Page 1 of 1

Disabling Spectre and Meltdown mitigations (speculative execution)

Posted: Thu May 16, 2019 1:32 pm
by snake
Since the speculative execution CPU vulnerabilities have come about, all fixes and mitigations have come at a cost to CPU intensive applications such as Zoneminder. Basically, all PCs became slower in 2018. This is a significant loss for Zoneminder and we should document ways to disable these fixes, should users wish.

This thread can be a place to gather any options to disable the changes (since they can vary), so that the PCs can run at full speed.

Re: Disabling Spectre and Meltdown mitigations (speculative execution)

Posted: Thu May 16, 2019 1:39 pm
by snake
For starters, I'm going to link to
https://make-linux-fast-again.com
Which currently has:

Code: Select all

noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off
These are obviously some options you can pass to the Kernel (such as via bootloader / Grub: https://wiki.ubuntu.com/Kernel/KernelBootParameters). If you want to make kernel config file changes, you will need to investigate, as there doesn't seem to be a simple guide for this yet (see below). This is what I was referring to in the intro post. There are MULTIPLE changes you have to make. And the options are changed with every new vulnerability, so it's not as simple as one flag.

Perhaps the installation guides should touch upon this subject...

Regarding Kernel config options, One possible approach would be to run this script:
https://github.com/speed47/spectre-meltdown-checker
and review what you have been patched against. Then investigate the shell script. I looked briefly, and the script appears to have distinct functions for all CVE / vulnerabilities, so if you are patched for one, look at that function is the script. It includes a lookup for configs, so there are various kernel flags there such as CONFIG_RETPOLINE, CONFIG_PAGE_TABLE_ISOLATION, CONFIG_KAISER, CONFIG_HARDEN_BRANCH_PREDICTOR, etc.

If someone goes through this process it would be helpful to leave a list of what flags you changed.

5/17/19 - Post edited to include details searching for kernel flags

Re: Disabling Spectre and Meltdown mitigations (speculative execution)

Posted: Fri May 17, 2019 8:32 am
by zd59
snake wrote:
Thu May 16, 2019 1:39 pm
For starters, I'm going to link to
https://make-linux-fast-again.com
Which currently has:

Code: Select all

noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off
These are obviously some options you can pass to the Kernel (such as via Grub: https://wiki.ubuntu.com/Kernel/KernelBootParameters or a flag if you are compiling your kernel)
Playing and testing with Linux & ZM on Virtualbox. Slackware-current, updated today. Kernel is clean, unmodified from original source.
I'm currently compiling kernel-5.1.3 to check on Vbox.
Would you be so kind to write me a hint, which options in Kernel config should be set off regarding above you mention in a code. There are not a single option you mentioned above in a kernel .config file. It's only CONFIG_RESET_ATTACK_MITIGATION.

Re: Disabling Spectre and Meltdown mitigations (speculative execution)

Posted: Fri May 17, 2019 5:07 pm
by snake
zd59 wrote:
Fri May 17, 2019 8:32 am
Would you be so kind to write me a hint, which options in Kernel config should be set off regarding above you mention in a code.
Thanks for pointing that out. I've updated the post.

Re: Disabling Spectre and Meltdown mitigations (speculative execution)

Posted: Wed Jun 05, 2019 10:06 am
by Rakesh579
Thanks for such a great info!!!