Retpolines and other spectre/meltdown/heartbleed/retbleed mitigations are the big culprit here. The other overhead of syscalls is sort of unavoidable. Makes me wonder if we need special-purpose CPU cores just for unsigned content. The apps you trust can run at full speed on a core with spectre mitigations disabled. Javascript sandboxes and other things that are prime exploit targets get run on a core with maximal security.