I've recently bought a J4125 based X86 router. I've added mitigations=off line to the /boot/grub/grub.cfg kernel line but when I check cat /sys/module/i915/parameters/mitigations it says auto. How can I make sure that the mitigations are off?
Thank you
What is the output of grep . /sys/devices/system/cpu/vulnerabilities/* ?
cat /sys/module/i915/parameters/mitigations may not be the correct way to check, as that is related to the Intel graphics driver.
Here is for a x86_64 device without mitigations=off:
# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data:Not affected
/sys/devices/system/cpu/vulnerabilities/retbleed:Mitigation: untrained return thunk; SMT disabled
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Retpolines, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
Slightly O/T, which particular CPU do you have and what are the benchmarked benefits from turning off mitigations?
root@OpenWrt:~# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data:Not affected
/sys/devices/system/cpu/vulnerabilities/retbleed:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable, IBPB: disabled, STIBP: disabled, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
This is what I get both with mitigations=off and without.
It's Celeron J4125 and this is what I'm trying to figure out. If I can manage to turn off mitigations I'll let you know of my benchmarks.
Interesting.... I get almost the same results on mine, Zotac CI327, N3450. No attempt to turn off any mitigations.
But, in the kernel log, I do see this:
[ 1.411917] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[ 1.421913] Spectre V2 : Mitigation: Retpolines
[ 1.426470] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[ 1.431910] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
[ 1.441910] Spectre V2 : Enabling Restricted Speculation for firmware calls
[ 1.448889] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
[ 1.451911] Speculative Store Bypass: Vulnerable
There is some of this in the current BIOS revision, not sure if I loaded the intel-microcode update this time, or if it would add any new ones on my processor. Edit: No, I don't, new one is not installed. Not convenient to try it now, think it has to have a reboot to go into effect. Perhaps later.
Edit: It's late... I see that it's saying that I DO have the Spectre stuff on... rather than not... sorry.
Looking forward to the benchmarks as well... I have no idea how to disable it though.