Disable Spectre Mitigations In Linux Kernel

English

Disable Spectre mitigations in Linux Kernel.

Many server admins are feeling the pain of a 30% performance loss on their systems after applying the security patches for the different SPECTRE versions.

Disable Spectre mitigations in Linux Kernel.

However, the kernel developers have listened to their requests and since Kernel Version 15, introduced the possibility to disable the security patch or Spectre v2 vulnerability (CVE-2017-5715) with the "nospectre_v2" kernel command line parameter.

Likewise since then more have been added, as in Linux Kernel Version 4.17, administrators can disable all mitigations for Spectre v4 (CVE-2018-3639) with the "nospec_store_bypass_disable" command line parameter.

In a similar way, they added the possibility to disable mitigations for Spectre v1 (CVE-2017-5753) in the Linux Kernel Version 4.19, with the addition of the "nospectre_v1" parameter.

These three parameters were added despite the fact that the kernel already features the "spectre_v2" and "spec_store_bypass_disable" options months before. These parameters let system administrators control the complexity level of the Spectre-class mitigations, options which also included an "off" mode.

The kernel developers got many requests from system administrators who wanted a way to make sure that Spectre mitigations wouldn't kick in, at all, thus, the three new parameters were added in recent kernel releases.

The latest effort to have the mitigations turned off --and stay down-- is the addition of the PR_SPEC_DISABLE_NOEXEC control bit of the Linux kernel.

This bit will prevent child processes from starting in a state where the protections for Spectre v4 are still activated, despite being deactivated in the parent process.

Many system admins have chosen not to patch their systems, due to the drop in performance, stating that so far these SPECTRE threats have not yet been used in the wild and are so far only "theoretical".

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers

Coming soon...