Guys,
Maybe this is a silly question and already have been answered, but is it possible to turn off this feature from BIOS (and in Kernel) and be happy without all these regressions?

It's been covered in other articles but you can simply boot your kernel with: noretpoline kpti=off

Thanks for the new numbers! I would love to see some more numbers on old hardware with IBRS enabled, as it is by default in Redhat's kernels today. In my own tests, I've seen slowdowns by as much as 8x on a trivial fibonacci computation (6-instruction kernel), and about 2x on FFMPEG. Those are on an E5-2660 v3. I haven't seen any of those here yet, though I did find a couple on openbenchmarking.org. Any chance you'll do an article with that? I think the huge impact is very compelling.

This is why at my company private devices are prohibited and reason to get fired.

At least Raspberry Pi and Commodore 64 are not affected by M/S

Likely there are companies when even private underwear is also prohibited

I don't think smartalgorithm's question was indicative of a user making a bad security decision.

If smartalgorithm uses their PC only for gaming, then it could be an acceptable risk to turn off these vulnerability mitigation features in order to squeeze out a small amount of additional performance from the system.

If smartalgorithm uses a system to serve up static files over http, from what I've read about these vulnerabilities, there would be no risk to disabling these mitigation features. As I understand it, it is in instances where untrustworthy sources are able to run code on a system, that this untrustworthy user could exploit these vulnerabilities and gain access to memory which they should not have access to. So web browsers, rented virtual machines, shared web hosting with CGI are all potential targets. Private static-file serving web servers and many other privately controlled servers may be able to perfectly safely operate with these features disabled and not receive a performance hit.

I am open to correction if I'm wrong about my point above.

Who uses their PC for only gaming these days? This means you literally never use eg online banks, buy games online etc etc.

True, but sadly the SNES and original Apple Macintosh are affected by Spectre[source] and the Amstrad CPC is affected by Meltdown[source].

I do. I have a gaming PC that I use only for gaming. Doing this means that I can freely try, install & mod games without worrying much about getting robbed or data stolen. If I need to buy a game to use on my gaming PC, I do so securely from my main PC. I've been working this system for quite a while now and it's great. It's really relaxing not having to carefully consider security on my toy/gaming PC.

This setup I use also means I can keep my main system free of proprietary software (games, mods and drivers) which may contain naughty stuff.