Re: Disabling speculative execution mitigations
> On 7 Dec 2019, at 00:52, Konstantin Belousov wrote: > > On Fri, Dec 06, 2019 at 03:51:04PM +1030, O'Connor, Daniel wrote: >> Hi, >> I am trying to track down a performance drop with the ASPEED xorg video >> driver between FreeBSD 11 and 12 (I'm not expecting miracles from it but it >> was basically unusable..) >> >> I wondered if some of the speculative execution mitigations could be causing >> the problem so I did some digging and found these.. >> >> vm.pmap.pti="0"# Disable page table isolation >> hw.ibrs_disable="1"# Disable Indirect Branch Restricted Speculation > This line enables IBRS. Oops, thanks. >> hw.mds_disable="0" # Disable Microarchitectural Data Sampling flush >> hw.vmm.vmx="1" # Don't flush RSB on vmexit (presumably only affects >> bhyve etc) > I have no idea what this line should configure. It should have been.. hw.vmm.vmx.no_flush_rsb="1" Not that it would affect my test system since I'm not use vmm.ko >> hw.lazy_fpu_switch="1" # Lazily flush FPU >> >> Does anyone know of any others? > Did you read security(7) (on HEAD)? Nope, I didn't even know it existed. Basically, I went through the MFCs listed at https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities and looked for tuneables and sysctls. With respect to the man page, I find it difficult to know what a given value for each sysctl will do, as evidenced by my confusion above about IBRS. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Disabling speculative execution mitigations
On Fri, 06 Dec 2019 06:21:04 +0100, O'Connor, Daniel wrote: vm.pmap.pti="0"# Disable page table isolation hw.ibrs_disable="1"# Disable Indirect Branch Restricted Speculation hw.mds_disable="0" # Disable Microarchitectural Data Sampling flush hw.vmm.vmx="1" # Don't flush RSB on vmexit (presumably only affects bhyve etc) hw.lazy_fpu_switch="1" # Lazily flush FPU Does anyone know of any others? hw.spec_store_bypass_disable=2 I have that on 11.3 (no idea yet about 12). And honestly, I lost track which of these should be on, off, automatic, opaque or elsewhere to achieve either performance or security (not to mention for which cores and under which circumstances it would matter, and what the impact might be), and my oracle says this will not end with these. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: ng_ipacct on FreeBSD 12.1 doesnt work
07.12.2019 7:22, Eugene Grosbein wrote: Adding port maintainer to CC: >> Yes. It works. Thank you very much. >> >> I delete manual copied file. >> I install ports via portsnap. >> I fetch srcs from ftp. >> And install ng_ipacct from ports. >> And option VIMAGE in port ng_ipacct was disabled. I dont know why. >> option VIMAGE in kernel of 12.1 by default is enabled. >> >> PS Is any option for pkg install to enable VIMAGE in this port? >> Or I need to return to /usr/src and /usr/ports to rebuild this port after >> each FreeBSD version upgrade? >> >> So. I use FreeBSD many years. And in a few years ago I switched from manual >> building of kernel and world to freebsd-update. It works on 10.x version >> well. I install on that freebsd version ng_ipacct via "pkg install". And all >> works fine. >> On version 11.1 it looks like all was fine too. Work with total pkg upgrade >> after upgrade FreeBSD from version 10 to 11. Here I dont sure, because I was >> on version 11.3 only a few days. At least one or two years it works on >> version 11.1 very well. >> But after upgrade from 11.3 to 12.1 "pkg install ng_ipacct" got broken. >> Is it really can be? Or it's my mistake? > > This option is enabled by default, so the package should be built accordingly. > Are you sure you use official source for packages? Sorry, I was wrong: the port defaults to disabled VIMAGE option, this explains your difficulty. Vsevolid, please consider enabling option VIMAGE for net-mgmt/ng_ipacct for branches having VIMAGE in GENERIC, so the package would be usable out-of-the-box there. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: ng_ipacct on FreeBSD 12.1 doesnt work
