From e1b303497e5fb7803d35edaaf387be5681c949be Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Sat, 17 Mar 2018 15:00:41 +0100 Subject: [PATCH] system: PTI/IBRS tunables; closes #2264 --- src/etc/config.xml.sample | 10 ++++++ src/etc/inc/system.inc | 74 +++++++++++++++++---------------------- 2 files changed, 43 insertions(+), 41 deletions(-) diff --git a/src/etc/config.xml.sample b/src/etc/config.xml.sample index 83d581ae8..4d56bd374 100644 --- a/src/etc/config.xml.sample +++ b/src/etc/config.xml.sample @@ -183,6 +183,16 @@ kern.ipc.maxsockbuf default + + + vm.pmap.pti + default + + + + hw.ibrs_disable + default + normal diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index b85041a8f..636d1b008 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -73,49 +73,41 @@ function system_powerd_configure($verbose = false) function get_default_sysctl_value($id) { $sysctls = array( - "debug.pfftpproxy" => "0", - "hw.syscons.kbd_reboot" => "0", - "kern.ipc.maxsockbuf" => "4262144", - "kern.randompid" => "347", - "kern.random.sys.harvest.interrupt" => 0, - "kern.random.sys.harvest.point_to_point" => 0, - "kern.random.sys.harvest.ethernet" => 0, - "kern.filedelay" => "5", - "kern.dirdelay" => "4", - "kern.metadelay" => "3", - "net.bpf.zerocopy_enable" => 1, - "net.inet.ip.portrange.first" => "1024", - "net.inet.tcp.blackhole" => "2", - "net.inet.udp.blackhole" => "1", - "net.inet.ip.random_id" => "1", - "net.inet.tcp.drop_synfin" => "1", - "net.inet.ip.redirect" => "1", - "net.inet6.ip6.redirect" => "1", - "net.inet6.ip6.use_tempaddr" => "0", - "net.inet6.ip6.prefer_tempaddr" => "0", - "net.inet.tcp.syncookies" => "1", - "net.inet.tcp.recvspace" => "65228", - "net.inet.tcp.sendspace" => "65228", - 'net.inet.ip.sourceroute' => '0', - 'net.inet.ip.accept_sourceroute' => '0', + 'debug.pfftpproxy' => '0', + 'hw.syscons.kbd_reboot' => '0', + 'hw.ibrs_disable' => '0', + 'kern.ipc.maxsockbuf' => '4262144', + 'kern.randompid' => '347', 'net.inet.icmp.drop_redirect' => '0', + 'net.inet.icmp.icmplim' => '0', 'net.inet.icmp.log_redirect' => '0', - "net.inet.tcp.delayed_ack" => "0", - "net.inet.udp.maxdgram" => "57344", - "net.inet.ip.intr_queue_maxlen" => "1000", - "net.inet.tcp.log_debug" => "0", - "net.inet.tcp.tso" => "1", - "net.inet.icmp.icmplim" => "0", - "net.inet.ip.process_options" => 0, - "net.inet.udp.checksum" => 1, - "net.link.bridge.pfil_bridge" => "0", - "net.link.bridge.pfil_local_phys" => "0", - "net.link.bridge.pfil_member" => "1", - "net.link.bridge.pfil_onlyip" => "0", - "net.link.tap.user_open" => "1", - "net.route.netisr_maxqlen" => 1024, - "net.inet.icmp.reply_from_interface" => 1, - "vfs.read_max" => "32", + 'net.inet.ip.accept_sourceroute' => '0', + 'net.inet.ip.intr_queue_maxlen' => '1000', + 'net.inet.ip.portrange.first' => '1024', + 'net.inet.ip.random_id' => '1', + 'net.inet.ip.redirect' => '1', + 'net.inet.ip.sourceroute' => '0', + 'net.inet.tcp.blackhole' => '2', + 'net.inet.tcp.delayed_ack' => '0', + 'net.inet.tcp.drop_synfin' => '1', + 'net.inet.tcp.log_debug' => '0', + 'net.inet.tcp.recvspace' => '65228', + 'net.inet.tcp.sendspace' => '65228', + 'net.inet.tcp.syncookies' => '1', + 'net.inet.tcp.tso' => '1', + 'net.inet.udp.blackhole' => '1', + 'net.inet.udp.checksum' => 1, + 'net.inet.udp.maxdgram' => '57344', + 'net.inet6.ip6.prefer_tempaddr' => '0', + 'net.inet6.ip6.redirect' => '1', + 'net.inet6.ip6.use_tempaddr' => '0', + 'net.link.bridge.pfil_bridge' => '0', + 'net.link.bridge.pfil_local_phys' => '0', + 'net.link.bridge.pfil_member' => '1', + 'net.link.bridge.pfil_onlyip' => '0', + 'net.link.tap.user_open' => '1', + 'vfs.read_max' => '32', + 'vm.pmap.pti' => '1', ); if (isset($sysctls[$id])) {