A Global Switch To Kill Linux's CPU Spectre/Meltdown Workarounds?

Something I have seen asked in our forums and elsewhere -- most recently on the kernel mailing list -- is whether there is a single kernel option that can be used for disabling all of the Spectre/Meltdown workarounds and any other performance-hurting CPU vulnerability workarounds.

With many of the mitigation patches for these speculative execution vulnerabilities hitting many processors these days, there's often a measurable "performance tax" associated with them. Fortunately, for most of the mitigations they can be disabled at run-time via various options.

But unfortunately there isn't one global option for easily disabling all of these mitigations... This was recently asked on the LKML but unfortunately no commentary from the upstream kernel developers if they would accept and mainline such an option, "Disabling is a good option for strictly confined environments where no 3d party untrusted code is ever to be run, e.g. a rendering farm, a supercomputer, or even a home server which runs Samba/SSH server and nothing else." That individual was also hoping for a Kconfig switch to be able to build kernels easily that permanently disable (or don't include) the mitigated work.

For now the closest way to making an unmitigated kernel for not losing out on CPU performance would be booting the kernel with pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier. Of course, that's not recommended unless you really trust the code running on your system and the overall system security. Some fresh kernel mitigation benchmarks will be coming up soon on Phoronix.