Microsoft Details Performance Impact of Spectre and Meltdown Mitigations on Windows Systems

Microsoft's Windows chief Terry Myerson on Tuesday outlined how Spectre and Meltdown firmware updates may affect PC performance. From a blog post: With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don't expect most users to notice a change because these percentages are reflected in milliseconds.

With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance. With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.

Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel.

Re:Really?

What — exactly — do you expect Microsoft to do? They didn't make the hardware and they can't fix this in software. I believe the fact that they're offering the choice (on Server at least) of suffering the performance impact or not shows an extraordinary degree of pragmatism. I honestly can't imagine a better response; how would you have them change it?

Re:WHAT ABOUT AMD????

[barc0001]

*Some* AMDs are bricked, older chips.

Planned Obsolescence

[xxxJonBoyxxx]

>> With Windows XX on older silicon (2015-era PCs with Haswell or older CPU)...we expect...a decrease in system performance. (So plan to buy a new proc from our licensed PC distributors soon.)

Re:Planned Obsolescence

[link-error]

    Except Intel changes the socket format so frequently, I've almost always been forced to by a new motherboard... and new memory.

Re:Planned Obsolescence

[Dog-Cow]

Yes, that's older. It's how time works. Look into it when you have some.

Re:Planned Obsolescence

[thegarbz]

What's a GHz? Is that some irrelevant performance metric from the 90s?

In other news The Pentium 4 had more GHz than the competition. Ever wondered why it was laughed at?

Time to upgrade

[postmortem]

Folks, your CPUs 2015 and older are obsolete ... how convenient for Wintel.. get that fancy new CPU and another copy of Windows 10, because what you have today is OEM version, so with a new CPU you'll need a new Windows copy.

Re:How is 2015 old?

[dstyle5]

If you are using one of these "old" processors you haven't bought a new one and supported their good friends at Intel recently. Come on, get with the program, consumer. Also pick up a Pro or Enterprise version of Windows while you buying your new Intel processor, chum. ;)

Re:Really?

Actually, this is a software (more precisely, a compiler) problem. The problem is that the modern compilers
make it difficult for these modern CPUs since they don't clearly instruct the CPU on how to proceed.
So the CPU has to speculate (a.k.a. guess) what instruction it should do next. If the compilers produced
better code in a more organized fashion, then the CPUs wouldn't have to be guessing all of the time, amiright?

(Hey, you know this is the next step in the blame game - watch somebody make a serious thread of this.)

CAP === 'spells'

Free speed upgrades for Appdoze 10!

[PingSpike]

That's the nice Windows 7 you got there. It'd be a real shame if something happened to its performance.

Re:Free speed upgrades for Appdoze 10!

Or better yet, don't run EOL software.

Retard alert! Win7 has more than two years before EOL.

Re:Free speed upgrades for Appdoze 10!

[Wrath0fb0b]

Dude, they agreed with this conclusion and moved font rendering out of the kernel.

I can't imagine being your coworker if every time someone admits they made a mistake and correct it, you harp about how wrong they were in the first place. We get that you are Very Smart and were in fact right along along, being ungracious about it is not making you seem smarter, it's making you seem just as smart but more of a jerk.

Re:Sandy Bridge processors info

[Hal_Porter]

Your performance will be fucked six ways to Sunday if your workload does a lot of user to kernel mode switches. Unless you fancy waiting for Intel to release fixed chips and then buying a new CPU and a new motherboard to put it in.

Ironically Intel forcing people to buy new motherboards to switch between very similar CPU generations coupled with the fact that any Intel CPU you buy now still has the bug means that its just as easy to buy an AMD CPU and motherboard than an Intel one.

Then again a new Intel chip has Process Context ID support which means the workaround for the bug is relatively low impact.

Re:security versus performance tradeoff

[jwhyche]

I find that statement interesting. I was playing GTA 5 on a i7-6700K last night and didn't' notice any performance impact from the game. I was running over goats just as well as I always have been. Do you have any benchmarks you can provide, before and after?

Re:Complexity unfortunately means Holes.

[110010001000]

"Modern CPU's are almost like mini-computers"

Genius!

