IBM POWER9 CPUs Need To Flush Their L1 Cache Between Privilege Boundaries Due To New Bug
CVE-2020-4788 is now public and it's not good for IBM and their POWER9 processors... This new vulnerability means these IBM processors need to be flushing their L1 data cache between privilege boundaries, similar to other recent CPU nightmares.
While IBM POWER9 allows speculatively operating on completely validated data in the L1 cache, when it comes to incompletely validated data that bad things can happen. Paired with other side channels, local users could improperly obtain data from the L1 cache.
CVE-2020-4788 was made public this morning and is now causing all stable Linux kernel series to receive the mitigation that amounts to hundreds of lines of new code. The mitigation is flushing the L1 data cache for IBM POWER9 CPUs across privilege boundaries -- both upon entering the kernel and on user accesses.
This frequent flushing of the L1 data cache is bad news for performance. As such there is a no_entry_flush kernel option that is being added to avoid flushing the L1d cache on entering the kernel. Likewise, no_uaccess_flush is another new option to disable the L1 flushing on user accesses.
No performance benchmarks were provided of the impact to POWER9 performance from this heavy flushing, but I'll be working on some benchmarks soon. The mitigation is in the process of being back-ported to all the currently maintained kernel series. This route is similar to the optional L1d flushing for Intel CPUs on context switching that is still working its way to mainline.
More details on this nasty hitting issue via the oss-security list.