By default, most Linux distributions will now enable kernel level mitigations for CPU bugs such as the infamous meltdown and spectre. These mitigations are extremely important for the use of running untrusted code (e.g. cloud VMs), but are less relevant for personal computers, who generally control what is being executed.
The mitigations will impact performance, especially for workloads that incur context switching. In particular, developers are highly impacted, since our build tools are all reading and writing files to/from disk, for tasks from compilation to code auto-completion. There is room for noticeable performance improvement by disabling mitigations.
Beware of the implications, and disable mitigations at your own risk.
step 1)
edit the /etc/default/grub file to include the mitigations=off linux boot parameter.
$ cat /etc/default/grub | grep GRUB_CMDLINE_LINUX_DEFAULT
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash mitigations=off"
step 2)
apply the changes to grub by running update grub
$ sudo update-grub
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.4.0-31-generic
Found initrd image: /boot/initrd.img-5.4.0-31-generic
Found linux image: /boot/vmlinuz-5.4.0-26-generic
Found initrd image: /boot/initrd.img-5.4.0-26-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
step 3)
reboot to pickup the changes
$ sudo reboot
step 4)
a quick lscpu will show mitigations are no longer enabled
➜ lscpu | grep Vulnerable
Vulnerability Spec rstack overflow: Vulnerable
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1: Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
Vulnerability Spectre v2: Vulnerable; IBPB: disabled; STIBP: disabled; PBRSB-eIBRS: Not affected; BHI: Not affected
Vulnerability Tsa: Vulnerable
Vulnerability Vmscape: Vulnerable