Do The Meltdown and Spectre Patches Affect PC Gaming Performance? 10 CPUs Tested

Imagine that nearly every PC, server, and mobile phone on the planet was suddenly vulnerable to data theft at the hands of nefarious actors. Then, imagine the exploit responsible for this vulnerability couldn't be detected by antivirus software because it merely took advantage of normal CPU operations.

Although this sounds like a bad movie script, it unfortunately became a known truth during the first few days of 2018.

On January 2nd, The Register exposed Intel's then-secret Meltdown and Spectre vulnerabilities through investigative journalism. But unbeknown to most of the world, Google’s Project Zero researchers, along with two other independent teams, discovered the vulnerabilities 200 days earlier. As a courtesy, the researchers gave Intel, AMD, IBM, Qualcomm, and ARM a grace period to develop mitigations before making their findings public. Those companies, along with developers contributing to Windows and Linux, worked together behind a veil of secrecy for months.

Perhaps understandably, the initial response to The Register's report was chaotic because it preempted that planned group disclosure. What happened after, though, appeared to be a comedy of errors, especially given the amount of time affected companies had to prepare.

Then again, the firms were trying to plug holes that were baked into hardware and software for more than a decade. In fact, nearly every Intel processor since 1995 was found to be vulnerable, so fixing the issues without breaking compatibility proved to be a mind-boggling challenge.

The patches supposedly have performance implications. So now that the industry is a month into cleaning up its mess, we're ready to start assessing the damage. First up: game performance.

The Land Of Patch Confusion

There are two general vulnerabilities in play here, and they're broken up into three categories. Variants 1 and 2 are what we've come to know as Spectre, while Variant 3 is Meltdown. Intel, ARM, and Qualcomm are susceptible to all three, while AMD is only affected by Spectre.

As we can see, Variant 1 and 3 can be patched in the operating system, while the most nefarious bug, Variant 2, requires both motherboard firmware/microcode and operating system patches.

The initial industry scramble resulted in a flurry of immature and buggy updates. Because the patches weren't distributed as drivers, processor vendors couldn't push them out directly. Instead, they filtered out through Microsoft, Linux-based operating systems, OEMs, and motherboard manufacturers. A rapid sequence of patches, re-patches, and un-patches confused enthusiasts in the know. Everyone else had to have been completely lost.

This is how bad it got: Intel released a motherboard firmware/CPU microcode patch that could cause reboots, system instability, and potential data loss/corruption. Its partners pulled the update. Microsoft published a patch of its own for AMD systems that left some of them unbootable. It, too, had to reverse course, blaming improper documentation from AMD. A fix was released several weeks later.

For now, Intel doesn't have an operating system or microcode patch for Spectre Variant 2. AMD has an OS patch for it, but the company does not have a microcode update to offer. And because microcode patches will have the biggest impact on system performance, today's benchmark results are subject to change.

Intel says it will provide patches for CPUs dating back five years and then move on to older models. Many folks speculate that we may never see patches for those legacy products, though. Both Intel and AMD claim they will have silicon-based mitigations in their next-gen processors. Of course, it remains to be seen how each company works around their security holes without compromising performance.

For now, one thing is for sure: today's patches, particularly those for Spectre Variant 2, affect performance in some workloads. Older CPUs are said to be hit the worst. Microsoft predicts that "some" users with Windows 10 on pre-Broadwell architectures will suffer noticeable slow-downs, while "most" users on Windows 7 and 8.1 on comparable systems will notice a decrease in performance.

Measuring the impact hasn’t been an easy task in our labs. The changing nature of these patches complicates matters: we’ve begun testing several times only to have a patch altered or removed. We’re diligently working on the next round of application benchmarks, and are expanding our scope to include older CPUs. For now, let's focus on gaming with a good selection of recent Ryzen, Kaby Lake-, and Coffee Lake-based processors.

