freebsd stable - Feb 2018 - stable/11 r329462 - Meltdown/Spectre MFC questions

Reference: https://svnweb.freebsd.org/base?view=revision&revision=329462

Do the following new loader tunables and sysctls have documentation
anywhere?  I ask because I wish to know how to turn all of this off (yes
you heard me correctly), as not all systems necessarily require
mitigation of these flaws.

Best I can tell from skimming source:

vm.pmap.pti
  - Description: Page Table Isolation enabled
  - Loader tunable, visible in sysctl (read-only)
  - Integer
  - Default value: depends on CPU model and capabilities, see
    function pti_get_default(); looks like AMD = 0, any CPU with
    RDCL_NO capability enabled = 0, else 1

hw.ibrs_active
  - Description: Indirect Branch Restricted Speculation active
  - sysctl (read-only)
  - Integer
  - Real-time indicator as to if IBRS is currently on or off

hw.ibrs_disable 
  - Description: Disable Indirect Branch Restricted Speculation
  - Loader tunable and sysctl tunable (read-write)
  - Integer
  - Default value: unsure.  Variable declaration has 1 but
    SYSCTL_PROC() macro has 0.

Thank you.

-- 
| Jeremy Chadwick                                   jdc at koitsu.org |
| UNIX Systems Administrator                http://jdc.koitsu.org/ |
| Making life hard for others since 1977.             PGP 4BD6C0CB |

On Feb 17 11:47, Jeremy Chadwick wrote:
>Reference: https://svnweb.freebsd.org/base?view=revision&revision=329462
>
>Do the following new loader tunables and sysctls have documentation
>anywhere?  I ask because I wish to know how to turn all of this off (yes
>you heard me correctly), as not all systems necessarily require
>mitigation of these flaws.
>
+1. I have an Intel Atom D525 "Pineview" which I'm led to believe 
doesn't have these flaws and therefore unless it's detected and disabled
automatically I too would like to have documentation on how to view the 
current status, and disable it as required.

And thank you for pointing this out. I can now just wait a while to see 
what comes along rather than accidentally upgrading it and killing the 
already really slow performance.

-- 
Matt

On 17.02.2018 20:47, Jeremy Chadwick wrote:
> hw.ibrs_disable
>    - Description: Disable Indirect Branch Restricted Speculation
>    - Loader tunable and sysctl tunable (read-write)
>    - Integer
>    - Default value: unsure.  Variable declaration has 1 but
>      SYSCTL_PROC() macro has 0.
> 

Strange thing is that tweaking `hw.ibrs_disable` has no effect on 
`hw.ibrs_active` on my side.

-- 
David Marec
https://lapinbilly.eu/