Date: Fri, 26 Mar 2021 14:35:11 -0700 From: Chris <bsd-lists@bsdforge.com> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-hackers@freebsd.org Subject: Re: cost/benefit of some src.conf options Message-ID: <3bd2010aa225111baa2e813071a88b27@bsdforge.com> In-Reply-To: <79a899c3-368e-20d2-8ac7-0741e00fa3b1@netfence.it> References: <YF3pHo5Pj5Swm90O@ceres.zyxst.net> <56F46324-59BB-4CC2-BE90-5FF63C4554ED@FreeBSD.org> <79a899c3-368e-20d2-8ac7-0741e00fa3b1@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2021-03-26 12:17, Andrea Venturoli wrote: > On 3/26/21 7:46 PM, Dimitry Andric wrote: > >> That said, the retpoline mechanisms tend to be fairly well tested by >> now, but will still have a non-negligible performance impact, maybe even >> a large impact, depending on your workload. There is no simple answer >> here, you will have to measure it for yourself. > > AFAIK: > _ RETpoline is an alternative to IBRS; > _ the impact of RETpoline should be lower than IBRS; > _ IBRS is enabled by default. > > Did I get it wrong? My understanding is that retpoline is really only of interest if your box might accessed *locally* by *untrusted* individuals. See: https://nvd.nist.gov/vuln/detail/CVE-2017-5715 --Chris > > So, unless someone is willing to disable IBRS and live without mitigation, > it > would be interesting to know how performance differs between the two. > I've seen IBRS's impact on bhyve-hosted Windows guests reach 15%-20%. > I've never tried RETpoline for the lack of information WRT to its stability: > I > guess "fairly well tested" does not mean "production ready", or it would be > enabled by default, wouldn't it? :) > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3bd2010aa225111baa2e813071a88b27>