Re: Disabling speculative execution mitigations
On Fri, 6 Dec 2019 at 22:54, O'Connor, Daniel wrote: > > With respect to the man page, I find it difficult to know what a given value > for each sysctl will do, as evidenced by my confusion above about IBRS. scottl recently moved these sysctls to machdep.mitigations in r355436, but they've kept the existing names and sense. So, some still have an enable control while some are disable, some report "state: inactive" while others report "active: 0". Work is ongoing now to rationalize these so that the sense is true for mitigation enabled. Backwards compatibility will be maintained for the sysctl paths in stable (e.g. hw.ibrs*) but not the interim names (machdep.mitigations.*) ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Disabling speculative execution mitigations
> On 7 Dec 2019, at 00:52, Konstantin Belousov wrote: > > On Fri, Dec 06, 2019 at 03:51:04PM +1030, O'Connor, Daniel wrote: >> Hi, >> I am trying to track down a performance drop with the ASPEED xorg video >> driver between FreeBSD 11 and 12 (I'm not expecting miracles from it but it >> was basically unusable..) >> >> I wondered if some of the speculative execution mitigations could be causing >> the problem so I did some digging and found these.. >> >> vm.pmap.pti="0"# Disable page table isolation >> hw.ibrs_disable="1"# Disable Indirect Branch Restricted Speculation > This line enables IBRS. Oops, thanks. >> hw.mds_disable="0" # Disable Microarchitectural Data Sampling flush >> hw.vmm.vmx="1" # Don't flush RSB on vmexit (presumably only affects >> bhyve etc) > I have no idea what this line should configure. It should have been.. hw.vmm.vmx.no_flush_rsb="1" Not that it would affect my test system since I'm not use vmm.ko >> hw.lazy_fpu_switch="1" # Lazily flush FPU >> >> Does anyone know of any others? > Did you read security(7) (on HEAD)? Nope, I didn't even know it existed. Basically, I went through the MFCs listed at https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities and looked for tuneables and sysctls. With respect to the man page, I find it difficult to know what a given value for each sysctl will do, as evidenced by my confusion above about IBRS. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Disabling speculative execution mitigations
On Fri, 06 Dec 2019 06:21:04 +0100, O'Connor, Daniel wrote: vm.pmap.pti="0"# Disable page table isolation hw.ibrs_disable="1"# Disable Indirect Branch Restricted Speculation hw.mds_disable="0" # Disable Microarchitectural Data Sampling flush hw.vmm.vmx="1" # Don't flush RSB on vmexit (presumably only affects bhyve etc) hw.lazy_fpu_switch="1" # Lazily flush FPU Does anyone know of any others? hw.spec_store_bypass_disable=2 I have that on 11.3 (no idea yet about 12). And honestly, I lost track which of these should be on, off, automatic, opaque or elsewhere to achieve either performance or security (not to mention for which cores and under which circumstances it would matter, and what the impact might be), and my oracle says this will not end with these. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Disabling speculative execution mitigations
On Fri, Dec 06, 2019 at 03:51:04PM +1030, O'Connor, Daniel wrote: > Hi, > I am trying to track down a performance drop with the ASPEED xorg video > driver between FreeBSD 11 and 12 (I'm not expecting miracles from it but it > was basically unusable..) > > I wondered if some of the speculative execution mitigations could be causing > the problem so I did some digging and found these.. > > vm.pmap.pti="0"# Disable page table isolation > hw.ibrs_disable="1"# Disable Indirect Branch Restricted Speculation This line enables IBRS. > hw.mds_disable="0" # Disable Microarchitectural Data Sampling flush > hw.vmm.vmx="1" # Don't flush RSB on vmexit (presumably only affects > bhyve etc) I have no idea what this line should configure. > hw.lazy_fpu_switch="1" # Lazily flush FPU > > Does anyone know of any others? Did you read security(7) (on HEAD)? > > I have 2 systems with the same motherboard (Supermicro X11SSH-F), one is > older and runs FreeBSD 11 (and had an older BIOS_ and the newer runs FreeBSD > 12. > > FWIW on FreeBSD 11 the performance (measured by a subset of x11perf > benchmarks) went down 40% after updating to the latest BIOS (2.2a). > Unfortunately on FreeBSD 12 rolling back to the original BIOS (2.2) did not > improve performance. > > -- > Daniel O'Connor > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > > > ___ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Disabling speculative execution mitigations
Hi, I am trying to track down a performance drop with the ASPEED xorg video driver between FreeBSD 11 and 12 (I'm not expecting miracles from it but it was basically unusable..) I wondered if some of the speculative execution mitigations could be causing the problem so I did some digging and found these.. vm.pmap.pti="0"# Disable page table isolation hw.ibrs_disable="1"# Disable Indirect Branch Restricted Speculation hw.mds_disable="0" # Disable Microarchitectural Data Sampling flush hw.vmm.vmx="1" # Don't flush RSB on vmexit (presumably only affects bhyve etc) hw.lazy_fpu_switch="1" # Lazily flush FPU Does anyone know of any others? I have 2 systems with the same motherboard (Supermicro X11SSH-F), one is older and runs FreeBSD 11 (and had an older BIOS_ and the newer runs FreeBSD 12. FWIW on FreeBSD 11 the performance (measured by a subset of x11perf benchmarks) went down 40% after updating to the latest BIOS (2.2a). Unfortunately on FreeBSD 12 rolling back to the original BIOS (2.2) did not improve performance. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
