Published: Sat, January 13, 2018
Science | By Hubert Green

Google claims its Spectre and Meltdown mitigation results in no performance degradation

Google claims its Spectre and Meltdown mitigation results in no performance degradation

Those variants include both the Meltdown vulnerability (CVE-2017-5754) and the two Spectre vulnerabilities (CVE-2017-5753 and CVE-2017-5715) for bounds check bypasses and branch target injection attacks, respectively. He concludes the update by remarking that AMD will continue to work with the rest of the technology industry to mitigate Meltdown and Spectre.

Yesterday, Intel CEO Brian Krzanich released a statement reiterating his company's attempts to fix the flaw.

Unlike many had predicted, Meltdown-the Intel-only vulnerability that is fixed by forcing the CPU to reload its TLB when running a kernel process-wasn't the biggest headache for Google. And thanks to the efforts of hundreds of engineers, no one has apparently noticed because the fixes haven't slowed down or degraded popular services like Google search, Google Drive, and Gmail. Google says that in testing Reptoline, it found that it was able to patch against Spectre Variant 2 with "almost no performance loss".

For several months, it seemed that Google would have to disable "the vulnerable CPU features", slowing down applications.

Meltdown and Spectre have been discovered in computer chips in billions of computers, smartphone and tablets across the world. But with the vulnerabilities now public, security researchers worry it'll only be a matter of time.

"The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data". Being the obvious solution, Retpoline was deployed across Google's infrastructure and shared with others.

Another Intel update clarifies just what kind of a performance hit impacted users are seeing on their systems after applying updates. It closes today's blog post by stating its belief that Reptoline is currently the best solution for patching against Variant 2, so hopefully now that Google has made it available to its industry partners, we'll see wide-scale roll out. Needless to say, other tech giants will definitely pick up this Retpoline technique and look into it. With a large testbed of data, it reports neither customers nor internal users are experiencing any kind of perceptible performance degradation using Google's platform or software services.

Like this: