L1d Flushing Patches Revived After It Was Rejected From Linux 5.8 As "Beyond Stupid"

Written by Michael Larabel in Linux Kernel on 29 July 2020 at 02:57 AM EDT. 32 Comments
LINUX KERNEL
Worked out in recent months by an Amazon engineer was optional L1 data cache flushing on context switches to allow for greater computer security in an era of data sampling vulnerabilities and other data leakage issues via side channels. It was sent in for Linux 5.8 but Linus Torvalds characterized it as "beyond stupid" and not being convinced by it. Well, now it's been revised but isn't yet clear if it will appease Torvalds for mainline inclusion.

The overall concept of this new L1d flushing work remains the same is that it's entirely opt-in and interested programs can make use of it via the prctl interface. The focus remains on providing an additional level of security for CPUs affected by the likes of L1TF and other data snooping vulnerabilities.

This new version of the L1d flushing patches have tried to address feedback/concerns raised by Torvalds and other upstream kernel developers.

For server/system administrators wanting to ensure that it's not used, there is l1d_flush_out=off kernel command line parameter now supported to outright disable the functionality. That is the only l1d_flush_out option with no other overrides.

Another change now is this L1d flushing is only used for processors known to be affected by the L1 Terminal Fault (L1TF) bug rather than any CPU. That clears up the matter of this flushing having the possibility of hurting unaffected CPUs.

Lastly, the software fallback mode has been dropped for where it may not be practical for L1d flushing as these patches are now limited to using the hardware flushing support.


The new L1d flushing patches can be found via this kernel mailing list thread. We'll see if that now addresses the concerns enough that this work is mainlined, though it's coming in awfully close to the Linux 5.9 merge window that it might be delayed in any case to say 5.10.

It will also be interesting to see the performance impact of this additional feature as well as what applications decide to opt-in and make use of PR_SET_L1D_FLUSH / L1D_FLUSH_OUT_ON functionality.
32 Comments
Related News
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
Linux 6.10 To Account For NUMA Node When Allocating Per-CPU Cpumasks
Linux 6.10 SLUB Optimization To Reduce Memory Consumption In Extreme Scenarios
Linux 6.8.5 & Other Stable Kernel Updates Due To Native BHI Vulnerability
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
KDE's KWin Merges Wayland Explicit Sync Support
Open-Source Radeon Driver Enables Support For Vulkan Video H.264/H.265 Encode
Ubuntu 24.04 Beta Now Available For Testing