Re:Honest reasons why 'Windows 7' isn't good enoug

[Hylandr]

Windows 10 sucks (quantify that)

1. Keyloggers that send your keystrokes to Microsoft to serve targets ads in the OS. *cough* I mean 'Telemetry'.
2. Inability to control patches / updates
3. Reduced control over a system I *own*

There's a good start.

Re:Honest reasons why 'Windows 7' isn't good enoug

[TheDarkMaster]

Windows 10 is a nice kernel but with an GUI made by preschool children on top of it... Maybe I change my mind and switch to it when the interface be made by real professionals, until then I'll continue with Windows 7.

Re:Only here

[110010001000]

You are right. You can't expect Microsoft to fix their older operating systems that are under support. They just don't have the manpower or money. Everyone should just install Windows 10 (starts at only $119). And you also shouldn't expect Intel to fix their stuff either. It isn't like they have money to fix their stuff either. Just buy a new chip when it comes out. Problem solved.

Re:Sandy Bridge processors info

[WaffleMonster]

Not worth supporting is more like it. It may sound like this is going to spell losses for Intel, and I'll grant that they've seen a momentary dip in stock prices, but you can bet good money that this will ultimately result in a rush on new Intel hardware to replace "bad" hardware. And people will just throw piles of cash at them, because reasons.

There is no new Intel hardware available for sale to replace "bad" hardware. There *IS* however new AMD hardware.

Re:Really?

[spire3661]

I expect them to give me a choice to install this patch or not.

Re:Really?

[K.+S.+Kyosuke]

Hey, you know this is the next step in the blame game - watch somebody make a serious thread of this.

Too late; Itanium engineers did this two decades ago. ;)

Re:Really?

[EndlessNameless]

It's pretty fucking obvious that MS are trying to take advantage of the situation to get more users to finally switch over to Spyware 10 by fearmongering.

Not at all.

Since Vista, Microsoft has been on a very deliberate path of reducing dependencies, streamlining interfaces, and stripping legacy cruft within Windows. They have been modularizing the Windows kernel and kicking more functionality into user space for over a decade. This isn't news. I'm sure they're glad that it finally paid off though.

You are conflating the architectural improvements with the intrusive telemetry. They are two entirely different issues. In fact, I wouldn't be surprised if the people who argued in favor of the current kernel design turned around and argued against the always-on telemetry. (Everyone wants telemetry during development; it only becomes stupid when you force users to transmit it.)

Windows 10 with ad hoc measures to suppress telemetry is a much more secure operating system than Windows 7 or 8. If you value security and require Windows, that is where you should land. This is doubly true for enterprise users, as they can acquire Windows licenses which allow them to completely disable telemetry.

Re:Wow amazing coincedence

[ChoGGi]

PCID is supported on Westmere (2010) and up.

Re:Really?

[TheFakeTimCook]

Actually, this is a software (more precisely, a compiler) problem. The problem is that the modern compilers
make it difficult for these modern CPUs since they don't clearly instruct the CPU on how to proceed.
So the CPU has to speculate (a.k.a. guess) what instruction it should do next. If the compilers produced
better code in a more organized fashion, then the CPUs wouldn't have to be guessing all of the time, amiright?

(Hey, you know this is the next step in the blame game - watch somebody make a serious thread of this.)

CAP === 'spells'

Actually, no. You're NOT right.

Speculative branch prediction happens because there is NO WAY for ANYONE to know whether a Branch based on DATA will have to be taken or not. Otherwise, there wouldn't have to be CONDITIONAL branches AT ALL!

I see software development is NOT your forte, amirite? ;-)

I haven't noticed any slowdowns

[jonwil]

I am running a Skylake Core i5-6500 with 8GB RAM and a 250GB Samsung SSD with Windows 7 Home Premium and I have the patch installed and haven't observed any slowdowns.

Just kicked of a full compile (in VS 2017) of a large (~2100 files) project I have here and I saw no noticeable slowdowns compared to how fast the thing compiled before the patch. And such a thing would be highly I/O bound (reading all the input source files and things, writing out compiled obj and other files, reading toolchain binaries etc) and likely making a lot of kernel-user transitions.

I have no games on here that are demanding enough to show any observable difference between old and new so I cant test those.

Re: Really?

[dryeo]

WTF is any operating system doing rendering fonts in ring 0? This was one of the reasons for the MS and IBM divorce, MS wanting to run stuff (video drivers) in ring 0 for performance and IBM refusing for security.