New Google Patch Reduces Spectre Performance Impact to ‘Noise’

New Google Patch Reduces Spectre Performance Impact to ‘Noise’

When news of Spectre and Meltdown broke in January, end users were significantly concerned by the idea that patching these issues could come with a side dish of substantial performance penalties. In the long run, the concern proved to be a non-issue for most client-side workloads, though server customers were impacted to varying degrees depending on the age of their hardware (older chips were more severely impacted by Intel and Microsoft’s performance mitigations than newer chips were).

Retpoline and non-retpoline methods of fixing the Spectre Variant 2 attack.
Retpoline and non-retpoline methods of fixing the Spectre Variant 2 attack.

Some of you may remember that there were two patches to solve the Spectre Variant 2 problem. The ones distributed by Intel and Microsoft required a Windows update to add a microcode patch, while a Google-developed solution called “retpoline” was deployed on Linux systems. Now, that patch is apparently coming to Windows as well, and it’s expected to reduce the performance impact of Spectre Variant 2 to a level Windows kernel architect Mehmet Iyigun describes as “noise.” That’s likely welcome news for at least some server customers who have seen performance fall since the Variant 2 patches rolled out. Here’s how Google describes its retpoline patch.

“Retpoline” sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches.

The name “retpoline” is a portmanteau of “return” and “trampoline.” It is a trampoline construct constructed using return operations which also figuratively ensures that any associated speculative execution will “bounce” endlessly.

(If it brings you any amusement: imagine speculative execution as an overly energetic 7-year old that we must now build a warehouse of trampolines around.)

Retpoline will only impact Spectre Variant 2, but since that’s where the bulk of the performance concerns have come from (apart from some issues associated with Meltdown), the overall impact of this shift should be positive. As an additional bonus, it won’t require microcode updates or a joint development and rollout schedule between Intel and Microsoft.

Users shouldn’t look for the patch to arrive any time in the near future. Tom’s Hardware notes that it won’t arrive until the next major update for Windows (assuming the integration timeline isn’t pushed out), which will happen in the first half of 2019. Microsoft has no plans to backport the patch to older versions of Windows, so you’ll need to be on whatever the next version number is to see performance improvements. Again, this should be invisible to most client users, but in the event that you do have a workload that’s impacted by Spectre Variant 2, you should get that performance back within 6-7 months. Not perfect, obviously, but better than giving it up for good.

Continue reading

New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove
New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove

Intel has released a bit more information about Rocket Lake and its 10nm CPU that's been back-ported to 14nm.

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.

Early Adopters of Apple M1 Macs Should Be Cautious About Compatibility
Early Adopters of Apple M1 Macs Should Be Cautious About Compatibility

Apple's new MacBooks and Mac mini have made waves, partly thanks to the new silicon inside of them. Apple's new ARM ecosystem, however, is not without its growing pains.

Android 12 Could Include Major App Compatibility Improvements
Android 12 Could Include Major App Compatibility Improvements

Google has attempted to centralize chunks of Android over the years, and a major component called ART is set to get this treatment in Android 12. The result could be vastly improved app compatibility, which is sure to make everyone happy.