Initial Spectre support in master, Meltdown sysctl also renamed
Matthew Dillon
dillon at backplane.com
Tue Jan 9 22:48:47 PST 2018
DragonFlyBSD master now has initial spectre sysctl support, and the mmu
isolation sysctl has been renamed.
machdep.meltdown_mitigation
System automatically enables this by default on Intel CPUs.
Performance loss for normal workloads approximately 4%.
machdep.spectre_mitigation
System automatically sets mode 1 if the microcode supports it. Will be
disabled if the microcode does not support it. It is possible to load
unofficial microcode at run-time and then set the sysctl, but is a bit
messy to obtain and decode the microcode in a format that cpucontrol
understands. I just posted the sequence. But you need to pull the
microcode from somewhere, too if the normal packages don't have it (which
they don't, yet). This mitigation currently only messes with the IBPB bit
(MSR 0x48=1).
Performance loss for normal workloads depends on the cpu. Approximately
12% on Haswell and 5% on Skylake. This does NOT count the loss from the
meltdown mitigation, so add them together.
Modes supported:
0 IBPB disabled, no Spectre mitigation
1 IBPB enabled for kernel mode.
2 IBPB enabled at all times.
Note that mode 2 results in a HUGE performance loss. Approximately 53%
on Haswell and 24% on Skylake. Mode 2 is not recommended at this time.
Again, this sysctl will only operate if the machine's microcode
supports the feature.
RetPoline work is in progress but it could be a while (up to a month)
before we get a compiler capable of generating it fully integrated.
--
Generally speaking, we recommend letting the system select the defaults if
safety and security is a concern. We will try to pick reasonable
settings. It will turn on meltdown for Intel CPUs and it will use Spectre
mode 1 for Intel CPUs if the microcode has the feature. Once RetPoline is
in place, some people may opt to turn off the Spectre mitigation.
I don't have any new AMD microcode for testing yet, so the Spectre
mitigation is currently Intel-only.
-Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20180109/394df030/attachment.htm>
More information about the Users
mailing list