谷歌表示, CPU 补丁对性能的影响微乎其微, 新技术
Finally, some good news for chipmakers
以下内容由机器翻译生成。如果您觉得可读性不好, 请阅读原文或 点击这里.
Google just gave chipmakers some much needed good news. In a post on the company’s Online Security Blog, two Google engineers described a novel chip-level patch that has been deployed across the company’s entire infrastructure, resulting in only minor declines in performance in most cases. The company has also posted details of the new technique, called ReptOnline, in the hopes that other companies will be able to follow the same technique. If the claims hold, it would mean Intel and others have avoided the catastrophic slowdowns that many had predicted.
“There has been speculation that the deployment of KPTI causes significant performance slowdowns,” the post reads, referring to the company’s “Kernel Page Table Isolation” technique. “Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.”
The news is particularly significant for Google Cloud, as some see cloud services as uniquely vulnerable to the new processor issues. According to the post, ReptOnline has already been deployed to the system with no significant impact on speeds.
“Of course, Google recommends thorough testing in your environment before deployment,” the post continues. “We cannot guarantee any particular performance or operational impact.”
That assessment is consistent with early reports from Intel, which had said slowdowns would be “highly workload-dependent and, for the average computer user, should not be significant.” Those claims were met with skepticism, with many seeing them as an effort by Intel to downplay the impact of the newly public vulnerabilities. At the same time, some early benchmarks saw slowdowns as high as 17 percent.
More recently, Intel announced it had deployed patches that would render chips immune to the new attacks, and restated that the performance impact was not significant. It’s difficult to confirm Google and Intel’s claims until the patches are deployed, but it’s significant that Google has joined the chipmaker in reporting minimal slowdowns.
Notably, the new technique only applies to one of the three variants involved in the new attacks. However, it’s the variant that is arguably the most difficult to address. The other two vulnerabilities — “bounds check bypass” and “rogue data cache load” — would be addressed at the program and operating system level, respectively, and are unlikely to result in the same system-wide slowdowns.