The two Google developers Matt Linton and Pat Parseghian have developed the process called “Retpoline”. Patches based on it are already being deployed across much of Google’s infrastructure. It has already been established that the performance losses are in a nearly negligible range. And this may sound like an operator of many data centers because every one percent more or less power is a question of many millions of dollars in Google.
At Google, the redesigned patching process is now combined with the so-called Kernel Page Table Isolation (KPTI). This ensures even better foreclosure of the individual storage areas so that sensitive information in these areas is even better protected. After all, the bugs in the processors made it easier to read particularly piquant memory segments – even those in which, for example, cryptographic keys are stored. Google claims to have deployed KPTI on all Linux production servers running services like Search, Gmail, YouTube, or the Google Cloud Platform.
The concept papers on the processes used at Google have already been passed on to various partners in the entire IT industry, it was said. Accordingly, it can be expected that the findings will also be incorporated into various other patches and updates. Anyone else can also be smart with Google directly, as the information is made public. However, the developers point out that the influences on the performance are of course also dependent on the respective tasks. And while there were no significant losses even in the cloud services of the corporation, which host a wide variety of applications, one should be sure to run your own tests before a larger use of the patches and also by KPTI.