Following yesterday’s disclosure of the CPU Speculative Execution issue raging through the tech industry by the Project Zero team, Google is now detailing the mitigations for the security flaw. In a blog post, the company also discusses the impact to processor and cloud performance.
Speculative Execution is a technique used by most modern CPUs to improve performance. However, a flaw allows malicious code to read system memory and thus gain access to passwords, encryption keys, and other sensitive information.
To counter it, Google developed a binary modification technique called Retpoline that protects against the second variant (named Spectre) of the attack. Google shared the technique with industry partners and has since deployed it to its internal systems.
“Retpoline” sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches.
Meanwhile, the company also deployed Kernel Page Table Isolation (KPTI) to counter the third variant known as Meltdown by “better protecting sensitive information in memory from other software running on a machine.” This general purpose technique is already live on the “entire fleet of Google Linux production servers that support all of our products, including Search, Gmail, YouTube, and Google Cloud Platform.”
In recent days, some have speculated that the KPTI technique would cause “significant performance slowdowns,” especially for cloud services. For its part, Google notes a “negligible impact on performance” for “most of our workloads, including our cloud infrastructure.”
In our own testing, we have found that microbenchmarks can show an exaggerated impact. Of course, Google recommends thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact.
However, it notes that a number of factors go into performance and results might vary.