How to disable Page-Table Isolation on Ubuntu for benchmarking

The kernel patches to mitigate the recent Meltdown and Spectre bugs enable the Page-Table Isolation feature. These patches, dubbed dubbed KAISER or KPTI, remedy these vulnerabilities but can come with a performance loss.

In order to compare performance before and after these patches I need to disable this PTI feature temporarily. Now I don’t recommend disabling this security feature indefinitely because you will end up with a less secure system!

First, let’s see if the PTI module is compiled directly into the kernel by examining the /boot/config-$kernel_version file:

cat /boot/config-`uname -r` | grep -iq CONFIG_PAGE_TABLE_ISOLATION=y  && echo "PTI is available" || echo "PTI is not available"

The output should say PTI is available.

Now we can disable it by adding the pti=off to the kernel boot parameters. Open up /etc/default/grub and add this parameter to the GRUB_CMDLINE_LINUX_DEFAULT parameters. Example:

GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 cgroup_enable=memory swapaccount=1 pti=off splash quiet"

If you have overrides in /etc/default/grub.d directory you should update the GRUB_CMDLINE_LINUX_DEFAULT line in there.

Now we regenerate Grub’s menu.lst file to include the new option:

sudo update-grub

Restart your system and run cat /proc/cmdline to see if it contains the pti=off parameter. Now you can compare your machine’s performance with and without PTI!

We saw some performance losses on all our PHP web servers. CPU usage was up by around 10%-30% in some instances, depending on load and function, but thanks to caching the applications still run great for end-users.