Hi,
I'll rewrite my bootloader config soon. Today I discovered that for current kernel releases only 'mitigations=off' is needed to disable mitigations.
Since I don't need audit, I started to build my kernels with audit not set again.
What is the content of your files in /sys/devices/system/cpu/vulnerabilities/ with and without mitigations disabled?
For my machine it's probably not worth the hassle, so I'm not in a hurry to rewrite the bootloader config. For one entry I tested turning off mitigations, but I did not check, if it makes a difference related to audio performance.
Code: Select all
[rocketmouse@archlinux ~]$ uname -rm
5.2.19-rt11-1.0 x86_64
[rocketmouse@archlinux ~]$ zgrep -eAPPARMOR -eAUDIT\ /proc/config.gz
# CONFIG_AUDIT is not set
# CONFIG_SECURITY_APPARMOR is not set
[rocketmouse@archlinux ~]$ grep https /boot/syslinux/syslinux.cfg
# https://linuxreviews.org/HOWTO_make_Linux_run_blazing_fast_(again)_on_Intel_CPUs
[rocketmouse@archlinux ~]$ grep -A3 i^ /boot/syslinux/syslinux.cfg
MENU LABEL Arch Linux Rt mitigati^ons=off
LINUX ../vmlinuz-linux-rt
APPEND root=LABEL=s3.archlinux ro mitigations=off
INITRD ../intel-ucode.img,../initramfs-linux-rt.img
[rocketmouse@archlinux ~]$ grep . /sys/devices/system/cpu/vulnerabilities/* | cut -d/ -f7
l1tf:Mitigation: PTE Inversion; VMX: vulnerable, SMT disabled
mds:Vulnerable; SMT disabled
meltdown:Vulnerable
spec_store_bypass:Vulnerable
spectre_v1:Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
spectre_v2:Vulnerable, IBPB: disabled, STIBP: disabled
[rocketmouse@archlinux ~]$ sudo shutdown -r now
[sudo] password for rocketmouse:
[rocketmouse@archlinux ~]$ uname -rm
5.2.19-rt11-1.0 x86_64
[rocketmouse@archlinux ~]$ grep -A3 \ ^Rt /boot/syslinux/syslinux.cfg
MENU LABEL Arch Linux ^Rt
LINUX ../vmlinuz-linux-rt
APPEND root=LABEL=s3.archlinux ro
INITRD ../intel-ucode.img,../initramfs-linux-rt.img
[rocketmouse@archlinux ~]$ grep . /sys/devices/system/cpu/vulnerabilities/* | cut -d/ -f7
l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
mds:Mitigation: Clear CPU buffers; SMT disabled
meltdown:Mitigation: PTI
spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
spectre_v1:Mitigation: usercopy
spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling
Regards,
Ralf