And by the way, if it is *just routing* -- in the kernel -- then neither Meltdown NOR MDS are involved in what you perceive as performance problems, since those only happen upon *context switch to/from userland*.
As I was saying... we don't want to provide these knobs for people who cannot make the correct decisions because they don't actually understand the security issues. Elias Carter <edcar...@ualberta.ca> wrote: > Would there be any interest in having a sysctl to enable/disable > meltdown and mds mitigations? > I was poking around 'sys/arch/amd64/amd64/cpu.c' and it appears that > these mitigations are currently hardcoded. > > The benefit of having these sysctl's is that they would allow users to > disable the mitigations for a tradeoff in performance. For example, I > have an OpenBSD router only running dhcpd and pf which is struggling > to keep up with a gigabit connection. Given that the system is only > doing routing, I would assume it would be relatively low risk to > disable the mitigations to get better performance. > > Thoughts? > Elias >
