Matthew Dillon posted a summary of IBRS and IBPB support in DragonFly, and some numbers showing its impact in various configurations of options and CPUs.
If you’re on the bleeding edge of DragonFly and already updated for Meltdown fixes, there’s a few more commits you’ll want to get.
Matthew Dillon wrote a summary of the current status, noting there’s not much you can do for Spectre beyond new hardware. There is an update to the “defensive browser setup” plan for DragonFly (using –site-per-process) that can help at least with Javascript versions of Spectre.
Update: step-by-step microcode fixes from Intel if you really want to trash your performance.
By now you’ve probably heard of the Meltdown/Spectre attacks. (background rumors, technical note) Matthew Dillon’s put together a Meltdown mitigation in DragonFly, done in four commits.
It’s turned off and on by the sysctl machdep.isolated_user_pmap – and defaults to on for Intel CPUs. Buildworld tests show about a 4-5% performance hit, but that’s only one form of activity, measured, so there will surely be other effects.
Note that Spectre is not mitigated by this commit series, and as I understand it, cannot be realistically fixed in software.
Update: Matthew Dillon posted a summary to users@.
Update 2: He told us so.
the md5(1) utility on DragonFly now does SHA512 checksums, thanks to Rimvydas Jasinskas. You can see it as a separate ‘sha512’ binary in /sbin, but it’s a hard link back to the original md5, if I’m reading the commit right.
If you run ‘top -M‘, CPU states are reported on a per-CPU basis. It turns out that having over 110 CPUs will cause a segmentation fault – but not any longer! I wish I had a screenshot for this.
If your DragonFly-current system was built between December 6th and 10th, you should upgrade. There’s a memory corruption bug that may bite you otherwise – but it only existed for those 4 days.
Syscons now holds 10 screens back, not 4. Every few years, I really, really need that.
This is not as catastrophic as it may seem. I did not know this, but there’s a utility called dm(8), for Dungeon Master, used to control game access on a BSD system. It’s now gone on DragonFly, since its controls aren’t needed, and its setuid ability definitely isn’t needed.
Thanks to Rimvydas Jasinskas, it’s possible to ‘make NOSHARED=yes buildworld‘ and build a complete DragonFly world without shared libraries.
There’s several ‘lockmgr’ test programs in DragonFly that can be used to test locking performance. Matthew Dillon used them recently to test some locking optimizations.
Welcome new DragonFly committer, Peeter Must!
Do you have a terabyte or more of RAM? You can boot DragonFly. In theory over 32 terabytes will require changes – but oh, to have such problems…
Noted from this commit: if you are routing over IPv6 directly to another address, the sysctl net.inet6.icmp6.nd6_onlink_ns_rfc4861 must be set to 1.
rdist has been removed. Does anyone mind? I don’t think so.
sys_pipe has been modified to avoid contention on DragonFly, which means better performance as tasks get handed between processors. See the commit message for details.
Matthew Dillon has added KVABIO, an API for avoiding the need to sync the TLB across all CPUs before continuing. What’s this mean? The more CPUs you are dealing with, the longer it takes to make sure all of them have the same cached view of the virtual memory. There’s a tradeoff – caching that view speeds up memory access, but the time cost of the synchronization can erase those benefits.
This API is now supported for NVMe and swap, HAMMER2, and tmpfs. Note that those last two links show a huge drop in IPI messaging. In the real world, this showed about a 5% improvement in performance for CPU-intensive work like complete synth builds. (Based on IRC conversations.)
The ppp kernel module has been removed. It’s still possible to run ppp(8) in userland, with tun(4), so it’s only a change in strategy, not result.
This is a bugfix release, adding HAMMER2 support in initrd, among other cleanup commits. The tag message lists the changes. There’s no huge changes, but it’s only a bugfix release.