CPU performance - disable bug mitigations
Ralf Mardorf
silver.bullet at zoho.com
Wed Nov 21 09:06:03 UTC 2018
On Wed, 21 Nov 2018 08:09:20 +0000, Colin Watson wrote:
>On Wed, Nov 21, 2018 at 08:20:56AM +0100, Ralf Mardorf via
>ubuntu-users wrote:
>> On Tue, 20 Nov 2018 17:05:08 +0100, Goran wrote:
>> >How can I disable these mitigations without restart (without boot
>> >command line)?
>>
>> You can't! You have to downgrade or remove the firmware and to reboot
>> to perhaps get rid of some of it. To get rid of most of it, you
>> likely need to downgrade the kernel.
>
>Or you could just use the kernel parameters that control it.
>
> pti=off spectre_v2=off spec_store_bypass_disable=off
>
>(This does require restarting, but is less invasive than downgrading
>the kernel.)
Hi,
excepted of "pti=off"/"nopti" I wasn't aware about those kernel
parameters. However, "pti=off"/"nopti" isn't required for the OP's CPU,
since Meltdown is not affected see on Tue, 20 Nov 2018 17:05:08 +0100,
Goran wrote:
># grep . /sys/devices/system/cpu/vulnerabilities/*
>/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
>/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation:
>Speculative Store Bypass disabled via prctl and seccomp
>/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
>pointer sanitization
>/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full
>AMD retpoline, IBPB
I'm uncertain if
"spectre_v2=off spec_store_bypass_disable=off"
does disable all mitigations, let alone that
$ grep CONFIG_AUDIT= config-4.4.0-139-lowlatency
CONFIG_AUDIT=y
for the 16.04 kernels is enabled and I don't know if they still provide
a "faster path" with mitigations disabled, while CONFIG_AUDIT is
enabled.
Btw. I'm not booted into Ubuntu 16.04's 4.4.0-139-lowlatency now, but
into a newer Arch kernel and each upgrade to a new kernel could provide
more mitigations, currently I get
$ uname -r; cat /sys/devices/system/cpu/vulnerabilities/*; pacman -Q linux-firmware intel-ucode; hwinfo --cpu | grep Model | sort -u
4.19.1-rt3-0-rt
Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
Mitigation: PTI
Mitigation: Speculative Store Bypass disabled via prctl and seccomp
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline, IBPB, IBRS_FW
linux-firmware 20181026.1cb4e51-1
intel-ucode 20180807.a-1
Model: 6.60.3 "Intel(R) Celeron(R) CPU G1840 @ 2.80GHz"
IOW this likely could become a kernel parameter building lot with each
upgrade, for an Ubuntu machine with an AMD CPU, too.
IIRC
$ ls re*
retpoline-4.4.0-139-lowlatency
wasn't provided by the default 16.04 install, AFAIR it was installed by
an upgrade.
Regards,
Ralf
More information about the ubuntu-users
mailing list