CPU bug hardening added to DragonFly

Matthew Dillon’s added some patches to DragonFly related to securing floating point state, following similar work in OpenBSD.  There isn’t a reported catchy-name issue to match it, like Spectre/Meltdown – yet.

(If anyone has a good link to the similar OpenBSD commits, please share; I did not find them on a cursory search.)

Update: the fix is now in 5.2 and an update is recommended.

5 Replies to “CPU bug hardening added to DragonFly”

  1. There are starting to be lots of defensive measures being taken to prevent information leakage through side-channels resulting from speculative execution which appear computationally expensive. While desktop usage and certain kinds of server and cloud usage benefit from these mitigations, there are other cases, for example high performance computing, where one doesn’t care about information leakage through side-channels created by speculative execution. Any thoughts on making all performance compromising mitigations optional?

  2. There’s sysctls that control the behavior for this and other vulnerabilities, so they are already optional. They are described in the commit messages.

Comments are closed.