Disabling speculative execution mitigations
Peter
peter at citylink.dinoex.sub.org
Sat Dec 7 02:13:40 UTC 2019
On Fri, 06 Dec 2019 06:21:04 +0100, O'Connor, Daniel <darius at dons.net.au>
wrote:
> vm.pmap.pti="0" # Disable page table isolation
> hw.ibrs_disable="1" # Disable Indirect Branch Restricted Speculation
> hw.mds_disable="0" # Disable Microarchitectural Data Sampling flush
> hw.vmm.vmx="1" # Don't flush RSB on vmexit (presumably only
> affects bhyve etc)
> hw.lazy_fpu_switch="1" # Lazily flush FPU
>
> Does anyone know of any others?
hw.spec_store_bypass_disable=2
I have that on 11.3 (no idea yet about 12). And honestly, I lost track
which of these should be on, off, automatic, opaque or elsewhere to
achieve either performance or security (not to mention for which cores and
under which circumstances it would matter, and what the impact might be),
and my oracle says this will not end with these.
More information about the freebsd-stable
mailing list