Meltdown and Spectre and DragonFly

By now you’ve probably heard of the Meltdown/Spectre attacks.  (background rumors, technical note)  Matthew Dillon’s put together a Meltdown mitigation in DragonFly, done in four commits.

It’s turned off and on by the sysctl machdep.isolated_user_pmap – and defaults to on for Intel CPUs.  Buildworld tests show about a 4-5% performance hit, but that’s only one form of activity, measured, so there will surely be other effects.

Note that Spectre is not mitigated by this commit series, and as I understand it, cannot be realistically fixed in software.

Update: Matthew Dillon posted a summary to users@.

Update 2: He told us so.

One Reply to “Meltdown and Spectre and DragonFly”

  1. Thanks for introducing the sysctl machdep.isolated_user_pmap. I can imagine many cases of a server running 100% trusted code and not wanting to take factor of three slowdown in the system calls mechanism.

    For desktop systems, if isolated_user_pmap could be implemented per process, then the trusted part of user land could run full speed and with only the untrusted code, for example web assembly in a browser, experiencing a slowdown from the mitigation.

Comments are closed.