LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-07-2020, 12:13 PM   #1
Boggle247
LQ Newbie
 
Registered: Sep 2018
Distribution: Ever changing
Posts: 15

Rep: Reputation: Disabled
How to disable Spectre and Meltdown mitigations in Ubuntu 18.04?


I am using AMD FX-6350 (Bulldozer chip). So is Meltdown (impacts Intel only) disabled by the kernel by default since I have an AMD chip?

My cpu is affected by Spectre. But I'd like to know how to disable the mitigations in the kernel. I've read that Linux might have implemented a different solution that would only affect performance of Intel skylake and later Is this the case?
 
Old 01-08-2020, 05:21 AM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,416

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
Mitigations for Meltdown and Spectre have been largely fixed by kernel patches and microcode revisions. All of these impose some speed penalty

When AMD revised their microcode, they certainly didn't patch for problems they hadn't got!

As regards the kernel, recompiling without Meltdown mitigations may offer some slight improvement, but you'd want to know your stuff to do it, as meltdown or spectre are not mentioned in the config. They probably get mentioned in the help.
 
Old 01-08-2020, 06:37 AM   #3
Boggle247
LQ Newbie
 
Registered: Sep 2018
Distribution: Ever changing
Posts: 15

Original Poster
Rep: Reputation: Disabled
Gotcha. Yeah I'm not savvy enough to recompile. I read somewhere that there will be an option in 5.2 kernel to simply type somewhere (idk where):

mitigations=off

And it will disable spectre mitigation (no meltdown for me since my cpu isn't affected by it)

Maybe I'll just hold off then. I was listening to destination Linux and spoke about testing system performance with and without mitigations enabled. Maybe I'll wait to hear about tests like that

Regarding security, these exploits haven't even been used and are all just theoretical at this point. Not saying they couldn't be used but depending on the performance gain, it might be a risk I'm willing to take

Last edited by Boggle247; 01-08-2020 at 06:39 AM.
 
Old 01-09-2020, 06:51 AM   #4
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,416

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
Realistically, most of these Spectre & Meltdown attack vectors were against large servers. Large servers would run various server programs in separate VMs. So if your mail server was compromised, for example, that VM normally limited your access to itself and your compromised mail server. As I understand it, what Meltdown & Spectre did was open a door between VMs, so memory used by one VM could be read by another VM, and possibly the host memory also. But that's no easy attack vector to exploit, unless you have insider knowledge. Let's say your attack yields 1G of ram from another VM. It could be system stuff, blank, or useless data. It might also be spot on, but even then, forensic techniques would be needed to make sense of it.

I'm sure state actors (NSA, GRU, etc.) have some exploits. But updated microcode could have shut the door on several existing exploits also. For home users with 0 or 1 VM running, the danger is near zero fromMeltdown & Spectre, even if the NSA is after you.
 
Old 01-09-2020, 06:57 AM   #5
Boggle247
LQ Newbie
 
Registered: Sep 2018
Distribution: Ever changing
Posts: 15

Original Poster
Rep: Reputation: Disabled
@business_kid

Do you know if it's true that in kernel 5.2 you can simply change a config somewhere to: mitigations=off to disable these? Well, spectre in particular bc my system shouldn't have meltdown mitigations enabled since I'm on amd.
 
Old 01-09-2020, 01:11 PM   #6
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,416

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
Quote:
Originally Posted by Boggle247 View Post
@business_kid

Do you know if it's true that in kernel 5.2 you can simply change a config somewhere to: mitigations=off to disable these? Well, spectre in particular bc my system shouldn't have meltdown mitigations enabled since I'm on amd.
I don't. I'm back on kernel 4.19.59. Kernel 5.4.x at least is out, so I presume it's 5.2 --> has that.

I think a more meaningful question is how much do they slow you and does it matter. That might be a better thing to research. They could have a sharp impact somewhere particular but if (like me) you don't mind the slowdown, they don't matter.
 
Old 01-11-2020, 05:10 AM   #7
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 18,405
Blog Entries: 12

Rep: Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623
Quote:
Originally Posted by Boggle247 View Post
Do you know if it's true that in kernel 5.2 you can simply change a config somewhere to: mitigations=off to disable these? Well, spectre in particular bc my system shouldn't have meltdown mitigations enabled since I'm on amd.
How about researching that yourself?
...turns out there is:
https://www.kernel.org/doc/Documenta...parameters.txt
 
Old 01-11-2020, 10:12 PM   #8
WFV
Member
 
Registered: Apr 2012
Location: somehow, somewhere
Distribution: Arch
Posts: 196

Rep: Reputation: Disabled
Quote:
So is Meltdown (impacts Intel only) disabled by the kernel by default since I have an AMD chip?
Code:
journalctl -b | grep Melt
or melt, with AMD CPU it should turn up nothing.

EDIT: I have no experience with Intel CPU, thanks for corrections ondoho #9 and boughtonp #10

Last edited by WFV; 01-12-2020 at 03:54 PM. Reason: mistaken information
 
Old 01-12-2020, 03:49 AM   #9
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 18,405
Blog Entries: 12

Rep: Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623Reputation: 5623
Quote:
Originally Posted by WFV View Post
Code:
journalctl -b | grep Melt
or melt, with AMD CPU it should turn up nothing.
Doesn't return anything on my all-intel machine.
 
1 members found this post helpful.
Old 01-12-2020, 12:53 PM   #10
boughtonp
Senior Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 1,896

Rep: Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559Reputation: 1559
Quote:
Originally Posted by ondoho View Post
Doesn't return anything on my all-intel machine.
Likewise.

This command only gives Spectre-related output:
Code:
sudo journalctl -b | egrep -i 'meltdown|spectre'
However this one shows mitigations in place for both Meltdown and Spectre:
Code:
grep . /sys/devices/system/cpu/vulnerabilities/* | egrep -i 'meltdown|spectre'
 
1 members found this post helpful.
  


Reply

Tags
amd, meltdown, spectre


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: NetBSD 8.0 Released with Spectre V2/V4, Meltdown, and Lazy FPU Mitigations LXer Syndicated Linux News 0 07-21-2018 09:47 PM
LXer: Spectre and Meltdown Mitigations Now Available for FreeBSD and OpenBSD Systems LXer Syndicated Linux News 0 02-23-2018 09:56 PM
LXer: Chrome 64 Released With Stronger Pop-up Blocker, Spectre Mitigations And Other Security Fixes LXer Syndicated Linux News 0 01-26-2018 06:42 AM
[SOLVED] Spectre/Meltdown mitigations in kernel 4.4.111 drgibbon Slackware 3 01-18-2018 06:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration