Google this week claimed that the mitigations the company has developed to address the widespread threat posed by the Spectre and Meltdown microprocessor vulnerabilities disclosed Jan. 3 have had little impact on the performance of its cloud services.
One of the fixes in fact has been so effective, the company has moved the code for the update to open source so others can benefit from it, a Google executive said in an update on Jan. 11.
Google along with researchers from several academic institutions last week disclosed three severe weaknesses in a performance optimization technique used by most modern processors from Intel, Arm and Advanced Micro Devices.
The so-called Spectre and Meltdown flaws are present in a very wide range of computer systems and enable a new class of “speculative execution” attacks that allow threat actors to read private data—such as passwords and encryption keys—stored in system memory. Two of the vulnerabilities are referred to jointly as Spectre while the third one is Meltdown.
Multiple vendors, including Intel, Microsoft, Google, Amazon and Apple have issued updates to mitigate the threat posed by the Spectre and Meltdown vulnerabilities in their products. Security researchers have warned that the fixes significantly slow down system performance, but need to be implemented anyway given the severity of the threat posed by the three flaws.
Google began deploying initial mitigations for the Meltdown flaw (CVE-2017-5754) and one of the Spectre flaws (CVE-2017-5753) across the infrastructure supporting its core services including Search, Gmail and its Cloud Platform last September.
It updated those patches with more permanent fixes in October without causing any perceptible performance impact on its services, said Benjamin Treynor, Google vice president of Google’s 24×7 support group in a blog Jan 11.
But one Spectre flaw (CVE-2017-5715) proved to be much harder to mitigate. For several months it appeared that the only option was to disable certain critical features—known as speculative execution—on CPUs running Google’s cloud infrastructure Treynor said.
While that measure would have worked, it would have also resulted in serious performance degradations across Google’s application and hardware stack, he said. “Rolling out these mitigations would have negatively impacted many customers,” Treynor noted.
Google’s mitigation for the issue, which the company has dubbed Retpoline, offers a way around the problem, according to Treynor. He described Retpoline as a “novel software binary modification technique” that eliminates the need to disable the speculative execution feature in affected CPUs. “Instead, this solution modifies programs to ensure that execution cannot be influenced by an attacker.”
In a separate blog, Google software engineer Paul Turner, who developed Retpoline, said a simple way to understand how Retpoline works is to “imagine speculative execution as an overly energetic 7-year old that we must now build a warehouse of trampolines around.”
Extensive testing of Retpoline shows that it protects against the Spectre flaw with little performance loss, Treynor said. During the entire time that Google was deploying the update on its systems in December the company did not receive a single compliant from customers about performance issues, he claimed. This has confirmed Google’s initial assessment about Retpoline being the most effective mitigation technique against the specific Spectre issue on existing hardware.
Google has released the compiler implementation for Retpoline to open-source so others can make use of it as well. “In sharing our research publicly, we hope that this can be universally deployed to improve the cloud experience industry-wide,” Treynor said.