L1d Cache Flushing On Context Switch Trying Again But More Conservative In 2021

Coming out in early 2020 were patches by an Amazon engineer to implement flushing the L1 data cache on context switching in the name of security given the various data sampling vulnerabilities. That work so far has been rejected from the mainline kernel but today was updated and makes it harder to enable and thus moving forward could stand chances to finally see the opt-in functionality merged to mainline.

This opt-in L1d flushing on context switching tried for the Linux 5.8 kernel but at the time was rejected by Linus Torvalds as "beyond stupid", big performance implications, and not necessarily working out as desired. That L1d flushing work was since revised but hasn't yet made it into the mainline kernel as of Linux 5.11.

Starting off the new year and amid renewed hopes of getting the functionality mainlined, Amazon's Balbir Singh sent out the new patches that make the behavior more conservative as to when to enable this costly behavior.

The updated patches now better handle the situation where some CPU cores may have SMT/HT disabled but not all of them and most significant is the functionality is disabled by default. Besides needing to still opt-in to it on a PRCTL basis, the functionality will not work unless the kernel has been booted with l1d_flush=on. Thus short of distributions setting that option, it would be left up to users/administrators to set that if they would like to make use of this feature rather than previously letting any application opt-in to it by default through the PRCTL interface if desired.

Besides now needing "l1d_flush=on", the functionality will also be disabled if the running processor is not affected by the L1 Terminal Fault (L1TF) vulnerability. L1 Terminal Fault "Foreshadow" affects most Intel processors from 8th Gen Core and Xeon E3 v6 and older. The task in question must also be running on a core with SMT enabled.

The updated L1d cache flushing patches can be found on the kernel mailing list for review. With this more conservative behavior and not risking the system performance out-of-the-box, it largely addresses the concerns raised last year by Linus Torvalds, so we'll see coming up for Linux 5.12 if this security feature manages to go mainline.

Another approach still being pursued by multiple organizations for making HT/SMT more secure on Intel CPUs is core scheduling for ensuring unprivileged/privileged tasks don't share the same core and cases like different VMs not sharing a same core or using a sibling thread.