https://unix.stackexchange.com/questions/554908/disable-spectre-and-meltdown-mitigations
A number of kernel boot parameters are available to disable or fine-tune hardware vulnerability mitigations:
- for Spectre v1 and v2:
nospectre_v1(x86, PowerPC),nospectre_v2(x86, PowerPC, S/390, ARM64),spectre_v2_user=off(x86) - for SSB:
spec_store_bypass_disable=off(x86, PowerPC),ssbd=force-off(ARM64) - for L1TF:
l1tf=off(x86) - for MDS:
mds=off(x86) - for TAA:
tsx_async_abort=off - for iTLB multihit:
nx_huge_pages=off - KPTI can be disabled with
nopti(x86, PowerPC) orkpti=0(ARM64) - TSX async abort:
tsx_async_abort=off(x86) - KVM NX huge pages:
kvm.nx_huge_pages=off(x86)
A meta-parameter, mitigations, was introduced in 5.2 and back-ported to 5.1.2, 5.0.16, and 4.19.43 (and perhaps others). It can be used to control all mitigations, on all architectures, as follows:
mitigations=offwill disable all optional CPU mitigations;mitigations=auto(the default setting) will mitigate all known CPU vulnerabilities, but leave SMT enabled (if it is already);mitigations=auto,nosmtwill mitigate all known CPU vulnerabilities and disable SMT if appropriate.
Some of these can be toggled at runtime; see the linked documentation for details.
部分参数:
noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx_async_abort=off
tsx_async_abort=off:对调度影响很大,unixbench的syscall和context1两个case
mitigations=off:总开关,关了后性能会有很大提升!
