The company started patching the flaws in September

Jan 12, 2018 09:45 GMT  ·  By

While both Microsoft and Intel confirmed that their Meltdown and Spectre updates cause a more or less noticeable slowdown on devices, Google says no performance impact is being experienced following its own security patches.

Google says it started patching the three variants of the discovered vulnerabilities in September when the first mitigations for Variants 1 and 3 were released (Variants 1 and Variant 2 are generally referred to as Spectre, while Variant 3 is called Meltdown).

“Thanks to extensive performance tuning work, these protections caused no perceptible impact in our cloud and required no customer downtime in part due to Google Cloud Platform’s Live Migration technology. No GCP customer or internal team has reported any performance degradation,” Google says.

Variant 2 was the hardest to patch, and Google said that the first mitigation it considered would have caused a substantial performance impact because it all came down to disabling the vulnerable CPU features. Early implementations of this workaround in closed environments led to “considerable” slowdowns for many applications and inconsistent performance.

“Rolling out these mitigations would have negatively impacted many customers,” Google explains.

No performance loss

This is when the company turned its attention to Retpoline, a software binary modification method that prevents branch-target-injection and which helps modify programs to block attackers from injecting code upon execution.

The search giant says by December all Google Cloud Platform services were already running the Retpoline-based patch to be protected against the hardware flaws.

“During the entire update process, nobody noticed: we received no customer support tickets related to the updates. This confirmed our internal assessment that in real-world use, the performance-optimized updates Google deployed do not have a material effect on workloads,” Google explains.

Google was the company that discovered the vulnerabilities and reported them to Intel in the summer of 2017, though the chipmaker hasn’t shipped any patches until earlier this month when details were publicly disclosed. Most of the updates, however, are said to generate a slowdown on devices running it, including on Apple’s iPhone, where performance is reduced by as much as 50% for some processes, according to a series of third-party benchmarks.