Disable Meltdown and Spectre patches on unaffected CPUs

Some older or lower-end CPUs are in-order only (as opposed to out-of-order), and hence are not affected by Meltdown and Spectre vulnerabilities. However patches for those, as implemented in the Linux kernel, may not detect that, and apply mitigations “too broadly”, wrongly assuming your CPU is still vulnerable – and cause a performance hit for no justifiable reason whatsoever.

To disable that, in Debian-based distros, edit ”/etc/default/grub”, find the line with:

GRUB_CMDLINE_LINUX=""

and change that into

GRUB_CMDLINE_LINUX="pti=off spectre_v2=off nospec_store_bypass_disable"

Or in recent kernel versions (4.14.119+, 4.19.43+, 5.2+), simply:

GRUB_CMDLINE_LINUX="mitigations=off"