Optional L1d Flushing On Context Switching Looks Like It Will Try Again For Linux 5.10

Written by Michael Larabel in Intel on 16 September 2020 at 02:00 PM EDT. 3 Comments
The feature to provide opt-in flushing of the L1 data cache on each context switch looks like it will be coming with the Linux 5.10 cycle for this functionality providing security benefits but at the cost of further performance degradation.

Earlier this year an Amazon engineer proposed the L1d flushing on context switching in the name of security due to vulnerabilities like MDS. Linux 5.8 was going to add this optional feature but was quickly reverted as Linux creator Linus Torvalds found it to beyond stupid, the software fallback not necessarily working, and the performance implications.

Back in July a new round of patches were posted and now for the Linux 5.10 cycle it looks like we'll see this work re-introduced, assuming Torvalds is willing to let it land this time.

The news today is that the optional L1d flushing was queued into the x86/pti tree this morning, ahead of Linux 5.10 merge window getting underway in October.

Software wanting to use this L1d flushing can set PR_SET_L1D_FLUSH via prctl(). Compared to earlier versions, the software fallback is removed and there is also l1d_flush_out=off as a supported kernel command line option if wanting to ensure the functionality is disabled for the system even if requested by an application.

This mechanism still doesn't protect against L1 data leaks between tasks on sibling threads of a physical core. For complete security SMT/HT still needs to be disabled and/or the core scheduling work that has yet to be mainlined.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week