Consider disabling CPU vulnerabilities mitigation features in our Vagrant build box
Given the kind of things we do in our Vagrant build box, it seems very unlikely that vulnerabilities such as Spectre and Meltdown can be exploited in there. So perhaps we can reclaim some of the performance cost of the corresponding mitigation features?
This can be done by adding
mitigations=off to the kernel command line.
Feature Branch: feature/17386-vagrant-disable-cpu-vuln-mitigations
- Related to sysadmin#17387