CPU performance - disable bug mitigations

Ralf Mardorf silver.bullet at zoho.com
Wed Nov 21 10:02:26 UTC 2018


On Wed, 2018-11-21 at 10:38 +0100, Goran wrote:
> Hi Ralf, as far as I understand your mails, it won't be enough just to
> put disable-mitigations commands on the kernel command line. Is this a
> correct understanding?

Hi,

yesno. Perhaps it works, I just didn't know all those kernel parameters
before Colin mentioned them. However, assuming the kernel parameters
should do the job, you might need to add new kernel parameters to the
boot options after upgrading the kernel, linux-firmware or
amd64-microcode (intel-microcode for other CPUs).

> Further as far as I understand one kernel option (CONFIG_AUDIT=n) must
> be deactivated in the running kernel. Is this correct?

I don't know. Perhaps it's irrelevant, perhaps it makes a difference.

> You are aright, nopti is not needed for my CPU.

The CPU might not need page table isolation to increase security, but
perhaps you need to disable it. That the CPU doesn't need it, does not
necessarily mean that enabled page table isolation has got no impact
when using your AMD CPU. I don't know if it makes a difference if you
stay with page table isolation or if you disable it.

I also wonder how much the kernel code changes with each upgrade,
perhaps downgrading a kernel still makes a difference, even with all
mitigations disabled.

I'm very lazy with testing all those options. I tend to use my computer
for real-time audio usage with all mitigations enabled, with audit
enabled, latest kernel, firmware and microcode updates and assuming I
should run into a serious issues, I would consider to buy a faster CPU
for my machine, since I've got not enough knowledge about this domain
and trial and error tests are too time consuming, too annoying for my
taste.

Regards,
Ralf





More information about the ubuntu-users mailing list