Skip to main content

‘Meltdown’ CPU vulnerability fix has ‘negligible’ performance impact on Google’s cloud infrastructure

Following yesterday’s disclosure of the CPU Speculative Execution issue raging through the tech industry by the Project Zero team, Google is now detailing the mitigations for the security flaw. In a blog post, the company also discusses the impact to processor and cloud performance.

Speculative Execution is a technique used by most modern CPUs to improve performance. However, a flaw allows malicious code to read system memory and thus gain access to passwords, encryption keys, and other sensitive information.

To counter it, Google developed a binary modification technique called Retpoline that protects against the second variant (named Spectre) of the attack. Google shared the technique with industry partners and has since deployed it to its internal systems.

“Retpoline” sequences are a software construct which allow indirect branches to be isolated from speculative execution.  This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches.

Meanwhile, the company also deployed Kernel Page Table Isolation (KPTI) to counter the third variant known as Meltdown by “better protecting sensitive information in memory from other software running on a machine.” This general purpose technique is already live on the “entire fleet of Google Linux production servers that support all of our products, including Search, Gmail, YouTube, and Google Cloud Platform.”

In recent days, some have speculated that the KPTI technique would cause “significant performance slowdowns,” especially for cloud services. For its part, Google notes a “negligible impact on performance” for “most of our workloads, including our cloud infrastructure.”

In our own testing, we have found that microbenchmarks can show an exaggerated impact. Of course, Google recommends thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact.

However, it notes that a number of factors go into performance and results might vary.


Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications