CPU performance - disable bug mitigations
silver.bullet at zoho.com
Wed Nov 21 09:06:03 UTC 2018
On Wed, 21 Nov 2018 08:09:20 +0000, Colin Watson wrote:
>On Wed, Nov 21, 2018 at 08:20:56AM +0100, Ralf Mardorf via
>> On Tue, 20 Nov 2018 17:05:08 +0100, Goran wrote:
>> >How can I disable these mitigations without restart (without boot
>> >command line)?
>> You can't! You have to downgrade or remove the firmware and to reboot
>> to perhaps get rid of some of it. To get rid of most of it, you
>> likely need to downgrade the kernel.
>Or you could just use the kernel parameters that control it.
> pti=off spectre_v2=off spec_store_bypass_disable=off
>(This does require restarting, but is less invasive than downgrading
excepted of "pti=off"/"nopti" I wasn't aware about those kernel
parameters. However, "pti=off"/"nopti" isn't required for the OP's CPU,
since Meltdown is not affected see on Tue, 20 Nov 2018 17:05:08 +0100,
># grep . /sys/devices/system/cpu/vulnerabilities/*
>Speculative Store Bypass disabled via prctl and seccomp
>AMD retpoline, IBPB
I'm uncertain if
does disable all mitigations, let alone that
$ grep CONFIG_AUDIT= config-4.4.0-139-lowlatency
for the 16.04 kernels is enabled and I don't know if they still provide
a "faster path" with mitigations disabled, while CONFIG_AUDIT is
Btw. I'm not booted into Ubuntu 16.04's 4.4.0-139-lowlatency now, but
into a newer Arch kernel and each upgrade to a new kernel could provide
more mitigations, currently I get
$ uname -r; cat /sys/devices/system/cpu/vulnerabilities/*; pacman -Q linux-firmware intel-ucode; hwinfo --cpu | grep Model | sort -u
Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
Mitigation: Speculative Store Bypass disabled via prctl and seccomp
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline, IBPB, IBRS_FW
Model: 6.60.3 "Intel(R) Celeron(R) CPU G1840 @ 2.80GHz"
IOW this likely could become a kernel parameter building lot with each
upgrade, for an Ubuntu machine with an AMD CPU, too.
$ ls re*
wasn't provided by the default 16.04 install, AFAIR it was installed by
More information about the ubuntu-users