Google found a ‘moonshot’ solution for a variation of the Spectre CPU vulnerability

A software construct known as Retpoline provided the fix


As the world’s major tech giants issue patches and updates to the Spectre and Meltdown CPU vulnerabilities, one thing has become incredibly clear: the tech industry wasn’t entirely unprepared.

That’s probably because, as a recent The Verge story reports, Intel was well aware of the CPU exploits and was working to figure out how to patch up the security risks before harmful actors took action and took advantage of the vulnerabilities.

Adding to the list of companies that definitely knew about the CPU exploits is Google, whose Project Zero team was part of the group that publicly revealed information about Spectre and Meltdown.

Now, however, Google is saying that not only did it know about the three specific Spectre and Meltdown CPU exploits, it worked to patch its own product line against a variant of Spectre that “was going to be much harder to mitigate.”

According to Google, the company started looking for a “moonshot — a way to mitigate [Spectre Variant 2] without hardware support.”

In doing so, Google turned to one of its engineers who worked as part of the company’s Technical Infrastructure group.

Paul Turner’s ‘Retpoline’ software binary modification technique was able to work towards resolving Spectre Variant 2 without Google needing to issue new hardware.

“With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications,” reads an excerpt from a January 11th, 2018 Google blog post. “Furthermore, testing this feature, particularly when combined with optimizations such as software branch prediction hints, demonstrated that this protection came with almost no performance loss.”

That concern about performance loss is also important, especially since companies like Microsoft and Intel have specifically warned users about Meltdown and Spectre patches potentially slowing down systems and devices.

Ultimately, Google deployed its Retpoline-based fix and, “by December, all Google Cloud Platform… services had protections in place for all known variants of the vulnerabilities.”

“We believe that Retpoline-based protection is the best-performing solution for Variant 2 on current hardware,” reads another excerpt. “Retpoline fully protects against Variant 2 without impacting customer performance on all of our platforms.”

While patches and updates are being issued across a broad spectrum of devices — and device hardware — no company has issued an all-clear just yet.

Source: Google

Related Articles