> By December, all Google Cloud Platform (GCP) services had protections in place for all known variants of the vulnerability.
Could other major cloud providers boast this? It seems like Google's brand is benefiting tremendously from Project Zero in all of this. On the other hand, it feels nervous-makingly like a clear step towards running one's own mainstream hardware being too hard for the little guys.
I've been impressed with how long it took for this information to be "leaked"/"declassified"/released given the sheer number of people who knew.
The fact that hundreds maybe thousands of people knew and worked on this ahead of the press reports/rumors and subsequent information release speaks to how seriously everyone involved took this.
Direct link to a description of the fix: https://support.google.com/faqs/answer/7625886
Someone on SO trying to explain it another way: https://stackoverflow.com/a/48099456
Some interesting discussion about how this patch isn't a 100% fix for Skylake processors (at least that's my understanding): https://firstname.lastname@example.org/ms...
Good for them, giving the credit to Paul Turner. Unusual for an enterprise to allow cracks in the corporate "We".
According to this page retpoline is "insufficient on Skylake and newer CPUs, where even ret may predict from the indirect branch predictor as a fallback; those need IBRS".
"Retpoline ... modifies programs to ensure that execution cannot be influenced by an attacker. With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications"
I am confused, doesn't this mean that Retpoline needs to sit in the compiler and won't protect from already-compiled binaries?
It's good to see Google crediting Retpoline to Paul Turner. As Senior Staff Engineer, Technical Infrastructure I wonder whether he was actually tasked with working on mitigation for these vulnerabilities or he came up with this in his free time.
A bit off topic but the amount of real estate taken up by the header, side nav and "related articles" footer on this is just obnoxious. Obnoxious to the point of making reading this a really rotten experience.
I fear this is the medium.com effect of content on the web now. Simply having content for content's sake is now seen as a missed "growth hacking" opportunity.
A very good reason why people are going to start moving to GCP over AWS.... Project Zero is a big win here.
Wait... doesn't Reptoline have some irritating performance penalties?
Does anybody know if Retpoline will make it to the compiler that the Linux Kernel is compiled with ? It doesn't specifically mention in this paper, so I'm not able to figure out what was actually compiled using Retpoline - userland or the Linux kernel itself ?
Has this at all caused google to reconsider the heterogeneous nature of the cloud in terms of hardware? It seems like Google the company is constantly fixing/redoing various intel problems such as ME and now this. Google is part of openpower after all, it would be interesting to see another architecture being pushed.
The post seems to suggest not all CPUs are affected by Variant 2. Is it Haswell and earlier only?
Interesting google has time, money etc for this.
But actually showing search results on page 4 of google search or youtube, when it said there were 22 million results for my search seems too hard for them.