DragonFlyBSD Posts Initial Kernel Fix For Spectre
Last week DragonFlyBSD lead developer Matthew Dillon posted initial patches for addressing Meltdown on this popular BSD distribution. Dillon has now posted his initial patch for targeting the Spectre CPU vulnerability.
This commit is Matthew Dillon's initial stab at addressing Spectre mitigation.
This machdep.spectre_mitigation work is modelled similarly around the Linux IBRS code with the new MSRs when having updated CPU micrcode.
Matthew Dillon reports that this Spectre mitigation work is yielding around a 5~12% performance loss on Skylake and 12~53% performance loss for Haswell depending upon the mode. Like with the Meltdown work, the overhead of system calls has gone up significantly.
Prior to that he also landed another patch for where Meltdown the sysctl tunable of machdep.isolated_user_pmap is renamed to machdep.meltdown_mitigation.
These security improvements will be found in the upcoming DragonFlyBSD 5.1 release. Kudos to Matthew Dillon for being on top of Spectre/Meltdown handling in the BSD space and beating out the other BSD operating systems to patching.
This commit is Matthew Dillon's initial stab at addressing Spectre mitigation.
This machdep.spectre_mitigation work is modelled similarly around the Linux IBRS code with the new MSRs when having updated CPU micrcode.
Matthew Dillon reports that this Spectre mitigation work is yielding around a 5~12% performance loss on Skylake and 12~53% performance loss for Haswell depending upon the mode. Like with the Meltdown work, the overhead of system calls has gone up significantly.
Prior to that he also landed another patch for where Meltdown the sysctl tunable of machdep.isolated_user_pmap is renamed to machdep.meltdown_mitigation.
These security improvements will be found in the upcoming DragonFlyBSD 5.1 release. Kudos to Matthew Dillon for being on top of Spectre/Meltdown handling in the BSD space and beating out the other BSD operating systems to patching.
3 Comments