Amazon and Google Claim That Fixing Massive Security Vulnerability Won't Slow Things Down Too Much

By Kate Conger on at

When news of major vulnerabilities impacting processors manufactured by Intel, AMD, and ARM broke this week, the Register warned that patches for the problems could slow processors down by up to 30 percent.

However, Google and Amazon say that they haven’t hit any serious slowdowns after applying their patches.

The vulnerabilities, nicknamed Meltdown and Spectre, can cause data to leak from kernel memory. This is a massive problem that’s been going on for 20 years and is basically the result of a tradeoff of speed and efficiency over security (which you can read all about here, but let’s move along for now since this blog is about other stuff).

One of the fixes rolled out by Google is Kernel Page Table Isolation (KPTI). KPTI better protects that sensitive kernel memory, but because of the aforementioned tradeoff, people were worried that this solution would cause a noticeable slowdown, particularly for huge cloud providers like Google and Amazon.

But Google says it has pushed KPTI to the servers that prop up Search, Gmail, YouTube, and its Cloud Platform, and everything is going just fine.

“There has been speculation that the deployment of KPTI causes significant performance slowdowns,” Googlers Matt Linton and Pat Parseghian wrote in a blog post. “Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.”

Amazon also noted that reports of major performance lags were overblown.

“We don’t expect meaningful performance impact for most customer workloads,” Amazon told Business Insider. “There may end up being cases that are workload or OS specific that experience more of a performance impact. In those isolated cases, we will work with customers to mitigate any impact.” [Business Insider]