The computer industry is currently shocked by the disclosure of multiple CPU vulnerabilities that strike at the very heart of multiple system architectures. Vendors deploy patches for Meltdown and Specter, but the process was not entirely fluid with Microsoft who accidentally tinkered with some AMD-based systems . On the other hand, things at Google went so well that you did not even notice that he had already patched many of his popular cloud services like Gmail. Now, Google has published some details on these stealth fixes .
Industry leaders were made aware of CPU vulnerabilities several months ago. The goal was to get fixes before disclosing them, but they are complex bugs that work at the lowest level of silicon. This could mean remarkable performance when blocking hacks. Google managed to design patches for its cloud services that dealt with Meltdown and the first specter variant. These fixes did not cause any user complaints when deployed in September. The second variant of Spectrum was much more delicate to correct
The second variant of Spectrum is what is called a branch target injection, which could allow an attacker to execute the arbitrary code on a system. Google’s initial investigations suggested that the only way to mitigate Specter Variant 2 was to disable the targeted CPU performance optimization features. However, during testing, Google found that its services were slow and inconsistent. The company has gathered hundreds of engineers looking for a better solution – a “Moonshot” as Google likes to say.
The moonshot comes from the Google engineer, Paul Turner, and it is known as “Retpoline”. This binary modification ensures that programs can not be influenced by the target injection. This allowed Google to protect its cloud services at compile time without changing the source code and without disabling CPU performance features (read it in detail here ). Google says that the final version of its Retpoline patch came with almost no performance shot. When it was deployed recently, again, no one using services like Gmail has noticed performance degradation.
Google indicates that all of its cloud platforms had fixes for all three vulnerabilities in December. In addition, he opened the compiler used so that other companies could use it to protect their users. As other vendors are still working on patching systems, Google notes that Meltdown and Specter are the hardest fixes faced by its engineers for a decade. It might take time for everyone to be on the same page.