From owner-freebsd-stable@freebsd.org Sat Feb 17 19:47:29 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B81ABF08434 for ; Sat, 17 Feb 2018 19:47:29 +0000 (UTC) (envelope-from jdc@koitsu.org) Received: from resqmta-po-06v.sys.comcast.net (resqmta-po-06v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "resqmta-po-01v.sys.comcast.net", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5B72D68B92 for ; Sat, 17 Feb 2018 19:47:29 +0000 (UTC) (envelope-from jdc@koitsu.org) Received: from resomta-po-10v.sys.comcast.net ([96.114.154.234]) by resqmta-po-06v.sys.comcast.net with ESMTP id n8RqetcRRbv6En8SFezUaN; Sat, 17 Feb 2018 19:47:27 +0000 Received: from koitsu.org ([71.198.44.84]) by resomta-po-10v.sys.comcast.net with SMTP id n8SEeBR8RyFm4n8SFeWBgV; Sat, 17 Feb 2018 19:47:27 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 6C88D1AF18B; Sat, 17 Feb 2018 11:47:26 -0800 (PST) Date: Sat, 17 Feb 2018 11:47:26 -0800 From: Jeremy Chadwick To: freebsd-stable@freebsd.org Subject: stable/11 r329462 - Meltdown/Spectre MFC questions Message-ID: <20180217194726.GA79666@icarus.home.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.7.2 (2016-11-26) X-CMAE-Envelope: MS4wfIN9svmr/SDf4VE3ZEY0L/gOoDmhMseMentSIEUnDQxTZH8DZm6P/2v346MPu5CAsCRbuG8tMJQX1quOCCGX5s609uBvWgf3zCTiDifXI0DLJfoSXNTS AJlrSaJ917+Mq+3320FUssuCBSIuGIeQ5UiPeMqQ4kB4pjIErTfUWDhl X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Feb 2018 19:47:29 -0000 Reference: https://svnweb.freebsd.org/base?view=revision&revision=329462 Do the following new loader tunables and sysctls have documentation anywhere? I ask because I wish to know how to turn all of this off (yes you heard me correctly), as not all systems necessarily require mitigation of these flaws. Best I can tell from skimming source: vm.pmap.pti - Description: Page Table Isolation enabled - Loader tunable, visible in sysctl (read-only) - Integer - Default value: depends on CPU model and capabilities, see function pti_get_default(); looks like AMD = 0, any CPU with RDCL_NO capability enabled = 0, else 1 hw.ibrs_active - Description: Indirect Branch Restricted Speculation active - sysctl (read-only) - Integer - Real-time indicator as to if IBRS is currently on or off hw.ibrs_disable - Description: Disable Indirect Branch Restricted Speculation - Loader tunable and sysctl tunable (read-write) - Integer - Default value: unsure. Variable declaration has 1 but SYSCTL_PROC() macro has 0. Thank you. -- | Jeremy Chadwick jdc@koitsu.org | | UNIX Systems Administrator http://jdc.koitsu.org/ | | Making life hard for others since 1977. PGP 4BD6C0CB |