Disable Spectre mitigations to improve latency
Posted by Anonymous on Fri 5th Nov 2021 09:40
raw | new post
view followups (newest first): Disable Spectre mitigations to improve latency by Anonymous

# apt-get install intel-microcode
...

# cat /sys/devices/system/cpu/vulnerabilities/*
KVM: Mitigation: VMX disabled
Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
Mitigation: Clear CPU buffers; SMT disabled
Mitigation: PTI
Mitigation: Speculative Store Bypass disabled via prctl and seccomp
Mitigation: usercopy/swapgs barriers and __user pointer sanitization
Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling
Mitigation: Microcode
Not affected


# diff -u /etc/default/grub.original /etc/default/grub
--- /etc/default/grub.original  2021-11-05 10:22:24.093178208 +0100
+++ /etc/default/grub   2021-11-05 10:25:07.332995434 +0100
@@ -6,8 +6,8 @@
 GRUB_DEFAULT=0
 GRUB_TIMEOUT=5
 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
-GRUB_CMDLINE_LINUX_DEFAULT="quiet"
-GRUB_CMDLINE_LINUX=""
+GRUB_CMDLINE_LINUX_DEFAULT="quiet mitigations=off"
+GRUB_CMDLINE_LINUX="mitigations=off"

 # Uncomment to enable BadRAM filtering, modify to suit your needs
 # This works with Linux (no patch required) and with any kernel that obtains
# update-grub
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-5.10.0-8-rt-686-pae
Found initrd image: /boot/initrd.img-5.10.0-8-rt-686-pae
Found linux image: /boot/vmlinuz-5.10.0-8-686-pae
Found initrd image: /boot/initrd.img-5.10.0-8-686-pae
done

# reboot

# cat /sys/devices/system/cpu/vulnerabilities/*
KVM: Mitigation: VMX disabled
Mitigation: PTE Inversion; VMX: vulnerable, SMT disabled
Vulnerable; SMT disabled
Vulnerable
Vulnerable
Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
Vulnerable, IBPB: disabled, STIBP: disabled
Vulnerable
Not affected