MORE: CPU Security Flaw: All You Need To Know About Spectre

MORE: Best Gaming CPUs

MORE: Intel & AMD Processor Hierarchy

Create a new thread in the Reviews comments forum about this subject
This thread is closed for comments
31 comments
Comment from the forums
    Your comment
    Top Comments
  • madvicker
    The majority of PC users are going to be on older CPUs than the ones you've tested. These results are only pertinent to the small % of people who have recently bought a CPU / new PC. What about the rest, the majority with older CPUs? That would be a much more useful and interesting analysis for most readers....
  • nikolajj
    I would like to see this done with Intel gen 4 (maybe 3) and up.
  • Other Comments
  • madvicker
    The majority of PC users are going to be on older CPUs than the ones you've tested. These results are only pertinent to the small % of people who have recently bought a CPU / new PC. What about the rest, the majority with older CPUs? That would be a much more useful and interesting analysis for most readers....
  • nikolajj
    I would like to see this done with Intel gen 4 (maybe 3) and up.
  • arielmansur
    Newer cpus don't get a performance penalty.. but older ones sure do get a noticeable one..
  • salgado18
    Anonymous said:
    The majority of PC users are going to be on older CPUs than the ones you've tested. These results are only pertinent to the small % of people who have recently bought a CPU / new PC. What about the rest, the majority with older CPUs? That would be a much more useful and interesting analysis for most readers....


    Last page, third paragraph:

    "so it's possible that the impact on older CPUs could be minor as well (game testing on those is in-progress)."
  • ddearborn007
    Hmmm

    3/4 of all personal computers in the world today are NOT running windows 10. I don't know the exact percentage of gaming systems that are NOT running windows 10, but surely it is substantial.

    Why wasn't the performance hit measured on the operating system running 3/4 of all PC's in the world today published immediately? To date, it appears that these numbers are being withheld from the public; the only reason has to be that the performance hit is absolutely massive in many cases.........Oh, and out of the total number of PC's used world wide, "gaming" PC's are a very small percentage, again begging the question of why tests are only being published for windows 10....
  • LORD_ORION
    Need to test older CPUs... or is this article designed by Intel to stop people from returning recently purchased CPUs.
  • RCaron
    Excellent article Paul!

    I have a question.
    I read originally that AMD Zen architecture had near-immunity to Spectre variant 2 because a CPU specific code (password if you will) (that changes with each CPU) was required in order to exploit the CPU. Which is why AMD was claiming that Zen was almost immune to Spectre variant 2. Is this not the case?

    AMD continues to insist that Spectre 2 is difficult to exploit due to CPU architecture. You left this out, and you continually lumped AMD with Intel with respect to Spectre 2 vulnerability.

    This is misleading to your readers, and portrays a bias towards Intel.

    https://www.amd.com/en/corporate/speculative-execution
  • tripleX
    Anonymous said:
    Hmmm

    3/4 of all personal computers in the world today are NOT running windows 10. I don't know the exact percentage of gaming systems that are NOT running windows 10, but surely it is substantial.

    Why wasn't the performance hit measured on the operating system running 3/4 of all PC's in the world today published immediately? To date, it appears that these numbers are being withheld from the public; the only reason has to be that the performance hit is absolutely massive in many cases.........Oh, and out of the total number of PC's used world wide, "gaming" PC's are a very small percentage, again begging the question of why tests are only being published for windows 10....


    Global OS penetration for Win 10 and Win 7 is effectively tied.
  • PaulAlcorn
    Anonymous said:
    Excellent article Paul!

    I have a question.
    I read originally that AMD Zen architecture had near-immunity to Spectre variant 2 because a CPU specific code (password if you will) (that changes with each CPU) was required in order to exploit the CPU. Which is why AMD was claiming that Zen was almost immune to Spectre variant 2. Is this not the case?

    AMD continues to insist that Spectre 2 is difficult to exploit due to CPU architecture. You left this out, and you continually lumped AMD with Intel with respect to Spectre 2 vulnerability.

    This is misleading to your readers, and portrays a bias towards Intel.

    https://www.amd.com/en/corporate/speculative-execution


    From the AMD page (which you linked)

    Quote:
    Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.


    And...

    Quote:

    GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
    While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
    AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
    Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.



