CPU performance - disable bug mitigations

Ralf Mardorf silver.bullet at zoho.com
Wed Nov 21 07:20:56 UTC 2018


On Tue, 20 Nov 2018 17:05:08 +0100, Goran wrote:
>How can I disable these mitigations without restart (without boot
>command line)?

You can't! You have to downgrade or remove the firmware and to reboot
to perhaps get rid of some of it. To get rid of most of it, you
likely need to downgrade the kernel.

I once tested this for an Intel machine with the microcode for Meltdown
and Spectre, for an Arch Linux install with the syslinux bootloader.

[rocketmouse at archlinux ~]$ grep -i security /boot/syslinux/syslinux.cfg 
LABEL Securityink
    MENU LABEL Arch Linux Rt ^Securityink
    LINUX ../vmlinuz-linux-rt-securityink
    INITRD ../intel-ucode.img,../initramfs-linux-rt-securityink.img
LABEL Securityink_no_micro
    MENU LABEL Arch Linux Rt Securityink no micro
    LINUX ../vmlinuz-linux-rt-securityink
    INITRD ../initramfs-linux-rt-securityink.img
LABEL Securityink_nopti
    MENU LABEL Arch Linux Rt Securityink nopt^i
    LINUX ../vmlinuz-linux-rt-securityink
    INITRD ../intel-ucode.img,../initramfs-linux-rt-securityink.img

I don't have got the results at hand, but even without loading the
microcode I didn't get rid of everything.

You are aware that for the later kernels you anyway might have changes
that could make a difference regarding performance? I've got in mind
that for older kernels disabling CONFIG_AUDIT could make a difference,
for newer kernels it gains nothing, see
https://lists.archlinux.org/pipermail/arch-general/2018-September/045580.html .
I guess its irrelevant for Ubuntu kernels that anyway always were
configured regarding security and not regarding performance, but it
could make a difference for local build Ubuntu kernels.




More information about the ubuntu-users mailing list