~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/hw-vuln/l1d_flush.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/hw-vuln/l1d_flush.rst (Architecture alpha) and /Documentation/admin-guide/hw-vuln/l1d_flush.rst (Architecture sparc)


  1 L1D Flushing                                        1 L1D Flushing
  2 ============                                        2 ============
  3                                                     3 
  4 With an increasing number of vulnerabilities b      4 With an increasing number of vulnerabilities being reported around data
  5 leaks from the Level 1 Data cache (L1D) the ke      5 leaks from the Level 1 Data cache (L1D) the kernel provides an opt-in
  6 mechanism to flush the L1D cache on context sw      6 mechanism to flush the L1D cache on context switch.
  7                                                     7 
  8 This mechanism can be used to address e.g. CVE      8 This mechanism can be used to address e.g. CVE-2020-0550. For applications
  9 the mechanism keeps them safe from vulnerabili      9 the mechanism keeps them safe from vulnerabilities, related to leaks
 10 (snooping of) from the L1D cache.                  10 (snooping of) from the L1D cache.
 11                                                    11 
 12                                                    12 
 13 Related CVEs                                       13 Related CVEs
 14 ------------                                       14 ------------
 15 The following CVEs can be addressed by this        15 The following CVEs can be addressed by this
 16 mechanism                                          16 mechanism
 17                                                    17 
 18     =============       ======================     18     =============       ========================     ==================
 19     CVE-2020-0550       Improper Data Forwardi     19     CVE-2020-0550       Improper Data Forwarding     OS related aspects
 20     =============       ======================     20     =============       ========================     ==================
 21                                                    21 
 22 Usage Guidelines                                   22 Usage Guidelines
 23 ----------------                                   23 ----------------
 24                                                    24 
 25 Please see document: :ref:`Documentation/users     25 Please see document: :ref:`Documentation/userspace-api/spec_ctrl.rst
 26 <set_spec_ctrl>` for details.                      26 <set_spec_ctrl>` for details.
 27                                                    27 
 28 **NOTE**: The feature is disabled by default,      28 **NOTE**: The feature is disabled by default, applications need to
 29 specifically opt into the feature to enable it     29 specifically opt into the feature to enable it.
 30                                                    30 
 31 Mitigation                                         31 Mitigation
 32 ----------                                         32 ----------
 33                                                    33 
 34 When PR_SET_L1D_FLUSH is enabled for a task a      34 When PR_SET_L1D_FLUSH is enabled for a task a flush of the L1D cache is
 35 performed when the task is scheduled out and t     35 performed when the task is scheduled out and the incoming task belongs to a
 36 different process and therefore to a different     36 different process and therefore to a different address space.
 37                                                    37 
 38 If the underlying CPU supports L1D flushing in     38 If the underlying CPU supports L1D flushing in hardware, the hardware
 39 mechanism is used, software fallback for the m     39 mechanism is used, software fallback for the mitigation, is not supported.
 40                                                    40 
 41 Mitigation control on the kernel command line      41 Mitigation control on the kernel command line
 42 ---------------------------------------------      42 ---------------------------------------------
 43                                                    43 
 44 The kernel command line allows to control the      44 The kernel command line allows to control the L1D flush mitigations at boot
 45 time with the option "l1d_flush=". The valid a     45 time with the option "l1d_flush=". The valid arguments for this option are:
 46                                                    46 
 47   ============  ==============================     47   ============  =============================================================
 48   on            Enables the prctl interface, a     48   on            Enables the prctl interface, applications trying to use
 49                 the prctl() will fail with an      49                 the prctl() will fail with an error if l1d_flush is not
 50                 enabled                            50                 enabled
 51   ============  ==============================     51   ============  =============================================================
 52                                                    52 
 53 By default the mechanism is disabled.              53 By default the mechanism is disabled.
 54                                                    54 
 55 Limitations                                        55 Limitations
 56 -----------                                        56 -----------
 57                                                    57 
 58 The mechanism does not mitigate L1D data leaks     58 The mechanism does not mitigate L1D data leaks between tasks belonging to
 59 different processes which are concurrently exe     59 different processes which are concurrently executing on sibling threads of
 60 a physical CPU core when SMT is enabled on the     60 a physical CPU core when SMT is enabled on the system.
 61                                                    61 
 62 This can be addressed by controlled placement      62 This can be addressed by controlled placement of processes on physical CPU
 63 cores or by disabling SMT. See the relevant ch     63 cores or by disabling SMT. See the relevant chapter in the L1TF mitigation
 64 document: :ref:`Documentation/admin-guide/hw-v     64 document: :ref:`Documentation/admin-guide/hw-vuln/l1tf.rst <smt_control>`.
 65                                                    65 
 66 **NOTE** : The opt-in of a task for L1D flushi     66 **NOTE** : The opt-in of a task for L1D flushing works only when the task's
 67 affinity is limited to cores running in non-SM     67 affinity is limited to cores running in non-SMT mode. If a task which
 68 requested L1D flushing is scheduled on a SMT-e     68 requested L1D flushing is scheduled on a SMT-enabled core the kernel sends
 69 a SIGBUS to the task.                              69 a SIGBUS to the task.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php