Two Google developers could become heroes of the IT industry in the coming days.They have succeeded in using a new method to eliminate the recently disclosed security problems in processors, without the patches causing significant performance losses.

Retpoline

When the bugs became known and patches were announced, there was still talk that securing against attacks could ultimately lead to massive performance losses of up to 30 percent. However, it does not seem to be quite up to date in practice, as various short-term benchmark tests show. And Google has already found a way to minimize the performance losses even more.
Also Read: Intel Publishes List Of All CPUs Affected By Meltdown And Spectre

The two Google developers Matt Linton and Pat Parseghian have developed the process called “Retpoline”. Patches based on it are already being deployed across much of Google’s infrastructure. It has already been established that the performance losses are in a nearly negligible range. And this may sound like an operator of many data centers because every one percent more or less power is a question of many millions of dollars in Google.

At Google, the redesigned patching process is now combined with the so-called Kernel Page Table Isolation (KPTI). This ensures even better foreclosure of the individual storage areas so that sensitive information in these areas is even better protected. After all, the bugs in the processors made it easier to read particularly piquant memory segments – even those in which, for example, cryptographic keys are stored. Google claims to have deployed KPTI on all Linux production servers running services like Search, Gmail, YouTube, or the Google Cloud Platform.

Also Read: Intel, AMD, And ARM All Affected By Meltdown And Spectre

The concept papers on the processes used at Google have already been passed on to various partners in the entire IT industry, it was said. Accordingly, it can be expected that the findings will also be incorporated into various other patches and updates. Anyone else can also be smart with Google directly, as the information is made public. However, the developers point out that the influences on the performance are of course also dependent on the respective tasks. And while there were no significant losses even in the cloud services of the corporation, which host a wide variety of applications, one should be sure to run your own tests before a larger use of the patches and also by KPTI.

Source

Leave a Reply