Disable Spectre Meltdown Mitigations

elvisimprsntr

New Member
Mar 14, 2022
2
7
3
Florida
BACKGROUND

I'm running a homelab. I wanted to test the performance hit of all the mitigations including SMT, but the method I found does not seem to be working

QUESTION

What is the correct method?

VERSION

PVE 7.2-7
5.15.39-1-pve

METHOD USED

1. nano /etc/default/grub to GRUB_CMDLINE_LINUX_DEFAULT="quiet mitigations=off"
2. update-grub
3. Confirmed kernel option mitigations=off in /etc/grub/grub.cfg
Code:
linux   /ROOT/pve-1@/boot/vmlinuz-5.15.39-1-pve root=ZFS=rpool/ROOT/pve-1 ro  root=ZFS=rpool/ROOT/pve-1 boot=zfs quiet mitigations=off
4. reboot
5. lscpu still shows mitigations active.
Code:
Model name:                      Intel(R) Celeron(R) CPU  N3150  @ 1.60GHz

Vulnerability Itlb multihit:     Not affected
Vulnerability L1tf:              Not affected
Vulnerability Mds:               Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
Vulnerability Meltdown:          Mitigation; PTI
Vulnerability Mmio stale data:   Not affected
Vulnerability Spec store bypass: Not affected
Vulnerability Spectre v1:        Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2:        Mitigation; Retpolines, STIBP disabled, RSB filling
Vulnerability Srbds:             Not affected
Vulnerability Tsx async abort:   Not affected
6. Checked vulnerabilities
Code:
for f in /sys/devices/system/cpu/vulnerabilities/*; do echo "${f##*/} -" $(cat "$f"); done
itlb_multihit - Not affected
l1tf - Not affected
mds - Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
meltdown - Mitigation: PTI
mmio_stale_data - Not affected
spec_store_bypass - Not affected
spectre_v1 - Mitigation: usercopy/swapgs barriers and __user pointer sanitization
spectre_v2 - Mitigation: Retpolines, STIBP: disabled, RSB filling
srbds - Not affected
tsx_async_abort - Not affected
 
Last edited:
Thanks

For the record

1. nano /etc/kernel/cmdfile -> root=ZFS=rpool/ROOT/pve-1 boot=zfs mitigations=off
2. proxmox-boot-tool refresh
3. reboot
4. lscpu

Code:
Vulnerability Itlb multihit:     Not affected
Vulnerability L1tf:              Not affected
Vulnerability Mds:               Vulnerable; SMT vulnerable
Vulnerability Meltdown:          Vulnerable
Vulnerability Mmio stale data:   Not affected
Vulnerability Spec store bypass: Not affected
Vulnerability Spectre v1:        Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
Vulnerability Spectre v2:        Vulnerable, STIBP: disabled
Vulnerability Srbds:             Not affected
Vulnerability Tsx async abort:   Not affected
 
Thanks

For the record

1. nano /etc/kernel/cmdfile -> root=ZFS=rpool/ROOT/pve-1 boot=zfs mitigations=off
2. proxmox-boot-tool refresh
3. reboot
4. lscpu

Code:
Vulnerability Itlb multihit:     Not affected
Vulnerability L1tf:              Not affected
Vulnerability Mds:               Vulnerable; SMT vulnerable
Vulnerability Meltdown:          Vulnerable
Vulnerability Mmio stale data:   Not affected
Vulnerability Spec store bypass: Not affected
Vulnerability Spectre v1:        Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
Vulnerability Spectre v2:        Vulnerable, STIBP: disabled
Vulnerability Srbds:             Not affected
Vulnerability Tsx async abort:   Not affected
thanx! This works!
 
Thanks

For the record

1. nano /etc/kernel/cmdfile -> root=ZFS=rpool/ROOT/pve-1 boot=zfs mitigations=off
2. proxmox-boot-tool refresh
3. reboot
4. lscpu

Code:
Vulnerability Itlb multihit:     Not affected
Vulnerability L1tf:              Not affected
Vulnerability Mds:               Vulnerable; SMT vulnerable
Vulnerability Meltdown:          Vulnerable
Vulnerability Mmio stale data:   Not affected
Vulnerability Spec store bypass: Not affected
Vulnerability Spectre v1:        Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
Vulnerability Spectre v2:        Vulnerable, STIBP: disabled
Vulnerability Srbds:             Not affected
Vulnerability Tsx async abort:   Not affected

I had to use a slightly different command for this to work under Proxmox 7.3-4 (as per https://pve.proxmox.com/wiki/Host_Bootloader#sysboot_edit_kernel_cmdline for Systemd-boot)

1. nano /etc/kernel/cmdline -> root=ZFS=rpool/ROOT/pve-1 boot=zfs mitigations=off
-- a. alternative to nano command
---- echo root=ZFS=rpool/ROOT/pve-1 boot=zfs mitigations=off > /etc/kernel/cmdline
2. proxmox-boot-tool refresh
3. reboot
4. lscpu
 
Last edited:
  • Like
Reactions: unique_parrot
I just installed the proxmox last night and update the kernel to 6.1 and enable Debian backports sources.
The above method didn't work for me. I got to mount the EFI partition
went to
/loader/entries/proxmox-XXXX-pve.conf
put the mitigations=off at the end
 
  • Like
Reactions: maatsche

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!