Google has developed a method called ‘Retpoline’ that should protect computers against the Spectre attack and similar ‘branch target injection’ attacks. Despite earlier reports that fixes for the issue would have a negative impact on performance, Google claims its solution hardly slows down systems.
Earlier this week Google security researchers disclosed two attacks that abuse vulnerabilities in CPUs from AMD, ARM and Intel. The Meltdown and Spectre attacks make it possible to read system memory in such a way that confidential data can be accessed. The Spectre attack makes use of the ‘branch prediction’ feature of modern CPUs. Branch prediction is used to make educated guesses on which instructions are executed next, before the instructions are actually read. The method is designed to increase performance.
When branch prediction makes a wrong guess, the CPU will ignore the guessed instructions and all direct data side effects are undone. However, indirect side effects remain intact, such as cache memory. With the Spectre attack it’s possible to read that memory and thus access potentially confidential data.
With Google’s Retpoline method some instructions are isolated from the CPU’s branch prediction feature, which should prevent the Spectre attack and similar attacks. The search giant has deployed the Retpoline code on its own system and states it has hardly any impact on performance.