Meltdown and Spectre and DragonFly

By now you’ve probably heard of the Meltdown/Spectre attacks.  (background rumors, technical note)  Matthew Dillon’s put together a Meltdown mitigation in DragonFly, done in four commits.

It’s turned off and on by the sysctl machdep.isolated_user_pmap – and defaults to on for Intel CPUs.  Buildworld tests show about a 4-5% performance hit, but that’s only one form of activity, measured, so there will surely be other effects.

Note that Spectre is not mitigated by this commit series, and as I understand it, cannot be realistically fixed in software.

Update: Matthew Dillon posted a summary to users@.

Update 2: He told us so.

One Reply to “Meltdown and Spectre and DragonFly”

  1. Thanks for introducing the sysctl machdep.isolated_user_pmap. I can imagine many cases of a server running 100% trusted code and not wanting to take factor of three slowdown in the system calls mechanism.

    For desktop systems, if isolated_user_pmap could be implemented per process, then the trusted part of user land could run full speed and with only the untrusted code, for example web assembly in a browser, experiencing a slowdown from the mitigation.

Comments are closed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)

Mentions

  • Anonymous