lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-20 03:16:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

system: PTI/IBRS tunables; closes #2264

Browse Source
This commit is contained in:
Franco Fichtner 2018-03-17 15:00:41 +01:00
parent 8c44049298
commit e1b303497e
2 changed files with 43 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/etc/config.xml.sample
View File

@ -183,6 +183,16 @@
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
<item>
<descr><![CDATA[Page Table Isolation (Meltdown mitigation, requires reboot.)]]></descr>
<tunable>vm.pmap.pti</tunable>
<value>default</value>
</item>
<item>
<descr><![CDATA[Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)]]></descr>
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>

74
src/etc/inc/system.inc
View File

@ -73,49 +73,41 @@ function system_powerd_configure($verbose = false)
function get_default_sysctl_value($id)
{
$sysctls = array(
"debug.pfftpproxy" => "0",
"hw.syscons.kbd_reboot" => "0",
"kern.ipc.maxsockbuf" => "4262144",
"kern.randompid" => "347",
"kern.random.sys.harvest.interrupt" => 0,
"kern.random.sys.harvest.point_to_point" => 0,
"kern.random.sys.harvest.ethernet" => 0,
"kern.filedelay" => "5",
"kern.dirdelay" => "4",
"kern.metadelay" => "3",
"net.bpf.zerocopy_enable" => 1,
"net.inet.ip.portrange.first" => "1024",
"net.inet.tcp.blackhole" => "2",
"net.inet.udp.blackhole" => "1",
"net.inet.ip.random_id" => "1",
"net.inet.tcp.drop_synfin" => "1",
"net.inet.ip.redirect" => "1",
"net.inet6.ip6.redirect" => "1",
"net.inet6.ip6.use_tempaddr" => "0",
"net.inet6.ip6.prefer_tempaddr" => "0",
"net.inet.tcp.syncookies" => "1",
"net.inet.tcp.recvspace" => "65228",
"net.inet.tcp.sendspace" => "65228",
'net.inet.ip.sourceroute' => '0',
'net.inet.ip.accept_sourceroute' => '0',
'debug.pfftpproxy' => '0',
'hw.syscons.kbd_reboot' => '0',
'hw.ibrs_disable' => '0',
'kern.ipc.maxsockbuf' => '4262144',
'kern.randompid' => '347',
'net.inet.icmp.drop_redirect' => '0',
'net.inet.icmp.icmplim' => '0',
'net.inet.icmp.log_redirect' => '0',
"net.inet.tcp.delayed_ack" => "0",
"net.inet.udp.maxdgram" => "57344",
"net.inet.ip.intr_queue_maxlen" => "1000",
"net.inet.tcp.log_debug" => "0",
"net.inet.tcp.tso" => "1",
"net.inet.icmp.icmplim" => "0",
"net.inet.ip.process_options" => 0,
"net.inet.udp.checksum" => 1,
"net.link.bridge.pfil_bridge" => "0",
"net.link.bridge.pfil_local_phys" => "0",
"net.link.bridge.pfil_member" => "1",
"net.link.bridge.pfil_onlyip" => "0",
"net.link.tap.user_open" => "1",
"net.route.netisr_maxqlen" => 1024,
"net.inet.icmp.reply_from_interface" => 1,
"vfs.read_max" => "32",
'net.inet.ip.accept_sourceroute' => '0',
'net.inet.ip.intr_queue_maxlen' => '1000',
'net.inet.ip.portrange.first' => '1024',
'net.inet.ip.random_id' => '1',
'net.inet.ip.redirect' => '1',
'net.inet.ip.sourceroute' => '0',
'net.inet.tcp.blackhole' => '2',
'net.inet.tcp.delayed_ack' => '0',
'net.inet.tcp.drop_synfin' => '1',
'net.inet.tcp.log_debug' => '0',
'net.inet.tcp.recvspace' => '65228',
'net.inet.tcp.sendspace' => '65228',
'net.inet.tcp.syncookies' => '1',
'net.inet.tcp.tso' => '1',
'net.inet.udp.blackhole' => '1',
'net.inet.udp.checksum' => 1,
'net.inet.udp.maxdgram' => '57344',
'net.inet6.ip6.prefer_tempaddr' => '0',
'net.inet6.ip6.redirect' => '1',
'net.inet6.ip6.use_tempaddr' => '0',
'net.link.bridge.pfil_bridge' => '0',
'net.link.bridge.pfil_local_phys' => '0',
'net.link.bridge.pfil_member' => '1',
'net.link.bridge.pfil_onlyip' => '0',
'net.link.tap.user_open' => '1',
'vfs.read_max' => '32',
'vm.pmap.pti' => '1',
);
if (isset($sysctls[$id])) {