In the last few years, a family of new security vulnerabilities was discovered affecting many CPUs made by all major CPU makers. Sadly, patching these vulnerabilities had the side effect of a huge performance impact that can reach up to a ~%25 decrease in some workloads.
New CPUs (mostly the ones released after 2020) often do not suffer from such vulnerabilities nor from the highly performance-impacting patches to fix them. However, for a lot of older CPUs, your Linux system performance may be taking a considerable performance penalty to remain secure from such vulnerability exploits.
Turning Off CPU Mitigations on Linux for Performance
These CPU mitigations are enabled by default on all Linux distributions, and for a good reason: Without them, any hijacked software component on your OS can be used to escalate privileges or access protected areas of your computer memory and retrieve sensitive information.
Should You Disable CPU Mitigations?
It depends on the CPU you are using, the possible performance gains, and your threat factors.
In such cases, you should not bother with turning off CPU mitigations at all.
However, for older CPUs such as those based on AMD Zen 1 and Zen 2 architectures, or Intel CPUs earlier than the 9th generation, the impact can reach up to 25% in some cases:
If you own such a CPU in your computer, then perhaps it can be worth it, depending on your possible threat factors.
If you are an advanced Linux user who knows how to harden his/her OS, always uses software from trusted channels, deals with few to no external 3rd-party possible exploitable files, and has a good awareness of the security aspects of your Linux system, then you may go for it.
However, if you just happen to stumble upon this article from search engines or social media, and don’t really understand what possible threats you are enabling on your system by turning off CPU mitigations, then absolutely do not follow this guide.
Basically, this guide is for desperate people who are stuck with using an older CPU that is taking a huge impact from CPU mitigations while mostly doing their computing tasks in a safe and isolated matter. While nothing is perfectly safe, and these CPU mitigations can even be triggered via web browser vulnerabilities, the final choice is always up to you.
Proceed at your own guarantee.
How to Disable CPU Mitigations on Linux
In general, the way to disable CPU mitigations on Linux is by adding the mitigations=off parameter into your GRUB parameters so that the kernel no longer loads these patches.
For Debian-based and Ubuntu-based distributions, you will need to edit the /etc/grub/default file and append that parameter into your kernel boot options like the following picture (at the end of the GRUB_CMDLINUX_LINUX_DEFAULT line):
Save the file, exit, and reboot for changes to take effect.
For Fedora-based distributions, you can run the following command to disable them:
For other Linux distributions, just find the location of your GRUB configuration file and edit the boot parameters as we explained earlier.
It is also possible to disable some specific CPU mitigations if you like; instead of disabling all of them, you may test your CPU to see which ones affect its performance the most and disable those only. The full documentation on what parameters to use instead of mitigations=offare available on the kernel website and are given in a special page for each possible hardware vulnerability.
Check if CPU Mitigations are Turned off
The following command can be used to check whether CPU mitigations are turned on or off on your Linux system:
grep . /sys/devices/system/cpu/vulnerabilities/*
Before turning them off, the output of the previous command would look like the following:
After turning them off, it would look like this:
Notice how for some vulnerabilities, the output went from “Mitigation” to “Vulnerable”, indicating that our system is now vulnerable to the corresponding exploit and that the mitigations=off option is working.
Yay, our system is now hackable! 😀
You can now go and get that extra 10-20 FPS you really want in your games.
Conclusion
It is a tradeoff between security and performance gain. If you are using a modern CPU then by no means you should do this, as you don’t need it all. If you are using an older CPU (e.g. released before 2020), then even in that case you should be taking extra measures and care to not get your system hijacked when you turn off such vulnerability mitigations. If you don’t need the performance gain, then don’t do it.
So far, there aren’t reports of such exploits being exploited out in the wild on the Internet via JavaScript engines in web browsers. However, it is still theoretically possible, and you should be cautious about what websites you visit.
Remember that with great power comes great responsibility!
With a B.Sc and M.Sc in Computer Science & Engineering, Hanny brings more than a decade of experience with Linux and open-source software. He has developed Linux distributions, desktop programs, web applications and much more. All of which attracted tens of thousands of users over many years. He additionally maintains other open-source related platforms to promote it in his local communities.
Enter your email address to subscribe to our newsletter. We only send you an email when we have a couple of new posts or some important updates to share.
M.Hanny Sabbagh on 5 Honest Reasons To Avoid Switching to Linux: “Hi there, It seems that your printer vendor has a special driver available for Linux. Have you tried downloading that…” May 4, 11:27
M.Hanny Sabbagh on Revive that Old Computer with antiX Linux: “Yes, that’s the definition of “not being able to close the window”. Your average user does not know xkill, nor…” Apr 26, 20:34
Kairuku Waitaki on Revive that Old Computer with antiX Linux: “A minor comment: In the first part of your Critical Points, you mention not being able to close a window…” Apr 26, 18:22
RetiredIT on Fix Boot Problems on Ubuntu with “Boot Repair”: “Unfortunately, Boot Repair doesn’t always work, especially when installing multiple distros of different derivatives on the same disk. Another one…” Apr 5, 18:47
Open Source Directory
This table shows what open source alternatives exist in each software category. Useful to replace your proprietary solutions with other open source ones.
Remove all the ads you are seeing (including this one!).
Get an OPML file containing +70 RSS feeds for various FOSS-related websites and blogs, so that you can import it into your favorite RSS reader and stay updated about the FOSS world!
Stay Updated About EverythingJoin the Discussions of Power Users
Sign up in our modern forum to discuss various issues and see a lot of insightful, entertaining and informational content about Linux and open source software! Your content is yours and you can take it with you wherever you go.
on Install Firefox as a DEB Package on Ubuntu instead of Snap: “Yes, Snap applications are isolated in containers so they don’t get theme’ed like other system (DEB) apps.” May 4, 17:26
on Install Firefox as a DEB Package on Ubuntu instead of Snap: “Thank you. All steps worked fine. I wondered if my icon theme is not applied on Firefox (snap one). Now,…” May 4, 16:17
on 5 Honest Reasons To Avoid Switching to Linux: “I use linux, because I like to work on command line. But it is a nightmare when using linux desktop.…” May 4, 06:51
on Revive that Old Computer with antiX Linux: “A minor comment: In the first part of your Critical Points, you mention not being able to close a window…” Apr 26, 18:22
on Fix Boot Problems on Ubuntu with “Boot Repair”: “Unfortunately, Boot Repair doesn’t always work, especially when installing multiple distros of different derivatives on the same disk. Another one…” Apr 5, 18:47
