meltdown and Spectre mitigations on/off.

    [url<]https://www.grc.com/inspectre.htm[/url<]

    • Chrispy_
    • 1 year ago

    Noticed slowdown? Yes.

    In the grand scheme of things, it’s no big deal since the servers are over-specced and workstations don’t suffer as much as the servers.

    • Waco
    • 1 year ago

    Servers, absolutely (I build/support/design storage systems for HPC). At home? No real noticeable change since my workloads (gaming/media consumption) aren’t very IO-centric.

      • DancinJack
      • 1 year ago

      Guessing this is the case for 99 percent of users here, including me. Servers at work show slowdowns sometimes, but home PCs are more or less the same.

        • Waco
        • 1 year ago

        I imagine so. If I benchmark I can see a difference, but otherwise it’s a nonissue at home.

      • Veerappan
      • 1 year ago

      Agreed. We’ve got a bunch of Linux-based Oracle DB servers at work that seem to have taken a nosedive in performance after the Meltdown updates were applied. What used to take 10-15 minutes to run is now clocking more like 30-35 minutes.

      Maybe other changes affected the performance as well, but I believe a good amount of the slowdown was attributed (by others, I don’t DBA) to Meltdown updates.

        • Waco
        • 1 year ago

        My DB2 instances were similar till I disabled the mitigations (nearly 40% down in transaction rates). Luckily these servers have no local users.

    • K-L-Waster
    • 1 year ago

    Haven’t noticed much difference on my main system (8700K). AFAIK the Skylake and later generation saw little performance impact, so this isn’t too surprising.

    My HTPC theoretically may be more affected as it is Haswell era (I don’t have the model number top of mind at the mo), but since it doesn’t do much more than fire up a media player it hasn’t been a problem.

    • Firestarter
    • 1 year ago

    I haven’t seen any difference but to be honest I haven’t really been paying attention either

    • wingless
    • 1 year ago

    I have an old 2600K. The patches slowed down or possibly messed up the boot process on my computer in Windows 10. I reinstalled the OS for good measure but still have the extremely slow boot issue when getting to the login screen. My SSD and all HDDs are healthy. I also noticed that applications seem to load slower, even after the OS refresh.

    If these patches didn’t make my computer slower then some other Microsoft patch did. These problems occurred specifically after these updates were announced.

    • srg86
    • 1 year ago

    Haswell i7 running Linux as my main desktop and Skylake i5 on my laptop running Win 10 and Linux.

    Microcode update though OS on desktop and though BIOS on laptop. Plus KPTI etc.

    I’ve not noticed any difference, all a storm in a teacup from my perspective.

    • MileageMayVary
    • 1 year ago

    I’ve noticed an increase in CPU time on my servers post patching (Xeon E5-2670v3). Home systems are mostly AMD and haven’t been impacted.

    • Zizy
    • 1 year ago

    I didn’t notice anything on the personal PC. I am painfully aware of the patches for the W10 workstation, while the W7 workstation is fine – it hasn’t been updated in the last several years.

    • Sahrin
    • 1 year ago

    Using a Haswell i7 system as my daily driver right now, and it’s gotten painfully slower since the patch.

    Thanks, Intel.

      • cygnus1
      • 1 year ago

      My Haswell i7 hasn’t slowed down noticeably at all. Fully patched and verified with InSpectre. You may want to look at other causes if you’re seeing a painful slowdown for regular desktop or gaming usage.

        • MOSFET
        • 1 year ago

        I wouldn’t call it a painful slowdown on recent Intel CPUs like Kaby Lake, but Ivy Bridge back is noticeably slower for me, whether we’re talking 35W laptop chip or 69W server chip.

          • cygnus1
          • 1 year ago

          I guess Ivy is one generation back, but what do you actually notice is slower? My Haswell system doesn’t “feel” any different. I’m sure benchmarks *could* show a difference, but it’s got to be so low as to be insignificant. I just don’t notice any difference myself. Boot up feels the same, apps feel the same, games feel the same…

      • DancinJack
      • 1 year ago

      What is painfully slower since the patches? Specific tasks?

    • stdRaichu
    • 1 year ago

    I think the results will vary heavily depending on people’s workloads. As TRs benches showed, you needed a benchmark to notice any difference at all in most games – where they’re processor (either CPU or GPU) limited, largely in userspace, so the impact is minimal and perhaps even negligible once mitigations are factored in.

    However anything that uses a great deal of syscalls and/or heavy IO… the performance regression on those sort of workloads is usually noticeable without a stopwatch like the app startup times TR mentioned.

    For instance, my ffmpeg transcoding jobs don’t appear to have slowed down much at all, since they’re entirely CPU limited. The demux and mux jobs however are a good 10-15% slower.

