The recent CPU flaw caused quite a mess. Most recent linux kernels have the problems patched, but what if I am willing to trade security for performance? I’ll need to compile my own kernel and here is how to do that on Ubuntu 17.

First, we need to make oldconfig. Basically copy the kernel compile config from Ubuntu and decide whether new features should be enabled

Here I disabled the first feature related to spectre and meltdown

Next, in menuconfig, disable another feature which was already enabled in 4.13.0-32

If like me you have no plan to debug kernel issues, disable the kernel debug package which can save a lot of time. Disable it from Kernel hacking > Compile-time checks…

Probably all the staging drivers can be skipped too. Uncheck them from Device Driver > Staging…

Disabling debug and staging drivers reduce the compilation time by almost 50%. On my machine, that is about 30 minutes.

We are now ready to compile the kernel and create deb packages.

The above will provide deb packages in the parent directory. It takes about 50 minutes for all of the above on a c5.2xlarge. $0.34 plus storage and network transfer price. Kernel compilation is no longer an excuse to upgrade to faster CPUs!

I installed the Performance Over Security (pos) kernel on my desktop. The performance gain is noticeable. Do it at your own risk though.

Update

It may be possible to turn off these CPU fixes without compiling your own kernel. Add the followings to kernel boot parameters. Reference https://www.linux.com/blog/intro-to-linux/2018/1/linux-kernel-415-unusual-release-cycle

The new kernel comes with an interesting sysfs entry:

Leave a Comment