CPU performance - disable bug mitigations
Ralf Mardorf
silver.bullet at zoho.com
Wed Nov 21 07:20:56 UTC 2018
On Tue, 20 Nov 2018 17:05:08 +0100, Goran wrote:
>How can I disable these mitigations without restart (without boot
>command line)?
You can't! You have to downgrade or remove the firmware and to reboot
to perhaps get rid of some of it. To get rid of most of it, you
likely need to downgrade the kernel.
I once tested this for an Intel machine with the microcode for Meltdown
and Spectre, for an Arch Linux install with the syslinux bootloader.
[rocketmouse at archlinux ~]$ grep -i security /boot/syslinux/syslinux.cfg
LABEL Securityink
MENU LABEL Arch Linux Rt ^Securityink
LINUX ../vmlinuz-linux-rt-securityink
INITRD ../intel-ucode.img,../initramfs-linux-rt-securityink.img
LABEL Securityink_no_micro
MENU LABEL Arch Linux Rt Securityink no micro
LINUX ../vmlinuz-linux-rt-securityink
INITRD ../initramfs-linux-rt-securityink.img
LABEL Securityink_nopti
MENU LABEL Arch Linux Rt Securityink nopt^i
LINUX ../vmlinuz-linux-rt-securityink
INITRD ../intel-ucode.img,../initramfs-linux-rt-securityink.img
I don't have got the results at hand, but even without loading the
microcode I didn't get rid of everything.
You are aware that for the later kernels you anyway might have changes
that could make a difference regarding performance? I've got in mind
that for older kernels disabling CONFIG_AUDIT could make a difference,
for newer kernels it gains nothing, see
https://lists.archlinux.org/pipermail/arch-general/2018-September/045580.html .
I guess its irrelevant for Ubuntu kernels that anyway always were
configured regarding security and not regarding performance, but it
could make a difference for local build Ubuntu kernels.
More information about the ubuntu-users
mailing list