Are you tired of hearing about Meltdown/Spectre yet? Doesn’t matter! The two sysctls for controlling mitigation in DragonFly have been renamed:
machdep.meltdown_mitigation machdep.spectre_mitigation
They go to hopefully sensible defaults, but Matthew Dillon has done some testing to show the effects of each in various combinations. (Update: more changes and tests.) Note that this is not the final mitigation work; compilers (i.e. gcc) are being updated to include workarounds for this, so new gcc -> new compiler in DragonFly -> new defenses. No silver bullet there, though.
Some of the performance deltas, ouch.
Good work by Matt to characterize the impact.
Are new 5.0.x images with fixes planned?
I don’t think Matt has yet been able to evaluate if he can backport – this work is all in master so far.
If it is backportable, I do plan to roll a new 5.0.x release.