07.12.2019 6:03, Eugene Kazarinov wrote: > Yes. It works. Thank you very much. > > I delete manual copied file. > I install ports via portsnap. > I fetch srcs from ftp. > And install ng_ipacct from ports. > And option VIMAGE in port ng_ipacct was disabled. I dont know why. > option VIMAGE in kernel of 12.1 by default is enabled. > > PS Is any option for pkg install to enable VIMAGE in this port? > Or I need to return to /usr/src and /usr/ports to rebuild this port after > each FreeBSD version upgrade? > > So. I use FreeBSD many years. And in a few years ago I switched from manual > building of kernel and world to freebsd-update. It works on 10.x version > well. I install on that freebsd version ng_ipacct via "pkg install". And all > works fine. > On version 11.1 it looks like all was fine too. Work with total pkg upgrade > after upgrade FreeBSD from version 10 to 11. Here I dont sure, because I was > on version 11.3 only a few days. At least one or two years it works on > version 11.1 very well. > But after upgrade from 11.3 to 12.1 "pkg install ng_ipacct" got broken. > Is it really can be? Or it's my mistake? This option is enabled by default, so the package should be built accordingly. Are you sure you use official source for packages? ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Boot fails with USB 3.0 external harddrive plugged in
[fcash@rogue /home/fcash]$ freebsd-version -ku 12.0-RELEASE-p8 12.0-RELEASE-p8 This system was previously running FreeBSD 11.2 and didn't have any issues booting with the external USB drive plugged into the USB 3.0 ports on the motherboard. Ever since upgrading to 12.0, and through all the updates to -p8, booting with the external drive plugged in fails. It will eventually get through the loader, start to load the kernel, then drop to a black screen, and (after a few minutes) power off the system completely. The boot process is *extremely* slow with the USB drive plugged in. As in, you can watch the loader cursor twirl at about 1 frame every few seconds. However, if I am sitting at the computer, I can press any key on the keyboard (even shift, ctrl, alt, or spacebar), and it will make the cursor spin at a normal speed for a second or two. So, if I hit a key on the keyboard every other second, it will go through a normal boot process. I seem to recall there was a similar issue on the mailing list a couple months back, but my google-fu is failing me. :( I thought there was a loader.conf setting that resolved that issue, but I can't seem to find it. If I unplug the external drive, it boots normally without any user intervention. Connecting the drive after the login prompt appears, everything works normally. It's only the boot process that is an issue. This is an olded system, using an AMD Phenom-II quad-core CPU, but has 16 GB of RAM, and 6 harddrives in a ZFS pool. Has been working great, up until the 12.0 upgrade. I have plans to upgrade this system to 12.1 later this month. Just wondering if this is a known issue that's fixed in that release, or something new. xhci0: mem 0xfe80-0xfe807fff irq 46 at device 0.0 on pci2 xhci0: 32 bytes context size, 32-bit DMA xhci0: Unable to map MSI-X table usbus0 on xhci0 xhci1: mem 0xfe60-0xfe607fff irq 50 at device 0.0 on pci4 xhci1: 32 bytes context size, 32-bit DMA xhci1: Unable to map MSI-X table usbus1 on xhci1 ohci0: mem 0xfe90a000-0xfe90afff irq 18 at device 18.0 on pci0 usbus2 on ohci0 ehci0: mem 0xfe909000-0xfe9090ff irq 17 at device 18.2 on pci0 usbus3 on ehci0 ohci1: mem 0xfe908000-0xfe908fff irq 20 at device 19.0 on pci0 usbus4 on ohci1 ehci1: mem 0xfe907000-0xfe9070ff irq 21 at device 19.2 on pci0 usbus5 on ehci1 ohci2: mem 0xfe906000-0xfe906fff irq 18 at device 20.5 on pci0 usbus6 on ohci2 ohci3: mem 0xfe905000-0xfe905fff irq 22 at device 22.0 on pci0 usbus7 on ohci3 ehci2: mem 0xfe904000-0xfe9040ff irq 23 at device 22.2 on pci0 usbus8 on ehci2 da0 at umass-sim0 bus 0 scbus12 target 0 lun 0 da0: Fixed Direct Access SPC-3 SCSI device da0: Serial Number Z297HW2Q da0: 400.000MB/s transfers da0: 2861588MB (5860533168 512 byte sectors) da0: quirks=0x2 -- Freddie Cash fjwc...@gmail.com ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: ng_ipacct on FreeBSD 12.1 doesnt work
