How to disable page table isolation on Debian

After meltdown, spectre and other similar bugs were discoreved and patched the overall performance on Linux decreased. Here a detailed benchmark about the impact of these fixes on Redis performance. Something between 15% and 6% slower than the same machine without the fixes.

Check your linux

To check if the fixes are enabled run the command bellow:

grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "enabled" || echo "disabled"
grep -q "cpu_insecure\|cpu_meltdown\|kaiser" /proc/cpuinfo && echo "enabled" || echo "disabled"
sudo dmesg | grep -q "Kernel/User page tables isolation: enabled" && echo "enabled" || echo "disabled"

You can also check your system using this exploit. If your system is vulnerable and has no fixes enabled, the output will be:

taskset -c 1 ./exploit

[+] Testing for Spectre
[+] Dumping memory from 0xffffffffffdfeea8 to 0xffffffffffdfeec2
[+] Dumped bytes match the expected value
[+] System vulnerable to spectre

Test before applying

Before testing the fixes permanently you should test them, reboot your system and edit your grub configuration by pressing E and add these parameters to your kernel.

spectre_v2=off pti=off kpti=off

Applying the fix

To apply these configurations permanently edit your /etc/default/grub file and append the parameters above to the GRUB_CMDLINE_LINUX_DEFAULT line. After that just update your grub configuration with sudo update-grub.


It is not a good idea to disable these protections on your servers, not even on your desktop. Remember that this bug can be exploited even via Firefox. But sometimes you need some extra performance and are willing to accept the risk.


## STRM ##

A pro-freedom hacktivist thinktank.