Google’s ‘moonshot’ fix for the hardest-to-solve of the three Meltdown and Spectre CPU attacks seems to have paid off. The fix called Ratpoline addresses Variant 2 of the two Spectre CPU attacks called ‘branch target injection’. Variant 2 is considered by Microsoft and Google to be the trickiest speculative execution vulnerability to fix as it’s the only one that does cause a significant hit on CPU performance.
The name is probably derived from how it works i.e. as a return trampoline that uses an infinite loop that is never executed to prevent the CPU from speculating on the target of an indirect jump.
“This set of vulnerabilities was perhaps the most challenging and hardest to fix in a decade, requiring changes to many layers of the software stack. It also required broad industry collaboration since the scope of the vulnerabilities was so widespread,” wrote Sloss, Google’s VP of 24/7 operations.
Most importantly, Google last week said Retpoline generally had “negligible impact on performance”
The Variant 2 can also be fixed via a blend of OS/kernel fixes and silicon microcode from Intel and AMD, but Google says its software-based Retpoline answer is superior and should be adopted universally.
LATEST 