Intel CPUs see slight performance loss with new security fixes — E-cores and Atom chips not hugely affected by RFDS vulnerability

News
By Matthew Connatser
published

It's not the end of the world for Intel CPUs with Atom or E-cores.

Raptor Lake CPU
Raptor Lake CPU (Image credit: Intel)

According to testing from Phoronix, Intel CPUs using Atom cores, which are among the best CPUs for gaming, will see a slight decrease in performance when enabling mitigation against the recently disclosed RFDS security vulnerability. These CPUs include regular Atom processors and hybrid architecture chips, which would mean any Intel CPU with E-cores, from 12th Gen Alder Lake to Series 1 Meteor Lake.

Register File Data Sampling, or RFDS is one of the latest security vulnerabilities to be disclosed by Intel. Essentially, RFDS can allow attackers to indirectly access CPU registers and the data they contain, which can potentially be very sensitive. Although vulnerabilities are never good, RFDS's impact on Intel CPUs is much more limited than vulnerabilities like Meltdown and Downfall, as only Atom CPU cores are affected. This includes E-cores in hybrid architecture CPUs too.

Security issues require mitigations, and Intel has already started patching RFDS. Intel's mitigation for RFDS includes an operating system-level patch and microcode. Phoronix tested the performance implications of Intel's RFDS mitigation on a Core i9-14900K in various workloads on Linux across 46 individual benchmarks.

Phoronix didn't provide figures for average performance with the mitigation enabled and with it disabled, but by our reckoning, performance drops by around 5% overall. The worst performance declines at around 10% in a few tests. However, there were several workloads where performance was more or less the same whether RFDS was mitigated.

These performance losses are pretty tame compared to mitigations for other security vulnerabilities. For instance, the mitigation patches for Downfall can cause a performance loss of 39% in the worst case. The minor impact on RFDS's mitigation is probably helped by the fact that E-cores aren't all that fast in the first place and are only relied on for background tasks and workloads that are heavily multi-threaded. In lightly multi-threaded and single-threaded workloads, the mitigation for RFDS shouldn't cause any substantial performance loss.

An OS patch and a new microcode are necessary to mitigate RFDS. At least through motherboard vendor websites, we haven't seen any BIOS updates mentioning security mitigations for RFDS. However, Linux users got the new microcode through an update to Linux. Windows users will hopefully be able to get the patched microcode through a Windows update.

Matthew Connatser
Matthew Connatser

Matthew Connatser is a freelancing writer for Tom's Hardware US. He writes articles about CPUs, GPUs, SSDs, and computers in general.

See more CPUs News
12 Comments Comment from the forums
  • Alvar "Miles" Udell
    So 0-39% difference in Linux, but what about under Windows? Perhaps TomsHardware could test?
    Reply
  • evdjj3j
    Alvar Miles Udell said:
    So 0-39% difference in Linux, but what about under Windows? Perhaps TomsHardware could test?
    Maybe the Tomshardware of 10-15 years ago.
    Reply
  • Alvar "Miles" Udell
    evdjj3j said:
    Maybe the Tomshardware of 10-15 years ago.

    About 2018 when Future PLC bought Purch (Toms, Anandtech, and many others included) TH really started to go downhill. We started to get fewer articles like "Who's Who In Power Supplies: Brands, Labels, And OEMs" and more what are essentially press releases and "as reported by (site)" articles, making TH more like Techradar (same owner) and just a news website instead of a review site.
    Reply
  • bit_user
    Intel's mitigation for RFDS includes an operating system-level patch and microcode.
    Unlike some mitigations, this one requires both.

    An OS patch and a new microcode are necessary to mitigate RFDS. At least through motherboard vendor websites, we haven't seen any BIOS updates mentioning security mitigations for RFDS. However, Linux users got the new microcode through an update to Linux.
    Yup. Mainstream Linux distros ship microcode updates as normal installable packages. Unless you disable them, you'll get new microcode patches as part of installing regular updates.

    What Phoronix did not test is the impact of restricting work to running on just the E-cores (or P-cores, for that matter). It seems like the mitigation should only affect syscall overhead on the E-cores, having no effect on the P-cores. It sure would be nice to have some confirmation of this, in the form of actual data!

    If true, it could mean that the performance impact on E-cores is significantly worse than suggested in the benchmarks we've seen, so far.
    Reply
  • bit_user
    Alvar Miles Udell said:
    So 0-39% difference in Linux,
    No, you read too quickly. 39% was the estimated impact of the Downfall mitigation. This is completely different.
    Reply
  • The Historical Fidelity
    These security threats just keep coming and coming…
    Reply
  • bit_user
    The Historical Fidelity said:
    These security threats just keep coming and coming…
    A lot of them are hyperthreading/SMT-related, but here's a good example of one that's not!
    Reply
  • RichardtST
    I don't want any of these "fixes" that affect performance. I am the only one on my machine. If the attacker has enough control to execute these attacks then they already have complete control of my machine anyway. I don't want this. I want speed. There are no other users. I want an easy way to turn them all off!
    Reply
  • bit_user
    RichardtST said:
    I don't want any of these "fixes" that affect performance. I am the only one on my machine.
    This one should be easy to disable, in software. Linux gives you a knob to let you do just that.

    RichardtST said:
    If the attacker has enough control to execute these attacks then they already have complete control of my machine anyway. I don't want this. I want speed.
    A lot of these vulnerabilities allow an attacker to steal data by running unprivileged code on your machine, and many of them have been demonstrated to be exploitable via Javascript (or similar) running in a web browser.

    So, my advice would be to do your online financial transactions (and other sensitive accounts) from a machine with all updates applied & mitigations enabled. You could even go a step further and disable hyperthreading, though some vulnerabilities (like this one), don't depend on it.

    If you have another machine that's just for gaming or some task like video editing or software development, then it's probably fine to disable mitigations on that machine. That's what I do, FWIW.

    RichardtST said:
    I want an easy way to turn them all off!
    It's a good question whether there's an easy way to do that on Windows. Anyone?
    Reply
  • lolvatveo
    Intel have to release new microcode unlock all overclock CPU, IGPU, ALL MB CHIPSET for all things Intel locked overclock (6th gen CPU to now) to compensate customers. If there is nothing to compensate, they can be sued.
    Reply