Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 7 Dec 2019 13:58:25 +1030
From:      "O'Connor, Daniel" <darius@dons.net.au>
To:        Konstantin Belousov <kostikbel@gmail.com>
Cc:        freebsd-stable <freebsd-stable@freebsd.org>
Subject:   Re: Disabling speculative execution mitigations
Message-ID:  <BA7092AF-29E4-4B7B-B8D6-5CD76D99CD4A@dons.net.au>
In-Reply-To: <20191206142221.GL2744@kib.kiev.ua>
References:  <C19DE24E-22CB-4E55-95CE-0A07FC8A23F5@dons.net.au> <20191206142221.GL2744@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 



> On 7 Dec 2019, at 00:52, Konstantin Belousov <kostikbel@gmail.com> wrote:
> 
> On Fri, Dec 06, 2019 at 03:51:04PM +1030, O'Connor, Daniel wrote:
>> Hi,
>> I am trying to track down a performance drop with the ASPEED xorg video driver between FreeBSD 11 and 12 (I'm not expecting miracles from it but it was basically unusable..)
>> 
>> I wondered if some of the speculative execution mitigations could be causing the problem so I did some digging and found these..
>> 
>> vm.pmap.pti="0"        # Disable page table isolation
>> hw.ibrs_disable="1"    # Disable Indirect Branch Restricted Speculation
> This line enables IBRS.

Oops, thanks.

>> hw.mds_disable="0"     # Disable Microarchitectural Data Sampling flush
>> hw.vmm.vmx="1"         # Don't flush RSB on vmexit (presumably only affects bhyve etc)
> I have no idea what this line should configure.

It should have been..
hw.vmm.vmx.no_flush_rsb="1"

Not that it would affect my test system since I'm not use vmm.ko

>> hw.lazy_fpu_switch="1" # Lazily flush FPU
>> 
>> Does anyone know of any others?
> Did you read security(7) (on HEAD)?

Nope, I didn't even know it existed.

Basically, I went through the MFCs listed at https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities and looked for tuneables and sysctls.

With respect to the man page, I find it difficult to know what a given value for each sysctl will do, as evidenced by my confusion above about IBRS.

--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
 -- Andrew Tanenbaum

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BA7092AF-29E4-4B7B-B8D6-5CD76D99CD4A>