Optional L1d Flushing On Context Switching Looks Like It Will Try Again For Linux 5.10
The feature to provide opt-in flushing of the L1 data cache on each context switch looks like it will be coming with the Linux 5.10 cycle for this functionality providing security benefits but at the cost of further performance degradation.
Earlier this year an Amazon engineer proposed the L1d flushing on context switching in the name of security due to vulnerabilities like MDS. Linux 5.8 was going to add this optional feature but was quickly reverted as Linux creator Linus Torvalds found it to beyond stupid, the software fallback not necessarily working, and the performance implications.
Back in July a new round of patches were posted and now for the Linux 5.10 cycle it looks like we'll see this work re-introduced, assuming Torvalds is willing to let it land this time.
The news today is that the optional L1d flushing was queued into the x86/pti tree this morning, ahead of Linux 5.10 merge window getting underway in October.
Software wanting to use this L1d flushing can set PR_SET_L1D_FLUSH via prctl(). Compared to earlier versions, the software fallback is removed and there is also l1d_flush_out=off as a supported kernel command line option if wanting to ensure the functionality is disabled for the system even if requested by an application.
This mechanism still doesn't protect against L1 data leaks between tasks on sibling threads of a physical core. For complete security SMT/HT still needs to be disabled and/or the core scheduling work that has yet to be mainlined.
Earlier this year an Amazon engineer proposed the L1d flushing on context switching in the name of security due to vulnerabilities like MDS. Linux 5.8 was going to add this optional feature but was quickly reverted as Linux creator Linus Torvalds found it to beyond stupid, the software fallback not necessarily working, and the performance implications.
Back in July a new round of patches were posted and now for the Linux 5.10 cycle it looks like we'll see this work re-introduced, assuming Torvalds is willing to let it land this time.
The news today is that the optional L1d flushing was queued into the x86/pti tree this morning, ahead of Linux 5.10 merge window getting underway in October.
Software wanting to use this L1d flushing can set PR_SET_L1D_FLUSH via prctl(). Compared to earlier versions, the software fallback is removed and there is also l1d_flush_out=off as a supported kernel command line option if wanting to ensure the functionality is disabled for the system even if requested by an application.
This mechanism still doesn't protect against L1 data leaks between tasks on sibling threads of a physical core. For complete security SMT/HT still needs to be disabled and/or the core scheduling work that has yet to be mainlined.
3 Comments