Opt-In L1 Cache Flushing To Try For Linux 5.15 To Help With The Paranoid, Future CPU Vulnerabilities

Written by Michael Larabel in Linux Security on 30 August 2021 at 08:00 AM EDT. 17 Comments
Worked on for more than one year is the patches out of Amazon for allowing opt-in L1 data cache flushing on context switching. This L1d flushing is done in the name of greater security given the various CPU speculative execution hardware vulnerabilities these days and protecting against other possible future vulnerabilities. After trying to get the code merged last summer, Linus Torvalds called it "beyond stupid" and reverted the code but now for Linux 5.15 a revised form of it was submitted.

Linus Torvalds criticized this L1d cache flushing for the paranoid as being poorly engineered in its initial form around its software flushing fallback that may not even flush the L1 data cache in some instances, applications potentially abusing this interface, and the performance impact this flushing would have on other applications. Those issues along with other criticism from Linus led him to reverting it shortly after it was originally sent in for Linux 5.8.

Since then the code has been revised so now it should be less "stupid". This opt-in L1d cache flushing now requires a special boot flag (l1d_flush=on) for it to be even enabled at run-time, the L1d flushing is disabled for CPUs not affected by the Intel L1TF Foreshadow vulnerability, and the previously criticized L1d software flushing fallback path is removed.

In now trying to sell this opt-in, per-application L1 data cache flushing on context switch feature to Linus Torvalds, the pull request sums it up as, "A stop gap for potential future speculation related hardware vulnerabilities and a mechanism for truly security paranoid applications. It allows a task to request that the L1D cache is flushed when the kernel switches to a different mm. This can be requested via prctl()."

We'll see what Linus Torvalds thinks of it this time around and whether it will make it into Linux 5.15.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week