Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 7 Dec 2019 13:58:25 +1030
From:      "O'Connor, Daniel" <darius@dons.net.au>
To:        Konstantin Belousov <kostikbel@gmail.com>
Cc:        freebsd-stable <freebsd-stable@freebsd.org>
Subject:   Re: Disabling speculative execution mitigations
Message-ID:  <BA7092AF-29E4-4B7B-B8D6-5CD76D99CD4A@dons.net.au>
In-Reply-To: <20191206142221.GL2744@kib.kiev.ua>
References:  <C19DE24E-22CB-4E55-95CE-0A07FC8A23F5@dons.net.au> <20191206142221.GL2744@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 


> On 7 Dec 2019, at 00:52, Konstantin Belousov <kostikbel@gmail.com> =
wrote:
>=20
> On Fri, Dec 06, 2019 at 03:51:04PM +1030, O'Connor, Daniel wrote:
>> Hi,
>> I am trying to track down a performance drop with the ASPEED xorg =
video driver between FreeBSD 11 and 12 (I'm not expecting miracles from =
it but it was basically unusable..)
>>=20
>> I wondered if some of the speculative execution mitigations could be =
causing the problem so I did some digging and found these..
>>=20
>> vm.pmap.pti=3D"0"        # Disable page table isolation
>> hw.ibrs_disable=3D"1"    # Disable Indirect Branch Restricted =
Speculation
> This line enables IBRS.

Oops, thanks.

>> hw.mds_disable=3D"0"     # Disable Microarchitectural Data Sampling =
flush
>> hw.vmm.vmx=3D"1"         # Don't flush RSB on vmexit (presumably only =
affects bhyve etc)
> I have no idea what this line should configure.

It should have been..
hw.vmm.vmx.no_flush_rsb=3D"1"

Not that it would affect my test system since I'm not use vmm.ko

>> hw.lazy_fpu_switch=3D"1" # Lazily flush FPU
>>=20
>> Does anyone know of any others?
> Did you read security(7) (on HEAD)?

Nope, I didn't even know it existed.

Basically, I went through the MFCs listed at =
https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities and looked =
for tuneables and sysctls.

With respect to the man page, I find it difficult to know what a given =
value for each sysctl will do, as evidenced by my confusion above about =
IBRS.

--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
 -- Andrew Tanenbaum

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BA7092AF-29E4-4B7B-B8D6-5CD76D99CD4A>