Skip to content
⚠️ Warning: Extraordinary electrical maintenance – Scheduled shutdown of the Cloud garr-ct1 region (Catania) from 22 to 29 July 2025. For more details, please read the maintenance notice.

Disable Kernel patches

PLEASE NOTE: The following recipe applies to CentOS machines.

The recent kernels introducing fixes/patches for the Meltdown/Spectre issues reportedly cause machine slowdowns. There may be cases where this slowdown is too strongly impacting operations, and on the other hand the security of the machine is taken care of with other means: in our setup this is the case for our storage servers.

On such machines, there is an easy way to keep up-to-date with kernels and disable the recent security fixes.

Proceed as follows:

  • Upgrade to most recent kernel:

    $ yum update

  • See what kernels are available:

    $ grubby --info=ALL | grep -e kernel -e args

  • Pick the kernel for which you want to disable the security fixes, for example: 3.10.0-693.17.1.el7.x86_64:

    $ grubby --args='noibrs noibpb nopti' --update-kernel /boot/vmlinuz-3.10.0-693.17.1.el7.x86_64 $ grubby --info=ALL | grep -e kernel -e args

  • Then, reboot your server.

After boot, check that the patches are indeed disabled, the following commands should return '0':

$ cat /sys/kernel/debug/x86/pti_enabled
$ cat /sys/kernel/debug/x86/ibpb_enabled
$ cat /sys/kernel/debug/x86/ibrs_enabled