CPU performance - disable bug mitigations

Ralf Mardorf silver.bullet at zoho.com
Wed Nov 21 09:06:03 UTC 2018

On Wed, 21 Nov 2018 08:09:20 +0000, Colin Watson wrote:
>On Wed, Nov 21, 2018 at 08:20:56AM +0100, Ralf Mardorf via
>ubuntu-users wrote:
>> On Tue, 20 Nov 2018 17:05:08 +0100, Goran wrote:  
>> >How can I disable these mitigations without restart (without boot
>> >command line)?  
>> You can't! You have to downgrade or remove the firmware and to reboot
>> to perhaps get rid of some of it. To get rid of most of it, you
>> likely need to downgrade the kernel.  
>Or you could just use the kernel parameters that control it.
>  pti=off spectre_v2=off spec_store_bypass_disable=off
>(This does require restarting, but is less invasive than downgrading
>the kernel.)


excepted of "pti=off"/"nopti" I wasn't aware about those kernel
parameters. However, "pti=off"/"nopti" isn't required for the OP's CPU,
since Meltdown is not affected see on Tue, 20 Nov 2018 17:05:08 +0100,
Goran wrote:
># grep . /sys/devices/system/cpu/vulnerabilities/*
>/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
>Speculative Store Bypass disabled via prctl and seccomp
>/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
>pointer sanitization
>/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full
>AMD retpoline, IBPB

I'm uncertain if

  "spectre_v2=off spec_store_bypass_disable=off"

does disable all mitigations, let alone that

  $ grep CONFIG_AUDIT= config-4.4.0-139-lowlatency 

for the 16.04 kernels is enabled and I don't know if they still provide
a "faster path" with mitigations disabled, while CONFIG_AUDIT is

Btw. I'm not booted into Ubuntu 16.04's 4.4.0-139-lowlatency now, but
into a newer Arch kernel and each upgrade to a new kernel could provide
more mitigations, currently I get

  $ uname -r; cat /sys/devices/system/cpu/vulnerabilities/*; pacman -Q linux-firmware intel-ucode; hwinfo --cpu | grep Model | sort -u
  Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
  Mitigation: PTI
  Mitigation: Speculative Store Bypass disabled via prctl and seccomp
  Mitigation: __user pointer sanitization
  Mitigation: Full generic retpoline, IBPB, IBRS_FW
  linux-firmware 20181026.1cb4e51-1
  intel-ucode 20180807.a-1
    Model: 6.60.3 "Intel(R) Celeron(R) CPU G1840 @ 2.80GHz"

IOW this likely could become a kernel parameter building lot with each
upgrade, for an Ubuntu machine with an AMD CPU, too.


  $ ls re*

wasn't provided by the default 16.04 install, AFAIR it was installed by
an upgrade.


More information about the ubuntu-users mailing list