Intel, ARM, and AMD are dealing with a significant security flaw that affects all sorts of computers including smartphones, laptops, and desktops, as well as cloud servers. Intel seems to be most affected by the issue. It’s a hardware problem that needs to be patched via a software update so that hackers can’t exploit it to steal sensitive data like passwords. The fixes will also slow down computers by between 5% to 30%, according to some researchers.
Intel downplayed the risks in a press release the other day, and says that most users won’t notice the slowdown. But is that really the case?
As The Register explains in a post that picks apart Intel’s “crap attempt to spin its way out” of the CPU issue, performance issues may vary just like Intel says. But some users will notice it.
“Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,” Intel said, suggesting that additional fixes will be released over time.
The Register says that the fixes involve the implementation of Kernel Page Table Isolation (KPTI) so that the kernel can’t be accessed by any other apps running on the computer. That’s how you keep the hackers away from sensitive data. And that’s what will be responsible for the reduced performance.
The downside is that whenever an application needs the kernel to do something useful, such as read a file or send some network traffic, the CPU has to switch over to the kernel’s virtual address space. This takes time and doing it a lot will slow down the machine.
The report notes that if all you do is play games on your computer, then the PC won’t see a slowdown because the software rarely jumps to the kernel. The same thing happens if you use the computer to browse the internet, write emails and type documents. “If you do a lot of in-memory number crunching, you won’t see much of an impact because again the kernel isn’t getting in the way,” The Register says. Furthermore, process context identifiers (PCID) support enabled on your hardware and kernel would minimize the performance hit.
You’d really notice the speed “if you hammer the disk, the network, or use software that makes lots of system calls in and out of the kernel,” and if you lack PCID support.
Data centers and enterprise computers may be impacted the most. Because of slowdowns, cloud service prices could increase because computers will need more time, and therefore more resources, to process data. Those extra costs might be passed along to customers.
Finally, next-gen devices that are about to be unveiled may also suffer slowdowns. Device makers will have to see whether the performance gains they would have advertised for new laptops, tablets, and desktops packing Intel and ARM hardware still stand after the patches are applied. Only a hardware redesign will permanently fix these flaws, and it’s likely that many 2018 devices will have software fixes in place rather than new chip hardware.
As soon as computers are patched, benchmark tests will reveal exactly what kind of performance hits we should expect.