Date: Sat, 07 Dec 2019 01:02:59 +0100 From: Peter <peter@citylink.dinoex.sub.org> To: freebsd-stable@FreeBSD.ORG Subject: Re: Disabling speculative execution mitigations Message-ID: <op.0ceie9o4aas8k8@localhost> References: <C19DE24E-22CB-4E55-95CE-0A07FC8A23F5@dons.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 06 Dec 2019 06:21:04 +0100, O'Connor, Daniel <darius@dons.net.au> wrote: > vm.pmap.pti="0" # Disable page table isolation > hw.ibrs_disable="1" # Disable Indirect Branch Restricted Speculation > hw.mds_disable="0" # Disable Microarchitectural Data Sampling flush > hw.vmm.vmx="1" # Don't flush RSB on vmexit (presumably only > affects bhyve etc) > hw.lazy_fpu_switch="1" # Lazily flush FPU > > Does anyone know of any others? hw.spec_store_bypass_disable=2 I have that on 11.3 (no idea yet about 12). And honestly, I lost track which of these should be on, off, automatic, opaque or elsewhere to achieve either performance or security (not to mention for which cores and under which circumstances it would matter, and what the impact might be), and my oracle says this will not end with these.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.0ceie9o4aas8k8>