cost/benefit of some src.conf options

Dimitry Andric dim at FreeBSD.org
Fri Mar 26 18:46:43 UTC 2021 

On 26 Mar 2021, at 15:01, tech-lists <tech-lists at zyxst.net> wrote:
> 
> Please can someone briefly explain the impact of the following, in
> an *arm64* stable/13 exposed-to-the-internet context:
> 
> 1. WITH_INIT_ALL_PATTERN=
> 2. WITH_KERNEL_RETPOLINE=
> 3. WITH_RETPOLINE=

How briefly, exactly? Quoting src.conf(5), in order:

     WITH_INIT_ALL_PATTERN
             Set to build the base system or kernel with stack variables
             initialized to (compiler defined) debugging patterns on function
             entry.  This option requires the clang compiler.


     WITH_KERNEL_RETPOLINE
             Set to enable the "retpoline" mitigation for CVE-2017-5715 in the
             kernel build.


     WITH_RETPOLINE
             Set to build the base system with the retpoline speculative
             execution vulnerability mitigation for CVE-2017-5715.


> these aren't enabled by default in arm64. Is there a reason for that?

First of all, because of the performance impact, which can be
significant depending on your specific use case. And secondly, because
compiling with non-default options tends to expose unexpected bugs in
the implementation. (Both in the compiler itself, and in the programs
which are compiled.)

That said, the retpoline mechanisms tend to be fairly well tested by
now, but will still have a non-negligible performance impact, maybe even
a large impact, depending on your workload. There is no simple answer
here, you will have to measure it for yourself.

The init pattern stuff is pretty new, and will almost certainly give
some unexpected effects, such as triggering assertions, and hopefully
exposing bugs. But you will most likely also run into corner cases that
are not handled well by the compiler and/or the software you are
building. The performance impact will certainly not be negligible due
to all the additional memory accesses. :)

-Dimitry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 223 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20210326/6aa30420/attachment.sig>

More information about the freebsd-hackers mailing list