Tech giant Google played an instrumental role in finding and addressing the Meltdown and Spectre processor bugs that have been making the rounds in headlines lately, but now the company has come forward to reveal that a software binary modification technique conceptualized and created by a single Googler is what's protecting all of its cloud customers, and quite possibly many others, from a certain variant of Spectre. The technique, called Retpoline, was created by Google Senior Engineer Paul Turner. Unlike other proposed methods, it was fairly easy to deploy thanks to its status as an on-the-fly external binary modification technique rather than a processor tweak, and did not cause any noticeable difference in performance for clients or their users.
Google was able to create and deploy fixes for one variant of Meltdown and the only variant of Spectre, but the second version of Meltdown stumped the company's engineers. It seemed that the only way to proceed would be to block out the processor features used by the exploit, which would cause a very noticeable drop in performance across the board. The Spectre bug uses what's known as speculative execution, wherein a processor tries to figure out multiple paths that a running program currently in the processor cache may take, and predictively loads in what it thinks will be the next line of code. This can also manifest as directions from elsewhere in the program that tell the processor where to look next for new code from a given point, and this is where the exploit can insert malicious code.
Retpoline essentially causes speculative instructions that do not come from a given program branch directly to bounce endlessly from interpreter to interpreter. This means that program instructions that tell the cache to read ahead to a different program or different part of the current program will fail, since such instructions are normally either poorly optimized code or simple malware. This can be overlaid on an OS to be applied to all running code, and that's been the case since December for Google Cloud servers and other hardware, keeping them safe from all known variants of Spectre and Meltdown.