Upcoming security fix may decrease performance on Intel’s CPUs by up to 30%

We all know that Intel’s CPUs run extremely well all modern games, and way better than AMD’s offerings. However, things may change as an upcoming security fix may decrease overall performance on Intel’s CPUs by up to 30%.

According to reports, a fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels. Microsoft will soon roll out these changes in an upcoming update and according to early benchmarks, there will be an impact of 5-30%, depending on the task and the processor model.

What’s really interesting here is that this security bug/issue affects a lot of Intel’s CPUs. In fact, this bug is present in all Intel processors that were produced in the past 10 years.

As TheRegister reported, this security issue allows normal user programs to discern to some extent the contents of protected kernel memory.

“It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the contents of protected kernel memory.

The fix is to separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

Whenever a running program needs to do anything useful – such as write to a file or open a network connection – it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes’ virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel’s code and data remains out of sight but present in the process’s page tables.

The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.”

Furthermore, it appears that this security fix will only affect Intel’s CPUs. AMD claimed that its CPUs are not subject to these types of attacks.

“AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.”

Microsoft will issue this security fix next week, so we’ll be sure to benchmark some games in order to see how much this fix will affect the performance on our Intel CPU.