Yes. It works. Thank you very much. I delete manual copied file. I install ports via portsnap. I fetch srcs from ftp. And install ng_ipacct from ports. And option VIMAGE in port ng_ipacct was disabled. I dont know why. option VIMAGE in kernel of 12.1 by default is enabled. PS Is any option for pkg install to enable VIMAGE in this port? Or I need to return to /usr/src and /usr/ports to rebuild this port after each FreeBSD version upgrade? So. I use FreeBSD many years. And in a few years ago I switched from manual building of kernel and world to freebsd-update. It works on 10.x version well. I install on that freebsd version ng_ipacct via "pkg install". And all works fine. On version 11.1 it looks like all was fine too. Work with total pkg upgrade after upgrade FreeBSD from version 10 to 11. Here I dont sure, because I was on version 11.3 only a few days. At least one or two years it works on version 11.1 very well. But after upgrade from 11.3 to 12.1 "pkg install ng_ipacct" got broken. Is it really can be? Or it's my mistake? Thanks again. пт, 6 дек. 2019 г. в 22:37, Eugene Grosbein : > 07.12.2019 0:49, Eugene Kazarinov wrote: > > > pkg install ng_ipacct install ng_ipacct.ko in /boot/modules/ and it > > doesnt start > > > > if I copy ng_ipacct.ko to /boot/kernel/ it didnt start with error: > > link_elf_obj: symbol tcbinfo undefined > > linker_load_file: /boot/kernel/ng_ipacct.ko - unsupported file type > > > > How to run ng_ipacct on FreeBSD 12.1? > > The port has option VIMAGE enabled by default matching GENERIC kernel that > has options VIMAGE included. > It seems you have built the port with option VIMAGE disabled for some > reason. > > Use: make config clean all deinstall reinstall > to enable this option and rebuild ng_ipacct. You don't need to copy in > manually, remove copied file. > > ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: ng_ipacct on FreeBSD 12.1 doesnt work
07.12.2019 0:49, Eugene Kazarinov wrote: > pkg install ng_ipacct install ng_ipacct.ko in /boot/modules/ and it > doesnt start > > if I copy ng_ipacct.ko to /boot/kernel/ it didnt start with error: > link_elf_obj: symbol tcbinfo undefined > linker_load_file: /boot/kernel/ng_ipacct.ko - unsupported file type > > How to run ng_ipacct on FreeBSD 12.1? The port has option VIMAGE enabled by default matching GENERIC kernel that has options VIMAGE included. It seems you have built the port with option VIMAGE disabled for some reason. Use: make config clean all deinstall reinstall to enable this option and rebuild ng_ipacct. You don't need to copy in manually, remove copied file. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
ng_ipacct on FreeBSD 12.1 doesnt work
Hi. pkg install ng_ipacct install ng_ipacct.ko in /boot/modules/ and it doesnt start if I copy ng_ipacct.ko to /boot/kernel/ it didnt start with error: link_elf_obj: symbol tcbinfo undefined linker_load_file: /boot/kernel/ng_ipacct.ko - unsupported file type How to run ng_ipacct on FreeBSD 12.1? Thanks. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Disabling speculative execution mitigations
On Fri, Dec 06, 2019 at 03:51:04PM +1030, O'Connor, Daniel wrote: > Hi, > I am trying to track down a performance drop with the ASPEED xorg video > driver between FreeBSD 11 and 12 (I'm not expecting miracles from it but it > was basically unusable..) > > I wondered if some of the speculative execution mitigations could be causing > the problem so I did some digging and found these.. > > vm.pmap.pti="0"# Disable page table isolation > hw.ibrs_disable="1"# Disable Indirect Branch Restricted Speculation This line enables IBRS. > hw.mds_disable="0" # Disable Microarchitectural Data Sampling flush > hw.vmm.vmx="1" # Don't flush RSB on vmexit (presumably only affects > bhyve etc) I have no idea what this line should configure. > hw.lazy_fpu_switch="1" # Lazily flush FPU > > Does anyone know of any others? Did you read security(7) (on HEAD)? > > I have 2 systems with the same motherboard (Supermicro X11SSH-F), one is > older and runs FreeBSD 11 (and had an older BIOS_ and the newer runs FreeBSD > 12. > > FWIW on FreeBSD 11 the performance (measured by a subset of x11perf > benchmarks) went down 40% after updating to the latest BIOS (2.2a). > Unfortunately on FreeBSD 12 rolling back to the original BIOS (2.2) did not > improve performance. > > -- > Daniel O'Connor > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > > > ___ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
