0001 L1D Flushing
0002 ============
0003
0004 With an increasing number of vulnerabilities being reported around data
0005 leaks from the Level 1 Data cache (L1D) the kernel provides an opt-in
0006 mechanism to flush the L1D cache on context switch.
0007
0008 This mechanism can be used to address e.g. CVE-2020-0550. For applications
0009 the mechanism keeps them safe from vulnerabilities, related to leaks
0010 (snooping of) from the L1D cache.
0011
0012
0013 Related CVEs
0014 ------------
0015 The following CVEs can be addressed by this
0016 mechanism
0017
0018 ============= ======================== ==================
0019 CVE-2020-0550 Improper Data Forwarding OS related aspects
0020 ============= ======================== ==================
0021
0022 Usage Guidelines
0023 ----------------
0024
0025 Please see document: :ref:`Documentation/userspace-api/spec_ctrl.rst
0026 <set_spec_ctrl>` for details.
0027
0028 **NOTE**: The feature is disabled by default, applications need to
0029 specifically opt into the feature to enable it.
0030
0031 Mitigation
0032 ----------
0033
0034 When PR_SET_L1D_FLUSH is enabled for a task a flush of the L1D cache is
0035 performed when the task is scheduled out and the incoming task belongs to a
0036 different process and therefore to a different address space.
0037
0038 If the underlying CPU supports L1D flushing in hardware, the hardware
0039 mechanism is used, software fallback for the mitigation, is not supported.
0040
0041 Mitigation control on the kernel command line
0042 ---------------------------------------------
0043
0044 The kernel command line allows to control the L1D flush mitigations at boot
0045 time with the option "l1d_flush=". The valid arguments for this option are:
0046
0047 ============ =============================================================
0048 on Enables the prctl interface, applications trying to use
0049 the prctl() will fail with an error if l1d_flush is not
0050 enabled
0051 ============ =============================================================
0052
0053 By default the mechanism is disabled.
0054
0055 Limitations
0056 -----------
0057
0058 The mechanism does not mitigate L1D data leaks between tasks belonging to
0059 different processes which are concurrently executing on sibling threads of
0060 a physical CPU core when SMT is enabled on the system.
0061
0062 This can be addressed by controlled placement of processes on physical CPU
0063 cores or by disabling SMT. See the relevant chapter in the L1TF mitigation
0064 document: :ref:`Documentation/admin-guide/hw-vuln/l1tf.rst <smt_control>`.
0065
0066 **NOTE** : The opt-in of a task for L1D flushing works only when the task's
0067 affinity is limited to cores running in non-SMT mode. If a task which
0068 requested L1D flushing is scheduled on a SMT-enabled core the kernel sends
0069 a SIGBUS to the task.
