On Fri, 06 Dec 2019 06:21:04 +0100, O'Connor, Daniel <dar...@dons.net.au>
wrote:
vm.pmap.pti="0" # Disable page table isolation
hw.ibrs_disable="1" # Disable Indirect Branch Restricted Speculation
hw.mds_disable="0" # Disable Microarchitectural Data Sampling flush
hw.vmm.vmx="1" # Don't flush RSB on vmexit (presumably only
affects bhyve etc)
hw.lazy_fpu_switch="1" # Lazily flush FPU
Does anyone know of any others?
hw.spec_store_bypass_disable=2
I have that on 11.3 (no idea yet about 12). And honestly, I lost track
which of these should be on, off, automatic, opaque or elsewhere to
achieve either performance or security (not to mention for which cores and
under which circumstances it would matter, and what the impact might be),
and my oracle says this will not end with these.
_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
