CPU bug hardening added to DragonFly

Matthew Dillon’s added some patches to DragonFly related to securing floating point state, following similar work in OpenBSD.  There isn’t a reported catchy-name issue to match it, like Spectre/Meltdown – yet.

(If anyone has a good link to the similar OpenBSD commits, please share; I did not find them on a cursory search.)

Update: the fix is now in 5.2 and an update is recommended.

mkinitrd out, initrd in

There was an optional ‘make initrd’ step in the DragonFly build process, where you can create a small binary to use for mounting encrypted root drives.

Aaron LI has removed mkinitrd in favor of ‘make initrd’, which builds a separate binary to use in exactly those situations.  See the commit message for more detail.  It incidentally creates a ‘/rescue’ directory and works as a rescue ramdisk, similar to other BSDs, if you should ever need it.  (See updated MOTD for details)

CVE-2018-8897 fix in, more Spectre fixes for DragonFly

A recent and new CPU bug, CVE-2018-8897, is fixed in DragonFly.  THis applies to both Intel and AMD processors.  I’m happy to see that the CERT page lists equal notification timing for a whole lot of operating systems, rather than the few that heard about Spectre/Meltdown early.

Following that topic, Matthew Dillon has “fleshed out” Spectre mitigations, and his commit message details the current state.  The sysctl ‘machdep.spectre_mitigation’ will tell you what’s set at any given point.

Update: update.

dfly drm irq

Here’s something that doesn’t have an immediate impact now, but will be useful down the road: Francois Tigeot has been working on DRM support in DragonFly, and has been quite successful with Intel video support.  His strategy has been to adopt Linux methods where possible, to reduce the amount of support work.  The payoff has been excellent, and prompt,  accelerated video support in DragonFly.  The most recent work is “git: drm: Implement parts of the Linux irq subsystem“, which is going to come in handy for someone, I’m sure.