Is it possible to disable Spectre and Meltdown patches on later builds of CoreOS? At my company we are running an entirely internal Kubernetes computer cluster, and are looking to get the performance back.
On a normal linux system, you could boot with the kernel boot parameters:
pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier
But adding:
set linux_append="coreos.autologin=tty1 pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier"
To /usr/share/oem/grub.cfg doesn’t appear to have any effect.
I’m wondering if I have the configuration incorrect or if CoreOS just doesn’t allow changing this behavior.
If it helps, we’re running CoreOS version: "Container Linux by CoreOS 1967.6.0 (Rhyolite)"
Advertisement
Answer
So apparently the above config does in fact disable those patches. I was using /proc/cpuinfo to determine whether or not the patches were applied. A colleague ran a checker and they are disabled after adding the above config.
Go figure, don’t trust /proc/cpuinfo for spectre/meltdown on container linux.