Linux 5.8 Set To Optionally Flush The L1d Cache On Context Switch To Increase Security
Written by Michael Larabel in Linux Security on 22 May 2020 at 07:49 AM EDT. 18 Comments
LINUX SECURITY --
The Linux kernel patches that have been spearheaded by Amazon AWS engineers to optionally flush the L1 data cache on each context switch have now been queued in the x86/mm branch ahead of the upcoming Linux 5.8 kernel cycle.

This L1d cache flushing on context switches is being done in light of the various CPU security issues that have come to light in recent times and acknowledging there are likely other yet to be discovered vulnerabilities. Flushing the L1d cache on context switches helps fend off data from being snooped or leaked via side channels.

This flushing does address CVE-2020-0550 for snoop-assisted L1 data sampling but the main emphasis seems to be on the "yet to be discovered vulnerabilities." But in flushing the L1 data cache so frequently, there are big performance implications and as such the documentation continues to refer to this capability as something for "paranoid" users.


This opt-in mechanism needs to be enabled from user-space applications via prctl() and will use any CPU hardware mechanism for L1d flushing otherwise a software fallback. More details on this optional L1d flushing per context switch via this earlier article.

The patches are queued in the x86/mm (memory management) branch ahead of the Linux 5.8 kernel cycle expected to open in early June and then release as stable likely in August. Besides this optional security feature, there is a lot more coming for Linux 5.8.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week