Tech Titans Downplay Meltdown And Spectre Patches' Performance Hits


Amazon, Apple, Google, and Microsoft are reporting that their compute performance has been largely unaffected by the patches for Meltdown and Spectre.

The news of the Meltdown and Spectre security vulnerabilities, which together affect almost all modern CPUs, has been sweeping the web since the start of the year. The fix for Meltdown, an OS-level method of mitigation called kernel page table isolation (KPTI), has now been implemented for major operating systems, including Linux, macOS, iOS, Android, and Windows. Mitigations for Spectre, which is actually two different vulnerabilities, are currently less understood, however. Fixes, so far, have involved program-level, OS-level, and hardware-level patching, but it seems there isn’t a single solution to both of the Spectre vulnerabilities.

Meltdown has a singular fix across all operating systems because the vulnerability results from an optimization present in specific CPUs, namely Intel’s and some of ARM’s. With no way to fix the CPUs, the only way is to apply a heavy-handed approach that nullifies the optimization within the OS--KPTI. It was known that KPTI would, in theory, have a real performance cost. The earliest tests on Linux with worst case scenarios showed performance drops of up to 30%.


Intel denied the performance drops, saying that there would be a negligible impact for home consumers. Initial testing from the web, including that done by Guru3D, TechSpot, and ComputerBase, seems to support this. However, the worry since the beginning was on enterprise workloads, such as virtual machines and databases. Now that the tech giants have all applied their patches, they’ve all issued their own statement on the performance impact.

Apple didn’t say anything about whether its back-end services suffered. Instead, its statement focused on macOS and iOS, which it claimed suffered “no measurable” impact in benchmarks due to the the Meltdown patch. Apple has patches for Spectre coming, which it claims have a measured 2.5% performance impact.

Microsoft issued a statement about the maintenance it did for its Azure cloud computing service saying that “the majority of Azure customers should not see a noticeable performance impact.” A caveat was given, though, for customers whose workloads are network heavy. Microsoft recommended turning on Azure Accelerated Networking to mitigate this, but that won’t help those who already had it on. Microsoft didn’t mention which of the vulnerabilities they patched or whether more patches would be coming.

Google said it  deployed KTPI to patch Meltdown and its own software method, dubbed Retpoline, to fix one of the two Spectre vulnerabilities. Google said that most of its workloads, including cloud infrastructure, saw a “negligible impact on performance” and warned of the “exaggerated impacts” shown by microbenchmarks.

Amazon, the company many expected would be impacted the most by KPTI, issued a statement focusing on its EC2 virtual-machine compute farm. The company definitively stated that EC2 customers are protected against Meltdown and both Spectre vulnerabilities. We don’t know what makes Amazon’s case different as, according to Google, one of the Spectre vulnerabilities doesn’t have an effective fix. Amazon also said that it had “not observed meaningful performance impact for the overwhelming majority of EC2 workloads.”

It’s still early days for the Meltdown/Spectre issue. Given how hot the topic currently is, it's understandable why the above companies rushed to give statements. Intel has used the statements to downplay the issue even though they admit that the impact of KPTI remains “highly workload-dependent.” We’re sure to hear more on the performance impact in the coming days.

Create a new thread in the US News comments forum about this subject
12 comments
Comment from the forums
    Your comment
  • hellwig
    Linus Torvalds said you could expect a roughly 5% performance hit. If you're running a datacenter with thousands of computers, 5% can be a HUGE hit in terms of power and cooling costs. 5% of your costs just to work around an architecture blunder.
    5
  • kookykrazee
    So, 5-30% drop is cpu. That is not cool. To say not noticable, for the average user is disingenuous to the users that peruse Toms and Endadget. Most of the users are NOT average users. I will be very upset if I lose UP TO 30% of the CPU usage of my CPU!
    6
  • bigdragon
    I am curious to see post-patch benchmarks of Intel chips vs. AMD chips. I have a suspicion that Intel's performance advantage may evaporate. This is especially true if AMD is actually immune to Meltdown and therefore does not need performance-impacting patches.
    3