From owner-freebsd-stable@freebsd.org Sat Dec 7 03:54:22 2019 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8BE211C6D2C for ; Sat, 7 Dec 2019 03:54:22 +0000 (UTC) (envelope-from darius@dons.net.au) Received: from ipmail01.adl6.internode.on.net (ipmail01.adl6.internode.on.net [150.101.137.136]) by mx1.freebsd.org (Postfix) with ESMTP id 47VFvJ6dL4z4MmT for ; Sat, 7 Dec 2019 03:54:20 +0000 (UTC) (envelope-from darius@dons.net.au) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2ArAACO3/Jb/2hwAg5iGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAQGBVAEBAQEBAQsBggNmTyESJ4xvix0BSQIBAQEBAQEGgTEEiQc?= =?us-ascii?q?OkBsLAQEjCAGEQAKDbCM3Bg0BAwEBAgEBAm0cDIU8AQEBAQIBLA4cIwULCw4KL?= =?us-ascii?q?iEYHgYTgyEBgWkDCAUHEAOoZB6FIoI2DYIUBROMCXiBB4ERJx+CTIJWgiiDNYI?= =?us-ascii?q?mAp9BLgkChniHAoMrGIFYiCuGeo05gQiGVIJaAgoHFIFcIoFVbBllAYJBPoFpF?= =?us-ascii?q?4hehVEsAQIwgQUBAY1VAQE?= Received: from ppp14-2-112-104.adl-apt-pir-bras32.tpg.internode.on.net (HELO midget.dons.net.au) ([14.2.112.104]) by ipmail01.adl6.internode.on.net with ESMTP; 07 Dec 2019 14:24:15 +1030 Received: from midget.dons.net.au (localhost [127.0.0.1]) by midget.dons.net.au (8.15.2/8.15.2) with ESMTPS id xB73rtH5007059 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Sat, 7 Dec 2019 14:24:10 +1030 (ACDT) (envelope-from darius@dons.net.au) Received: (from mailnull@localhost) by midget.dons.net.au (8.15.2/8.15.2/Submit) id xB73SVi4088795 for ; Sat, 7 Dec 2019 13:58:31 +1030 (ACDT) (envelope-from darius@dons.net.au) X-Authentication-Warning: midget.dons.net.au: mailnull set sender to using -f X-MIMEDefang-Relay-be813b1f1da6d6b27d681222cb70cc4f5b642383: 10.0.2.38 Received: from havok.dons.net.au (Havok.dons.net.au [10.0.2.38]) by ns.dons.net.au (envelope-sender ) (MIMEDefang) with ESMTP id xB73SPJd088785; Sat, 07 Dec 2019 13:58:31 +1030 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: Disabling speculative execution mitigations From: "O'Connor, Daniel" In-Reply-To: <20191206142221.GL2744@kib.kiev.ua> Date: Sat, 7 Dec 2019 13:58:25 +1030 Cc: freebsd-stable Content-Transfer-Encoding: quoted-printable Message-Id: References: <20191206142221.GL2744@kib.kiev.ua> To: Konstantin Belousov X-Mailer: Apple Mail (2.3445.104.11) X-Spam-Score: -1 () No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Scanned-By: MIMEDefang 2.83 on 10.0.2.1 X-Rspamd-Queue-Id: 47VFvJ6dL4z4MmT X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of darius@dons.net.au has no SPF policy when checking 150.101.137.136) smtp.mailfrom=darius@dons.net.au X-Spamd-Result: default: False [4.90 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; AUTH_NA(1.00)[]; DMARC_NA(0.00)[dons.net.au]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; NEURAL_SPAM_MEDIUM(0.97)[0.971,0]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(1.00)[0.999,0]; R_SPF_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_NO_TLS_LAST(0.10)[]; RCVD_IN_DNSWL_LOW(-0.10)[136.137.101.150.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:4739, ipnet:150.101.0.0/16, country:AU]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(1.53)[ip: (3.71), ipnet: 150.101.0.0/16(2.57), asn: 4739(1.36), country: AU(0.01)]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Dec 2019 03:54:22 -0000 > On 7 Dec 2019, at 00:52, Konstantin Belousov = wrote: >=20 > On Fri, Dec 06, 2019 at 03:51:04PM +1030, O'Connor, Daniel wrote: >> Hi, >> I am trying to track down a performance drop with the ASPEED xorg = video driver between FreeBSD 11 and 12 (I'm not expecting miracles from = it but it was basically unusable..) >>=20 >> I wondered if some of the speculative execution mitigations could be = causing the problem so I did some digging and found these.. >>=20 >> vm.pmap.pti=3D"0" # Disable page table isolation >> hw.ibrs_disable=3D"1" # Disable Indirect Branch Restricted = Speculation > This line enables IBRS. Oops, thanks. >> hw.mds_disable=3D"0" # Disable Microarchitectural Data Sampling = flush >> hw.vmm.vmx=3D"1" # Don't flush RSB on vmexit (presumably only = affects bhyve etc) > I have no idea what this line should configure. It should have been.. hw.vmm.vmx.no_flush_rsb=3D"1" Not that it would affect my test system since I'm not use vmm.ko >> hw.lazy_fpu_switch=3D"1" # Lazily flush FPU >>=20 >> Does anyone know of any others? > Did you read security(7) (on HEAD)? Nope, I didn't even know it existed. Basically, I went through the MFCs listed at = https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities and looked = for tuneables and sysctls. With respect to the man page, I find it difficult to know what a given = value for each sysctl will do, as evidenced by my confusion above about = IBRS. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum