Windows 10 will banish Spectre slowdowns with Google's Retpoline patch

​Google's Retpoline fix for the Spectre Variant 2 flaw helps minimize performance hit on Windows 10 machines.

Microsoft is including Google's mitigation for the Spectre Variant 2 speculative execution side-channel attack in the next release of Windows 10, currently codenamed 19H1.

One of the great worries about the Meltdown and Spectre CPU flaws -- aside from attackers exploiting them -- has been that mitigations for the attacks could have a severe impact on performance, ranging between five and 30 percent.

That concern was greatest for Intel's microcode mitigations for Spectre variant 2, CVE- 2017-5715, a 'branch target injection' flaw.

Intel's mitigations directly change how hardware speculatively executes. These are Indirect Branch Restricted Speculation (IBRS) and Indirect Branch Predictor Barrier (IBPB), both of which could negatively impact CPU performance.

Google developed a software-based mitigation for Spectre Variant 2 called Retpoline that constrains speculative execution behavior sufficiently to mitigate an attack. Google's testing found its fix had a negligible effect on performance.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

Retpoline was implemented by Linux distributions such as Red Hat and SUSE, as well as by Oracle for Oracle Linux 6 and 7.

And now, as MSPoweruser spotted, Microsoft's kernel engineers have confirmed that Retpoline will be part of the next version of Windows 10, 19H1, which is due out next year.

Google's Retpoline plus Microsoft's own kernel modifications have reduced the performance impact to "noise level", according to Mehmet Iyigun of Microsoft's Windows and Azure kernel team.

"Yes, we have enabled Retpoline by default in our 19H1 flights along with what we call 'import optimization' to further reduce perf impact due to indirect calls in kernel-mode. Combined, these reduce the perf impact of Spectre v2 mitigations to noise-level for most scenarios," wrote Iyigun.

The bad news is that Microsoft didn't include the Retpoline fix in the latest Windows 10 October 2018 Update Redstone 5, or RS5, release, even though, according to CrowdStrike researcher Alex Ionescu, it could have.

Ionescu discovered Retpoline's presence in 19H1 using a tool he developed called SpecuCheck, a Windows utility that IT admins can use to check the state of hardware and software mitigations for Meltdown, Spectre and other speculative-execution side-channel flaws, such as Speculative Store Bypass, and L1TF or 'Foreshadow' attacks.

Iyigun's confirmation was in response to a tweet by Ionescu pointing out that Windows 10 doesn't currently fully mitigate Spectre Variant 2 attacks.

"If you don't have patched Intel microcode with IBRS support, or if you're on AMD Zen processors, Windows won't fully mitigate against Spectre v2 until 19H1, even though RS5 has everything needed to activate this," wrote Ionescu.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

As he notes, on systems without IBRS, Windows won't flush the BIOS parameter block, or BPB, on kernel mode to user mode transitions.

"On systems without IBRS, Windows won't flush the BPB on kernel->user transitions. This opens up a potential security issue for CPUs without microcode that implements IBRS," he explains in a thread.

"This is likely due to the fact that IBPB (the other mitigation) is 2-3x slower than IBRS, so the performance hit would make many common user scenarios unpalatable, and would be even worse on server scenarios," wrote Ionescu in a series of tweets.

Ionescu also ran a filesystem benchmark on a Surface Pro 4 with Windows 19H1 installed and saw a "big improvement" in transfer speeds. The addition of Retpoline will benefit systems with either IBRS or IBPB.

"Retpoline is enabled even on systems that only have IBPB, meaning that these systems are finally protected against Spectre v2 even on kernel->user transitions vs the current state of affairs (where there's no protection). IBRS systems meanwhile will see a perf boost," the researcher noted.

But Ionescu has also called on Microsoft to back-port the Retpoline mitigation because machines without IBRS "are basically sitting ducks".

Previous and related coverage

Intel ditches Linux patch benchmark 'gag', offers 'innocuous' new license

Intel's license for its microcode security fixes no longer prevents developers from publishing benchmark results.

Intel 'gags' Linux distros from revealing performance hit from Spectre patches

You can test performance after using our patches, but don't publish the results, say Intel's new license terms.

New Spectre variant 4: Our patches cause up to 8% performance hit, warns Intel

Intel's Spectre variant 4 patch will be off by default, but users who turn it on are likely to see slower performance.

Linux performance before and after Meltdown and Spectre fixes

The patches, as expected, brought Linux's performance down, but their impact has not been as bad as feared.

Oracle's latest Linux fixes: New Spectre, Lazy FPU patches beef up defenses

Oracle has new fixes available for Spectre flaws affecting Linux systems on Intel and AMD chips.

Spectre chip security vulnerability strikes again; patches incoming

A Google developer discovered a new way that a 'Spectre'-style check can be used to attack any computer running any operating system.

Are 8 new 'Spectre-class' flaws in Intel CPUs about to be exposed?

Reports are emerging of eight new 'Spectre-class' security CPU vulnerabilities.

Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets

A new variant of Spectre can expose the contents of memory that normally can't be accessed by the OS kernel.

Microsoft to Windows users: Here are new critical Intel security updates for Spectre v2

Microsoft releases new Windows updates to address the Spectre variant 2 flaw affecting Intel chips.

Windows 10 on AMD? This new update plus Microsoft's patch block Spectre attacks

AMD has released microcode updates for Spectre variant 2 that require Microsoft's latest Windows 10 patch.

Intel: We now won't ever patch Spectre variant 2 flaw in these chips

A handful of CPU families that Intel was due to patch will now forever remain vulnerable.

Windows 7 Meltdown patch opens worse vulnerability: Install March updates now

Microsoft's Meltdown fix opened a gaping hole in Windows 7 security, warns researcher.

Intel's new Spectre fix: Skylake, Kaby Lake, Coffee Lake chips get stable microcode

Intel makes progress on reissuing stable microcode updates against the Spectre attack.

Got an old PC? Find out whether you will get Intel's latest Spectre patch TechRepublic

Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.

Class-action suits over Intel Spectre, Meltdown flaws surge CNET

Since the beginning of 2018, the number of cases has risen from three to 32.