Single page Print

Recent PCs have little to fear from Intel's Spectre microcode updates

Testing the side effects of Spectre-cide

The Meltdown and Spectre vulnerabilities still loom over the world's computer users as companies scramble to mitigate them. Like many PC owners of late, I've been biting my nails waiting for Intel to issue stable versions of its Spectre-mitigating microcode updates and for the blue team's hardware partners to bake them into new firmware for  their products.

I'm still waiting on a microcode update for my aging Haswell desktop, but Dell issued a new firmware update for my Alienware 13 R3 last week that promised some Spectre-cide™ goodness for the Core i7-7700HQ inside. Before I patched that system, though, I wanted to record some pre-patch performance numbers to see just how much I was giving up by fully protecting my system against these vulnerabilities (or as fully as possible, at least).

Part of the fear surrounding Meltdown and Spectre, aside from the potential for the leakage of sensitive data, is the potential performance hit from patching those vulnerabilities. Intel has claimed from the beginning that any performance hit from the Spectre and Meltdown patches would "not be significant," was "highly workload-dependent," and might change with time as the mitigations for those vulnerabilities were refined. Early tests from some sources foretold potentially large slowdowns for servers, but just like Intel says, the potential slowdowns range from "minimal" to "measurable" depending on workload, according to Red Hat. Those projections are more for data centers running atop Linux than Windows desktops, though.

Microsoft does have some ideas for the kinds of performance hits we should expect on PCs, and its work suggests any performance changes will be CPU-dependent and operating-system-dependent. Redmond expects that systems with Skylake and newer CPUs might experience "single-digit slowdowns," while "some owners" of Haswell and older parts should expect to notice the slowdowns from these patches. Those projections are for systems running Windows 10, too. Microsoft advises that older versions of Windows on Haswell and older chips will experience a noticeable performance hit.

With all that in mind, my Kaby Lake laptop running Windows 10 should be the best-case scenario for post-Spectre patch performance. Until Intel issues stable microcode updates for Haswell and older CPUs, we won't be able to gauge just what the effects of Spectre-cide might be for those systems—and that assumes big PC companies and motherboard makers plan to go to the effort of issuing new firmware for their older products in the first place.

One thing is for certain: this story is far from finished. Spectre and Meltdown represent classes of attacks, not a single bug that can be exterminated with a single patch. It's important to remember that the microcode updates Intel is issuing are mitigations, not curatives. These patches may make Spectre much harder to exploit, but if there's one group one never wants to underestimate, it's security researchers. We may yet see new and novel ways of exposing privileged data through processor side channels. For now, whatever margin of safety Intel's patches claim to afford seems worth having. Let's see how much performance we're trading for those safeguards.

Our testing methods
Our test system was configured as follows:

Alienware 13 R3
CPU Intel Core i7-7700HQ
Memory 16 GB (2x 8 GB) DDR4-2666
Graphics card Nvidia GeForce GTX 1060 6GB
Storage Samsung PM961 512 GB NVMe SSD

There are a lot of moving parts in testing the performance implications of Spectre and Meltdown between operating system updates and microcode changes. Microsoft has already issued the operating-system-level patches necessary to stop Meltdown cold on affected PCs, though, and I let Windows automatically update on my personal system, so the effects of those changes are already in place whether I like them or not. I'm not particularly concerned about the effects of Meltdown mitigations here, either, since Microsoft calls out Spectre patches as the ones with the largest potential performance impact.

Still, I isolated our before-and-after comparisons to just one change: a Spectre-related firmware patch on an otherwise fully-updated Windows 10 machine. I ran my tests back-to-back, immediately before and immediately after I applied the necessary firmware from Dell. That fact means we should be looking at the performance impact of that one patch and little else.

We tested using Windows' Balanced power plan. To ensure accuracy, we ran each benchmark at least three times and took the median of the results. Our tests were conducted with the system connected to AC power.

Our testing methods are generally publicly available and reproducible. If you have questions regarding our methods or results, leave a comment on this article or join us in our forums.

First off, we have several synthetic JavaScript benchmarks that give us a good idea of single-threaded performance changes. These benchmarks should be broadly relevant for the speed and responsiveness users enjoy when scrolling through Facebook, Twitter, and other anxiogenics in this modern age.

Across all of our JavaScript results, we get mid- to high-single-digit percentage decreases in performance. The fully-patched Core i7-7700HQ falls 6.7% behind its unfettered self in Jetstream, 9.7% behind in Octane, and 7.3% behind in Speedometer, though Kraken doesn't seem to be hurt much by the new microcode.

On the whole, a geometric mean of the performance changes we saw suggests a 6.1% loss in these benchmarks. That may not sound like much, but in this day and age, that kind of figure can encompass an entire generational change's worth of performance for Intel CPUs. To be fair, most recent systems feel sufficiently snappy in day-to-day use, but every little bit helps.