Microsoft is including Google's mitigation for the Spectre Variant 2 speculative execution side-channel attack in the next release of Windows 10, currently codenamed 19H1.
One of the great worries about the Meltdown and Spectre CPU flaws -- aside from attackers exploiting them -- has been that mitigations for the attacks could have a severe impact on performance, ranging between five and 30 percent.
That concern was greatest for Intel's microcode mitigations for Spectre variant 2, CVE- 2017-5715, a 'branch target injection' flaw.
Intel's mitigations directly change how hardware speculatively executes. These are Indirect Branch Restricted Speculation (IBRS) and Indirect Branch Predictor Barrier (IBPB), both of which could negatively impact CPU performance.
Google developed a software-based mitigation for Spectre Variant 2 called Retpoline that constrains speculative execution behavior sufficiently to mitigate an attack. Google's testing found its fix had a negligible effect on performance.
And now, as MSPoweruser spotted, Microsoft's kernel engineers have confirmed that Retpoline will be part of the next version of Windows 10, 19H1, which is due out next year.
Google's Retpoline plus Microsoft's own kernel modifications have reduced the performance impact to "noise level", according to Mehmet Iyigun of Microsoft's Windows and Azure kernel team.
"Yes, we have enabled Retpoline by default in our 19H1 flights along with what we call 'import optimization' to further reduce perf impact due to indirect calls in kernel-mode. Combined, these reduce the perf impact of Spectre v2 mitigations to noise-level for most scenarios," wrote Iyigun.
The bad news is that Microsoft didn't include the Retpoline fix in the latest Windows 10 October 2018 Update Redstone 5, or RS5, release, even though, according to CrowdStrike researcher Alex Ionescu, it could have.
Ionescu discovered Retpoline's presence in 19H1 using a tool he developed called SpecuCheck, a Windows utility that IT admins can use to check the state of hardware and software mitigations for Meltdown, Spectre and other speculative-execution side-channel flaws, such as Speculative Store Bypass, and L1TF or 'Foreshadow' attacks.
Iyigun's confirmation was in response to a tweet by Ionescu pointing out that Windows 10 doesn't currently fully mitigate Spectre Variant 2 attacks.
"If you don't have patched Intel microcode with IBRS support, or if you're on AMD Zen processors, Windows won't fully mitigate against Spectre v2 until 19H1, even though RS5 has everything needed to activate this," wrote Ionescu.
As he notes, on systems without IBRS, Windows won't flush the BIOS parameter block, or BPB, on kernel mode to user mode transitions.
"On systems without IBRS, Windows won't flush the BPB on kernel->user transitions. This opens up a potential security issue for CPUs without microcode that implements IBRS," he explains in a thread.
"This is likely due to the fact that IBPB (the other mitigation) is 2-3x slower than IBRS, so the performance hit would make many common user scenarios unpalatable, and would be even worse on server scenarios," wrote Ionescu in a series of tweets.
Ionescu also ran a filesystem benchmark on a Surface Pro 4 with Windows 19H1 installed and saw a "big improvement" in transfer speeds. The addition of Retpoline will benefit systems with either IBRS or IBPB.
"Retpoline is enabled even on systems that only have IBPB, meaning that these systems are finally protected against Spectre v2 even on kernel->user transitions vs the current state of affairs (where there's no protection). IBRS systems meanwhile will see a perf boost," the researcher noted.
But Ionescu has also called on Microsoft to back-port the Retpoline mitigation because machines without IBRS "are basically sitting ducks".
Previous and related coverage
Intel's license for its microcode security fixes no longer prevents developers from publishing benchmark results.
You can test performance after using our patches, but don't publish the results, say Intel's new license terms.
Intel's Spectre variant 4 patch will be off by default, but users who turn it on are likely to see slower performance.
The patches, as expected, brought Linux's performance down, but their impact has not been as bad as feared.
Oracle has new fixes available for Spectre flaws affecting Linux systems on Intel and AMD chips.
Reports are emerging of eight new 'Spectre-class' security CPU vulnerabilities.
A new variant of Spectre can expose the contents of memory that normally can't be accessed by the OS kernel.
Microsoft releases new Windows updates to address the Spectre variant 2 flaw affecting Intel chips.
AMD has released microcode updates for Spectre variant 2 that require Microsoft's latest Windows 10 patch.
A handful of CPU families that Intel was due to patch will now forever remain vulnerable.
Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.
Since the beginning of 2018, the number of cases has risen from three to 32.