Google and Amazon say the performance hit from the ‘Meltdown’ and ‘Spectre’ fixes is overblown

  • Techies are going crazy after “Meltdown” and “Spectre,” two new methods for stealing data from seemingly-secure computers, were revealed by Google on Wednesday.
  • One worry was that the fix for the problems could come with a major negative impact on performance.
  • Google and Amazon say they’re not seeing any major slowdowns.

On Wednesday, Google revealed that there’s a big security hole in pretty much every processor, including the one in your phone, the one in your laptop, and the processors running servers “in the cloud.”

The two vulnerabilities, “Spectre” and “Meltdown,” could even allow an attacker to steal passwords as a user typed them. Even worse, early speculation suggested that the fix for the two related but separate problems, “Spectre” and “Meltdown,” could cause a major performance hit as the CPU would have had to do lots of extra work just to stay secure – maybe even reducing performance by 30%, according to The Register, which first reported the flaw.

Google and Amazon now say all of that gloom and doom is overstated.

In a technical blog post published on Thursday, Google says the software it built to fix the issue – it calls it KPTI – causes “negligible impact on performance.”

Here’s the key passage:

There has been speculation that the deployment of KPTI causes significant performance slowdowns. Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.

In our own testing, we have found that microbenchmarks can show an exaggerated impact. Of course, Google recommends thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact.

Basically: Google’s not stressing about any impact to performance, and it believes that the performance hits that other analysts are seeing were conducted without the right data, leading to an “exaggerated impact.”

Of course, Google’s findings are only applicable to Google’s cloud and services, which run on Google’s version of Linux, presumably on an Intel processor.

But Google’s findings are based on data from some real-deal, heavy-duty services that would be dramatically impacted by a major decrease in performance, including Gmail, Search, and YouTube.

Amazon also says all-clear

Jeff Bezos net worth

The lead cloud provider, Amazon, also said on Thursday that it did not expect performance to be severely impacted.

“We don’t expect meaningful performance impact for most customer workloads,” an AWS representative told Business Insider. “There may end up being cases that are workload or OS specific that experience more of a performance impact. In those isolated cases, we will work with customers to mitigate any impact.”

Amazon said on Wednesday that it had already protected its customers from nearly all AWS instances from the vulnerabilities.

Although Microsoft hasn’t yet commented on what performance slowdowns it expects, its Azure service will also be closely watched to see if there are any impacts to processor performance. On Wednesday, it said it was in the process of implementing fixes.