Linux Developers Discuss Flushing L1 Cache On Context Switches In Light Of Vulnerabilities

In light of data sampling vulnerabilities like MDS, engineers from Amazon, Google, and other organizations are discussing a proof-of-concept implementation that would optionally flush the L1 data cache on context switches.

Flushing out the L1 data cache on each context switch would result in yet another performance hit so it isn't being taken lightly. At least based upon public information at this point doesn't appear necessary but an extra step to enhance the system security following Intel's data sampling vulnerability disclosures. The "request for comments" patch by an Amazon engineer describes it as an optional feature for those that are "paranoid due to the recent snoop assisted data sampling vulnerabilites, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."

The discussed means are ensuring data left in the L1d would be cleared out and a second avenue being explored is clearing the L1 cache should any untrusted (potentially malicious) process be starting up so to clear out the L1 cache before hand.

As this is just being advertised as a feature for the "paranoid", opting into this flushing of the L1d cache on context switching out is left to be enabled on a per-software basis via a new prctl() flag but no option for blanket enabling at this stage. With this patch being worked on by an Amazon engineer, it's something they are at least considering for the public cloud.

"This is an early PoC to start the discussion on the need for conditional L1D flushing based on the security posture of the application and the sensitivity of the data it has access to or might have access to," wrote Amazon engineer Balbir Singh with the initial patch proposal. We'll see where this L1d-flushing-on-context-switch patch leads.