Google Technique Offers Spectre Vulnerability Fix with No Performance Loss

Google says customers of its cloud services shouldn’t see any performance impact from the Meltdown and Spectre patches, in part thanks to a technique created by a Google software engineer that mitigates the Spectre vulnerability without hardware support.

In a blog post on Thursday, Google details how its solutions to Meltdown and Spectre – which it began rolling out in fall 2017 – impact performance of its cloud services. Google said that it took “extensive performance tuning work” to solve for Meltdown, but there is “no perceptible impact” to Google Cloud Platform. Finding a fix for the Spectre vulnerability that would offer no performance loss, however, was a much more complicated process.

“For several months, it appeared that disabling the vulnerable CPU features would be the only option for protecting all our workloads against Variant 2 [Spectre],” Google Vice President of Engineering Ben Treynor Sloss said. “While that was certain to work, it would also disable key performance-boosting CPU features, thus slowing down applications considerably.”

“Not only did we see considerable slowdowns for many applications, we also noticed inconsistent performance, since the speed of one application could be impacted by the behavior of other applications running on the same core. Rolling out these mitigations would have negatively impacted many customers.”

The solution, called Retpoline, was created by Google software engineer Paul Turner, who is part of the Technical Infrastructure group. The solution is “a novel software binary modification technique that prevents branch-target-injection” that modifies programs without using source-code modifications.

Google said it immediately began deploying Retpoline across its infrastructure, and shared the technique with industry partners.

“We believe that Retpoline-based protection is the best-performing solution for Variant 2 on current hardware. Retpoline fully protects against Variant 2 without impacting customer performance on all of our platforms. In sharing our research publicly, we hope that this can be universally deployed to improve the cloud experience industry-wide.”

The remarks from Google come as Microsoft has said the fixes to Meltdown and Spectre are causing significant slowdowns to servers and some personal computers – even as Intel maintains that the performance losses are workload-dependent. Customers at AWS also noticed slowdowns as it rolled out reboots to apply the Meltdown and Spectre vulnerability patches.