The Meltdown and Spectre vulnerabilities involve a performance-security tradeoff.  The following describes the relevant tunables offered for selectively disabling mitigations in contexts where the tradeoffs have been evaluated and justified.

'''IMPORTANT:''' Vulnerability mitigations should only be disabled in carefully controlled environments where all of the code being executed is known and trusted. Disabling any of these mitigations in situations where untrusted code can be executed is '''not''' recommended.

== CVE-2017-5754 (aka Meltdown) ==

|| Arch || Description || Kernel Parameter || Options || Ubuntu default ||
|| amd64 || Control Kernel Page Table Isolation || pti=[on|off|auto] || on  - unconditionally enable mitigations<<BR>><<BR>>off - unconditionally disable mitigations<<BR>><<BR>>auto - kernel detects whether your CPU model is vulnerable and enables mitigations if needed || pti=auto ||
|| amd64 || Disable Kernel Page Table Isolation || nopti || Equivalent to pti=off || ||
|| arm64 || Control Kernel Page Table Isolation || kpti=[on|off] || on  - unconditionally enable mitigations<<BR>><<BR>>off - unconditionally disable mitigations<<BR>><<BR>>(unspecified) - kernel detects whether your CPU model is vulnerable and enables mitigations if needed || (unspecified) ||
|| ppc64el || Disable mitigations by ignoring L1-D cache flushing on exit from kernel to user mode on powerpc processors || no_rfi_flush ||  || ||
|| ppc64el || On powerpc, nopti is just an alias to no_rfi_flush. || nopti ||  || ||
|| amd64 || Disable the PCID cpu feature. || nopcid || || PCID is enabled if CPU supports it. ||

== CVE-2017-5715 (aka Spectre / Variant 2) ==

|| Arch || Description || Kernel Parameter || Options || Ubuntu default ||
|| amd64 || Disable indirect branch restricted speculation (IBRS) and/or indirect branch prediction barrier (IBPB) feature when running in secure environment, to avoid performance overhead (system may allow data leaks with this option) || noibrs<<BR>><<BR>>noibpb || At run time:<<BR>><<BR>>echo 0 > /proc/sys/kernel/ibrs_enabled will turn off IBRS<<BR>><<BR>>echo 1 > /proc/sys/kernel/ibrs_enabled will turn on IBRS in kernel<<BR>><<BR>>echo 2 > /proc/sys/kernel/ibrs_enabled will turn on IBRS in both userspace and kernel || By default, the system will enable ibrs and ibpb usage if the CPU supports it||
|| amd64 || Mitigation selection || spectre_v2=[on|off|auto|retpoline|retpoline,generic|retpoline,amd] || on - unconditionally enable <<BR>><<BR>>off - unconditionally disable<<BR>><<BR>>auto - kernel detects whether your CPU model is vulnerable<<BR>><<BR>>Selecting 'on' will, and 'auto' may, choose a mitigation method at run time according to the CPU, the available microcode, the setting of the CONFIG_RETPOLINE configuration option, and the compiler with which the kernel was built.<<BR>><<BR>>Specific mitigations can also be selected manually:<<BR>><<BR>>retpoline - replace indirect branches<<BR>><<BR>>retpoline,generic - google's original retpoline<<BR>><<BR>>retpoline,amd - AMD-specific minimal thunk<<BR>><<BR>>Not specifying this option is equivalent to spectre_v2=auto. || spectre_v2=auto ||
|| amd64 || Disable all mitigations (system may allow data leaks with this option) || nospectre_v2 || Equivalent to spectre_v2=off || ||
|| s390x || Run the kernel with a modified branch predictor || nobp=[0|1] || With nobp=1, the kernel will switch to a modified branch prediction mode if the firmware interface is available.<<BR>><<BR>>With nobp=0, the kernel will run in the normal branch prediction mode. || nobp=1 ||
|| s390x || Run the kernel in the normal branch prediction mode || nospec || Equivalent to nobp=0 || ||
|| s390x || Disable no-spec barriers || nogmb || || ||

== CVE-2018-3639 (aka Variant 4) ==
<<Anchor(CVE-2018-3639)>>
|| Arch || Description || Kernel Parameter || Options || Ubuntu default ||
|| amd64 || Fine grained mitigations || spec_store_bypass_disable=[prctl|seccomp] || prctl - mitigations disable by default with opt-in enablement available via prctl()<<BR>><<BR>>seccomp - same as "prctl" plus all applications with a seccomp filter are implicitly opted-in to mitigations || ||
|| amd64<<BR>>ppc64el || Global mitigations || spec_store_bypass_disable=[on|off|auto] || on - unconditionally enable mitigations<<BR>><<BR>>off - unconditionally disable mitigations<<BR>><<BR>>auto - On x86, same as "seccomp" above. On ppc64el, the kernel and virtual machines are protected. || auto ||
|| amd64<<BR>>ppc64el || Disable all mitigations (system may allow data leaks with this option) || nospec_store_bypass_disable || Equivalent to spec_store_bypass_disable=off || ||