    AMD hasn't released the microcode updates yet, but to its credit, it's probably better to make sure it is validated fully before release.
  • DXRick
    Do the OS patches (without the microcode patches) fix the two exploits? If so, why would we even want the Intel patches at all?
  • timsalt
    you've really missed the point here your covering 7-8th gen intel setups here with the likes of z370 chipsets no good for people with older 6th gen bases on H110 or H170 plus do you guys realise unlike us the components in uk cost a fourtune your 7700k for example here is like £400.00 and when you factor in memory at nearly £100 just for 8GB ! DDR4 at 2400mhz and then gpu's which are way more expensive than us on a micro atx capable board with a i5 is like £600-£700 please really start being a bit more consmer friendly and not so much this is what everyone has lets test that.
  • RCaron
    Thanks for replying but you didn't answer my question.

    Do you know anything about the AMD Spectre variant 2 relating to the CPU code which is required beforehand in order to exploit AMD CPU's using variant 2?

    I'm gathering that the answer is no.

    As AMD didn't mention why they think they're less susceptible to variant 2 in the white paper, I'll assume that what I had was old news and no longer applies. I'm still curious though.
  • theterk
    forget Spectre and Meltdown, I LOVE PUBG DATA!
  • hannibal
    Older cpu most likely will not get microcode updates... and it can be a problem. Have not seen any to my prosessors and my motherboard.

    Win7 is dying out so soon that putting efford to win10 is something that is just sensible. Win7 is popular, so Yep. But end of the support is next year, so most likely not much efford is put in that Front.
  • nate1492
    Rcaron, the phrase used by AMD was entirely PR based.

    'Nearly immune'? You mean the same as 'not immune'? 'Difficult to exploit' is PR for 'exploitable'.

    This is AMD PR pushing a 'Spectre/Meltdown don't affect us... Much!' People wanted to hear that, so they read it in a positive light, rather than the practical light that AMD was also impacted. The simple fact they are releasing patches as well should tell you *everything* you need to know.

    PR versus reality, AMD was impacted too. They are not immune, as they have said.
  • jpeterson015
    Anonymous said:
    Anonymous said:
    Hmmm

    3/4 of all personal computers in the world today are NOT running windows 10. I don't know the exact percentage of gaming systems that are NOT running windows 10, but surely it is substantial.

    Why wasn't the performance hit measured on the operating system running 3/4 of all PC's in the world today published immediately? To date, it appears that these numbers are being withheld from the public; the only reason has to be that the performance hit is absolutely massive in many cases.........Oh, and out of the total number of PC's used world wide, "gaming" PC's are a very small percentage, again begging the question of why tests are only being published for windows 10....


    Global OS penetration for Win 10 and Win 7 is effectively tied.



    That 3/4 estimate is close for gamers though.
    According to the most recent Steam Hardware and Software surveys,
    56% of gamers using Steam are still on Windows 7 64Bit, and 35.4% of users are on Windows 10 64Bit.

    http://store.steampowered.com/hwsurvey/
  • bigdragon
    Most of my gamer friends are still using Sandy Bridge, Ivy Bridge, Haswell, and their E variants. Everyone has upgraded their GPU at least once, but there hasn't really been a compelling reason to upgrade the CPU. Relatively few people are willing to fork over the money required to stay on the cutting edge of computing.

    Tests should really be repeated with CPUs that lack PCID and/or INVPCID flags. I recall these flags and some newer commands are leveraged heavily to protect against Spectre and Meltdown while minimizing performance impact. Not having these CPU features means a more significant impact in gaming. As an i7-4930k user, I've noticed a huge hit to Civilization VI.
  • lun471k
    @DDEARBORN007 According to Steam Hardware Survey, 35% of players are on Windows 10, and ~57% are on Windows 7. 35% is quite a lot.

    I'm pretty sure the performance difference between Windows 7 and actual Windows 10 are negligible.


    That being said, I'm still on Sandy Bridge (2600k) and I too, would like a comparison of older generations, even though they "think" there's only a negligible effect for older gens too.
  • valeman2012
    People who uses HackMod to overclock Non K Skylake CPUs.
    If they get performance and instability impact, so be it...is their fault using the hacked mods.
  • Kennyy Evony
    intel and amd should dump all their current processors to below cost of manufacture due to defects and put new fixed generation up to their current retail prices. Let everyone that doesnt need all the security and uses their pc for entertainment and not security intensive applications enjoy a super cheap systems that run games just fine.