Spectre/Meltdown Mitigations Can Now Be Toggled With Convenient "mitigations=" Option
Written by Michael Larabel in Linux Security on 6 May 2019 at 08:04 AM EDT. 29 Comments
LINUX SECURITY --
Beginning with the Linux 5.2 kernel, it will be easier to disable Spectre, Meltdown, and other CPU vulnerability mitigations if you prefer maximum performance out of your system instead.

Queued up for Linux 5.2 is the easier/more convenient switches for these CPU vulnerabilities, principally Spectre/Meltdown at this point.

Up to this point there hasn't been a global switch for toggling the Spectre/Meltdown/L1TF workarounds but that is what's finally materialized thanks to Red Hat's Josh Poimboeuf.

Beginning with Linux 5.2 (though potentially seeing back-ports to current stable series) is the new mitigations= kernel command-line switch.

The mitigations=off switch will disable all optional CPU mitigations in order to improve system performance but potentially putting the hardware at risk. This includes disabling Spectre, Meltdown, and L1TF where relevant for x86, POWER, and s390 architectures.

The default behavior is mitigations=auto for the default mitigations. Or the other option is booting with mitigations=auto,nosmt for the mitigations but disabling SMT / Hyper Threading as needed for having a fully mitigated system albeit slower performance due to losing out on those logical threads.

The mitigations=off is much easier to remember and set than the current Intel equivalent of nopti nospectre_v2 spectre_v2_user=off spec_store_bypass_disable=off l1tf=off. It's too bad (and surprising) that it took a year and a half after Spectre/Meltdown came to light for having such an easy global switch.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Linux Security News
Popular News This Week