Problem: bad 2D performance in Windows VM versus Windows on bare metal
For the past few months I noticed sluggish 2D graphics in my Windows 10 VM, something that hadn’t happened before. Below are the Passmark 8 results and comparisons between different configurations/releases:
Red graph – Windows 10 (1703) running on Linux Mint 18.3 host (qemu 2.6)
Blue graph – Windows 10 (1803) running on bare metal
Yellow graph – Windows 10 (1803) on Linux Mint 19 host with libvirt and virt-manager 1.5.1 (qemu 2.11)
Green graph – Windows 10 (1803) on Linux Mint 19 host (qemu 2.11)
You can see the low 2D graphics results with the Windows 1803 version under kvm, but not on bare metal.
Here the detailed 2D graphics benchmarks:
Simple Vectors, Image Filters, and Direct 2D are fine. However, benchmarks for Complex Vectors, Fonts & Text, Windows Interface, and Image Rendering in particular are way too low.
This will probably not affect playing video games in a Windows virtual machine. But it has a direct performance impact in applications such as Lightroom, where, for example, zooming into a photo is notably slower.
Workaround: Turn off Spectre vulnerability patch in Windows
User desumoyo over at the r/VFIO Reddit forum pointed out the culprit. From January 2018 on Microsoft issued a number of security updates addressing the Meltdown and Spectre vulnerabilities. Starting in March 2018 Microsoft provided some Intel microcode updates. In parallel the Linux developers have worked on fixes too.
Running virtual machines makes things even more complicated. This Qemu information and this Suse Linux security advisory share some insight on how these architectural flaws in CPUs (i.e. Meltdown and Spectre) can affect the hypervisor, host and/or guest systems.
Now back to the issue at hand – 2D performance in a Windows 10 VM. The good news is that the Meltdown update in Windows does not impair performance, as far as I can see.
However, the Spectre update has a severe impact on 2D performance. The bad news is that turning off Spectre protection in Windows probably exposes you to the same vulnerabilities as if you were running Windows on bare metal.
To protect your Linux host and other guests (if any), make sure you have all security updates installed and run the latest kernel shipped with the distribution. Up-to-date kernels will mitigate these vulnerabilities and prevent attacks from (Windows) guests on the host or other guests.
You can check your current Spectre and Meltdown protection under Linux by downloading and running the spectre-meltdown-checker.sh script:
sudo spectre-meltdown-checker.sh --explain
The script is self-explanatory.
Before you go on and turn off the Spectre patch in Windows, consider the following:
- Do you need 2D acceleration under Windows for photo or video editing, CAD, or similar 2D tasks?
- Do you run the Windows VM just for gaming? In this case 2D acceleration is most likely irrelevant.
How to disable Spectre protection in Windows
Disclaimer: If you follow the instructions below, you do it at your own risk. Following the instructions below is a security risk and may expose your computer to malware, attacks, and/or information theft.
- In Windows, download InSpectre, a freeware utility by Steve Gibson.
- Go to the Downloads folder, right-click on the InSpectre application icon, and select “Run as administrator”.
- Click “Disable Spectre Protection” at the center bottom of the Window. (Note: If the relevant Windows security update hasn’t been installed, the button will be grayed out as there are no means to protect the system.)
- Reboot Windows.
- Launch InSpectre. You should see a screen similar to the one below:
Now that you have successfully disabled the Spectre protection, run the Passmark test. Here is the result on my system:
Red – Windows 10 on bare metal (Spectre protection enabled)
Blue – Windows 10 VM (Spectre protection enabled)
Yellow – Windows 10 VM (Spectre protection disabled)
Here the 2D graphics benchmarks:
When running a Windows 10 VM, protection against the Spectrum vulnerabilities can have a severe penalty on 2D graphics performance. Disabling the Spectre protection completely restores performance, at the cost of exposing the Windows guest to said vulnerabilities.