New Google Patch Reduces Spectre Performance Impact to ‘Noise’

New Google Patch Reduces Spectre Performance Impact to ‘Noise’

When news of Spectre and Meltdown broke in January, end users were significantly concerned by the idea that patching these issues could come with a side dish of substantial performance penalties. In the long run, the concern proved to be a non-issue for most client-side workloads, though server customers were impacted to varying degrees depending on the age of their hardware (older chips were more severely impacted by Intel and Microsoft’s performance mitigations than newer chips were).

Retpoline and non-retpoline methods of fixing the Spectre Variant 2 attack.
Retpoline and non-retpoline methods of fixing the Spectre Variant 2 attack.

Some of you may remember that there were two patches to solve the Spectre Variant 2 problem. The ones distributed by Intel and Microsoft required a Windows update to add a microcode patch, while a Google-developed solution called “retpoline” was deployed on Linux systems. Now, that patch is apparently coming to Windows as well, and it’s expected to reduce the performance impact of Spectre Variant 2 to a level Windows kernel architect Mehmet Iyigun describes as “noise.” That’s likely welcome news for at least some server customers who have seen performance fall since the Variant 2 patches rolled out. Here’s how Google describes its retpoline patch.

“Retpoline” sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches.

The name “retpoline” is a portmanteau of “return” and “trampoline.” It is a trampoline construct constructed using return operations which also figuratively ensures that any associated speculative execution will “bounce” endlessly.

(If it brings you any amusement: imagine speculative execution as an overly energetic 7-year old that we must now build a warehouse of trampolines around.)

Retpoline will only impact Spectre Variant 2, but since that’s where the bulk of the performance concerns have come from (apart from some issues associated with Meltdown), the overall impact of this shift should be positive. As an additional bonus, it won’t require microcode updates or a joint development and rollout schedule between Intel and Microsoft.

Users shouldn’t look for the patch to arrive any time in the near future. Tom’s Hardware notes that it won’t arrive until the next major update for Windows (assuming the integration timeline isn’t pushed out), which will happen in the first half of 2019. Microsoft has no plans to backport the patch to older versions of Windows, so you’ll need to be on whatever the next version number is to see performance improvements. Again, this should be invisible to most client users, but in the event that you do have a workload that’s impacted by Spectre Variant 2, you should get that performance back within 6-7 months. Not perfect, obviously, but better than giving it up for good.