From owner-freebsd-stable@freebsd.org Wed Dec 11 16:30:28 2019 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3BF5A1DA32E for ; Wed, 11 Dec 2019 16:30:28 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-il1-f180.google.com (mail-il1-f180.google.com [209.85.166.180]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Y2Tv1zT6z4JVG for ; Wed, 11 Dec 2019 16:30:26 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-il1-f180.google.com with SMTP id t17so19920792ilm.13 for ; Wed, 11 Dec 2019 08:30:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=iW+NhvLEkdBcRxJymjM3txiRIcIdPSJVgMcRBUWH4XU=; b=HQngF3SlYmk2DvoqdrKTFG7428BB3Q6BtsQpAhQxXh5CbqedZl00wSOag+kbhEhJEV zd4Nypf0oxxWCaDyFSn2B7hl8vK8Ah7Q8nkzhqQIdfd2IlL5jlMWBYpewoi/wNBE38lW GvKoOFCCa1v/9xqAdxEWV35rhjRi/OxhsgtODomQ4cPeUM3lTqsvuBsXXoLAEQt1NMqC HJswQwXzmE9VPH6ws/d6jQYu8Yig6wpC/3BcjdEY2AoGp84NHsclte/thrjOX69xwjXT YTZYWSrHoPc09g1GVHioZL3q3jrb3EONIRRwRWHcPmubmS2s2GX+XtYgxZM8wZyT3SeK lNnQ== X-Gm-Message-State: APjAAAVfHCZ8Rt6ePfRtmEmAwSVzxB2cOEkbQEr0nBeZJE/T4ns8ZU/5 UXhzXlWuLQvJvqtM4O4TS/mT5PLyrmLeEzWhWPR6kVS0 X-Google-Smtp-Source: APXvYqwAlQuPK3LVRIHXI4xrptKDfcbaqIz1zQsY6LPdrZp25WODJqhfXKgWzHr1OWXLxl/iz/UaJlir5vqsTPZ8CrQ= X-Received: by 2002:a92:cbd2:: with SMTP id s18mr2352232ilq.98.1576081826083; Wed, 11 Dec 2019 08:30:26 -0800 (PST) MIME-Version: 1.0 References: <20191206142221.GL2744@kib.kiev.ua> In-Reply-To: From: Ed Maste Date: Wed, 11 Dec 2019 07:44:00 -0500 Message-ID: Subject: Re: Disabling speculative execution mitigations To: "O'Connor, Daniel" , freebsd-stable Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 47Y2Tv1zT6z4JVG X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates 209.85.166.180 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com X-Spamd-Result: default: False [-4.33 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; MIME_TRACE(0.00)[0:+]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[180.166.85.209.list.dnswl.org : 127.0.5.0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-2.33)[ip: (-6.54), ipnet: 209.85.128.0/17(-3.14), asn: 15169(-1.92), country: US(-0.05)]; FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[180.166.85.209.rep.mailspike.net : 127.0.0.17]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Dec 2019 16:30:28 -0000 On Fri, 6 Dec 2019 at 22:54, O'Connor, Daniel wrote: > > With respect to the man page, I find it difficult to know what a given value for each sysctl will do, as evidenced by my confusion above about IBRS. scottl recently moved these sysctls to machdep.mitigations in r355436, but they've kept the existing names and sense. So, some still have an enable control while some are disable, some report "state: inactive" while others report "active: 0". Work is ongoing now to rationalize these so that the sense is true for mitigation enabled. Backwards compatibility will be maintained for the sysctl paths in stable (e.g. hw.ibrs*) but not the interim names (machdep.mitigations.*)