Fair enough. Thanks for the information. I will look at doing some profiling to figure out what the routing bottleneck is instead of going off a hunch.
On Tue, May 26, 2020 at 5:13 PM Theo de Raadt <[email protected]> wrote: > > And by the way, if it is *just routing* -- in the kernel -- then > neither Meltdown NOR MDS are involved in what you perceive as > performance problems, since those only happen upon *context switch > to/from userland*. > > As I was saying... we don't want to provide these knobs for people who > cannot make the correct decisions because they don't actually understand > the security issues. > > > Elias Carter <[email protected]> wrote: > > > Would there be any interest in having a sysctl to enable/disable > > meltdown and mds mitigations? > > I was poking around 'sys/arch/amd64/amd64/cpu.c' and it appears that > > these mitigations are currently hardcoded. > > > > The benefit of having these sysctl's is that they would allow users to > > disable the mitigations for a tradeoff in performance. For example, I > > have an OpenBSD router only running dhcpd and pf which is struggling > > to keep up with a gigabit connection. Given that the system is only > > doing routing, I would assume it would be relatively low risk to > > disable the mitigations to get better performance. > > > > Thoughts? > > Elias > >
