More Meltdown fixes

If you’re on the bleeding edge of DragonFly and already updated for Meltdown fixes, there’s a few more commits you’ll want to get.

Matthew Dillon wrote a summary of the current status, noting there’s not much you can do for Spectre beyond new hardware.   There is an update to the “defensive browser setup” plan for DragonFly (using –site-per-process) that can help at least with Javascript versions of Spectre.

Update: step-by-step microcode fixes from Intel if you really want to trash your performance.

Meltdown and Spectre and DragonFly

By now you’ve probably heard of the Meltdown/Spectre attacks.  (background rumors, technical note)  Matthew Dillon’s put together a Meltdown mitigation in DragonFly, done in four commits.

It’s turned off and on by the sysctl machdep.isolated_user_pmap – and defaults to on for Intel CPUs.  Buildworld tests show about a 4-5% performance hit, but that’s only one form of activity, measured, so there will surely be other effects.

Note that Spectre is not mitigated by this commit series, and as I understand it, cannot be realistically fixed in software.

Update: Matthew Dillon posted a summary to users@.

Update 2: He told us so.