Discussion in 'Operating Systems' started by mbk1969, Jan 5, 2018.
Do these have any performance fixes?
What do you mean specifically? Getting faster again, or was it sarcasm I just didn't get? I guess they will be slowing down performance in some way, but only a guess.
He probably means the newer windows 19H1 builds have a newer code to migrate these attacks that don't hit performance.
Oh I wasn't aware that those fixes that don't hit performance actually exist. Thanks for mentioning it (I'm still angry about how they treat this whole matter in general though)
I am not running that newer builds so I don't know if that is true. Have not seen any reports of it yet.
If my memory is good, it was Google who enabled these fixes and then it getting ported into windows new upgrade.
Yes, this is what I was referring to, and I'll assume that mbk1969 is confirming this.
That fixed comment from mbk1969 is directed at my great spelling ability
Microsoft updated KB4100347 page for 1803 (Dec 11, 2018)
Yeah it's based on linus/google retopoline or something like that. No perf. Impact at all.
thought I would chime in here regarding affect on performance (in windows, not done proper analysis yet on bsd/linux)
Host machine is old generation intel i5 750, so does not have accelerated PTI (no PCID).
Guest machine is windows 10 build 1803
I first ran various benchmarks such as passmark, pc mark etc. as well as observed responsiveness on general usage with vmware esxi up to date, and windows all on default settings. Start menu had noticeable lag appearing, UAC prompt had a delay appearing, some apps just felt laggy such as vivaldi web browser. Remember this is older gen host hardware and VM's feel the brunt of the mitigation's much more than barebone systems.
I then ran inspectre tool and disabled spectre + meltdown mitigations, used the system some more and reran bench's.
Then using microsoft's instructions also disabled SSB which inspectre is not aware off
At this point the result was a noticeable improvement of things like UAC prompts, start menu appearance time and vivaldi web browser. But it still didnt feel the same as before I patched esxi.
On the benchmarks raw cpu performance was barely impacted, easily within 1-2%. However i/o performance was heavily impacted. This left me kind of surprised given things like UAC prompts were clearly slower and they had no measurable i/o load, so concluded that the i/o impact somehow also can affect ram i/o. Simple things like opening the vivaldi settings window were much slower with full mitigation's enabled.
So one thing I learnt is benchmarking does not necessarily paint an accurate picture. It showed big impact on i/o practically nothing on raw cpu performance, but yet I could clearly notice a slower experience.
Next I tested vmware's instructions for disabling features from updated cpu microcode in the guest OS, you can do this by disabling certain feature flags been presented to the guest OS, given I had already disabled mitigation's in the guest OS I expected no impact, but surprisingly it pretty much doubled the benefit on i/o benchmarks and responsiveness noticeably further improved.
Finally i downgraded esxi to a 2017 build so it had no mitigation's host side whatsoever and of course no cpu microcode updates, this was no different to having the new version whilst using the feature flags override above.
For bare metal I still have a personal opinion that for a typical end user, the risk of spectre/meltdown compromise is fairly low, extremely low if their system has good security layers already in place. But if the performance hit is almost non existant then there is no harm in enabling it, the issue comes if it is measurable. In 2019 microsoft plan to rollout reptoline in a newer build of windows 10, that and PTI on PCID cpu's is probably reasonable. Otherwise I would keep the mitigations off.
There is also the issue with cloud environments, the security risk is notably higher, hence the rush of AWS etc. to patch their systems, however if you like me and the host ESXi/proxmox is managed by yourself and you trust all your guest systems (in my case all the guest systems are for my personal use), then the security mitigation's are probably moot.
As a final note whilst I have yet to do a proper analysis of performance inside gues linux/bsd OS I have observed host cpu utilisation on proxmox.
On a idle opnsense with full mitigations enabled on proxmox host cpu usage is around double vs all mitigations disabled on host. So even if best case scenario the guest OS is same speed, it is using double the cpu utilisation to achieve that.
I just checked those 2 registry values on my system and they're both already set to 3. I'm using an old version of mcupdate_GenuineIntel.dll so maybe that's why? I also have both Spectre and Meltdown disabled in Inspectre
I have not toyed with enabling/disabling all those Spectre and Meltdown mitigations on my Win10 1803 (all is updated and on default settings), and performance is good enough for me - no noticeable impacts. Of course I am gamer, not professional benchmarker...
Yes, I get the same thing, Inspectre tool is disabling all, at least one's Chrysalis posted links to.
Bear in mind my benchmarks showed no difference within 1-2% only, what made me do the tests in the first place is that the guest OS slowed down massively, I simply noticed it from general usage after I patched esxi.
Its a different story on my barebones coffeelake.
I got some new microcode update from MS updates 1/9/2019, again I cant say I see any difference in normal usages or my games which all that maters to me.
Your avatar reminded me that I have a crush on Aerith... * sigh *
who didnt back in the day when we were kids?
Her death to this day in FF7 was most saddening thing in any game i played to date