Administrative > Messages from the pfSense Team

pfSense 2.4.3 snapshots with Kernel PTI mitigations available for testing!

(1/2) > >>

pfSense version 2.4.3 snapshots with Kernel PTI mitigations for #Meltdown are now available for download. We would love to hear about performance results from you! We have exposed the kernel option to enable / disable same.

For my testbox it always shows as disabled on the dashboard.. (and the sysctl vm.pmap.pti is always 0).

--- Code: ---System Information   
Version 2.4.3-DEVELOPMENT (amd64)
built on Fri Feb 23 13:50:19 CST 2018
FreeBSD 11.1-RELEASE-p6

The system is on the latest version.
Version information updated at Sat Feb 24 14:59:14 CET 2018  
Kernel PTI Disabled
--- End code ---
While the loader.conf does not contain vm.pmap.pti="0" at that time.

After enabling/disabling the option in gui misc settings a few times my loader.conf looks like this.. (4x the pti option..):

--- Code:

--- End code ---

Think it needs a bit more work.?.

Did you reboot after making changes? We'll add that to description in the next snaps.

Yes rebooted several times..

It seems to be disabled by default in the kernel, and 'forcefully' disabled by the setting in loader.conf when disabled through the gui. Which is never removed by the gui again..
I changed the loader.conf manually to have vm.pmap.pti="1" rebooted and then dashboard will say "Enabled".

As for actual effects of the setting, i have not tried any performance testing, or seen any problems sofar myself.

It might be helpful to know whether you are running AMD or Intel in your test box.  I have not read through the development threads for the page table isolation code under FreeBSD, but under Linux the code includes CPU detection.  In Linux, the PTI code is activated automatically only on Intel hardware to mitigate Meltdown.  AMD processors are not susceptible to Meltdown, but PTI may be forced anyway with kernel boot parameters.  I wonder if you are experiencing something similar here.


[0] Message Index

[#] Next page

Go to full version