    Phoronix has a good example here from when the initial round of mitigation patches went out (before any of the BIOS updates etc):
    [url<]https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2[/url<] x264 is pretty much untouched whereas all of the synthetic and real-world benches with a significant IO component like FSmark and PostgreS show some pretty major performance drops.

    • cygnus1
    • 1 year ago

    I don’t think my homelab servers are ever getting patched (E3/E5 V1/V2 Xeons) but my Haswell desktop doesn’t seem noticeably slower.

    • RickyTick
    • 1 year ago

    Patches? We don’t need no stinking patches!

      • jihadjoe
      • 1 year ago

      Swiss cheese!

      • MileageMayVary
      • 1 year ago

      Specially comin from Headly LaMar

      • tipoo
      • 1 year ago

      Fuggin patches
      [url<]https://www.youtube.com/watch?v=JR3yu1ABrsw[/url<]

    • Peffse
    • 1 year ago

    I don’t know what to vote for! My PC isn’t noticeably slower, but my dedicated server is toast and completely unusable, while my backup PC hasn’t been patched yet. I guess I’ll use my toast and make some grilled cheese.

    Honestly, I’m watching what AMD does for my next CPU choice.

      • Redocbew
      • 1 year ago

      When in doubt always vote for cheese.

    • MadMac_5
    • 1 year ago

    I’ve been doing some testing and benchmark work in my old i5-3470 with a Geant4-based simulation package for nuclear medicine and radiation therapy applications, and after applying kernel updates and new microcode to Linux Mint 18.1 that mitigate Meltdown and Spectre the exact same simulation run takes about 6% to 7% longer to execute. I wasn’t able to try out any motherboard BIOS updates since those aren’t available for the Z77 board I was using. This simulation hits the CPU pretty hard and can generate enough output that running it on a RAM drive (pre- and post-patch) speeds it up by around 30% compared to a spinning disk.

    I’m still mulling the implications of this so I can make a recommendation to the user community, but right now for people who have older compute hardware (ie. clusters or multi-socket workstations they can’t afford to replace right now) I may recommend not installing the Meltdown/Spectre patches if the machine never touches the Internet. If a simulation takes multiple days to run, an extra 6% could be the difference between getting results in before a deadline (ie. grant applications, conference submission) and missing the window completely.

      • psuedonymous
      • 1 year ago

      [quote<]This simulation hits the CPU pretty hard and can generate enough output that running it on a RAM drive (pre- and post-patch) speeds it up by around 30% compared to a spinning disk. [/quote<]That sounds like an I/O limited scenario (hardest hit by SPECTRE patches), and a perfect candidate for Optane in installs where you are already at the RAM limit. If you're seeing 30% speedups for datasets that can fit in RAM, it would easily pay for itself in time savings.

        • frenchy2k1
        • 1 year ago

        The patch that is hurting IO the most is for Meltdown, as this forced to fully separate kernel and user memory maps and flushing at every change.
        IO is mostly moving data from kernel space (driver access) to user space.

    • superjawes
    • 1 year ago

    #notallcheese is full of holes!

      • EndlessWaves
      • 1 year ago

      Not yet

    • derFunkenstein
    • 1 year ago

    Yes. I elaborated on this answer in the comments of Jeff’s benchmarks. I thought I was imagining it until I saw the numbers:

    [url<]https://techreport.com/discussion/33299/recent-pcs-have-little-to-fear-from-intel-spectre-microcode-updates?post=1070041[/url<] [quote<]That 13.5% dip in app load times pairs with what I thought I was just imagining on my work laptop (Dell Latitude i7-6600U, 16GB, 500GB AHCI M.2 drive). I had just figured I was dreaming that it felt slower to open apps, particularly Visual Studio, and then also opening a pretty large solution. Office apps have felt like they still perform similarly, but it never took long to open Excel in the first place.[/quote<]

      • nerdrage
      • 1 year ago

      I’ve also noticed a significant slowdown in Visual Studio on my work laptop when compiling and running large web solutions. In my case it’s a i5-6200U (Skylake 2C4T which was [b<]already[/b<] pretty slow [b<]before[/b<] the patches). When I started working here a little over a year ago, the IT folks wiped the installation of Win10 that came with the machine, and put a Win7 image on it. So I'm [b<]also[/b<] missing out on the kernel optimizations in Win10 that would've reduced the performance impact... 🙁

        • derFunkenstein
        • 1 year ago

        Oh, yikes. At least I have Win10 on my system. 😆

        I think the only real difference between your 6200U and my 6600U is clock speed, and maybe a little cache.

        I was super disappointed when the Helpdesk forwarded me the order last November. I was hoping for an HQ-series i7, but my boss didn’t specify. He just said to get me an i7. :-/

Pin It on Pinterest

Share This