Re: [PATCH 0/3] arch/x86: Optionally flush L1D on context switch

From: Josh Poimboeuf
Date: Thu Apr 02 2020 - 16:48:09 EST


On Thu, Apr 02, 2020 at 08:35:46PM +0000, Singh, Balbir wrote:
> On Thu, 2020-04-02 at 15:13 -0500, Josh Poimboeuf wrote:
> > CAUTION: This email originated from outside of the organization. Do not
> > click links or open attachments unless you can confirm the sender and know
> > the content is safe.
> >
> >
> >
> > On Thu, Apr 02, 2020 at 05:23:58PM +1100, Balbir Singh wrote:
> > > Provide a mechanisn to flush the L1D cache on context switch. The goal
> > > is to allow tasks that are paranoid due to the recent snoop assisted data
> > > sampling vulnerabilites, to flush their L1D on being switched out.
> >
> > Hi Balbir,
> >
> > Just curious, is it really vulnerabilities, plural? I thought there was
> > only one: CVE-2020-0550 (Snoop-assisted L1 Data Sampling).
> >
> > (There was a similar one without the "snoop": L1D Eviction Sampling, but
> > it's supposed to get fixed in microcode).
> >
>
> Hi, Josh
>
> Yes, that CVE the motivation, the mitigation for CVE-2020-0550 does suggest
> flushing the cache on context switch. But in general, as we begin to find more
> ways of evicting data or snopping data, a generic mechanism is more useful and
> that is why I am making it an opt-in.

Ok. I think it would be a good idea to expand on that justification
more precisely in the commit message. That would help both reviewers of
the code and users of the new option understand what level of paranoia
they're opting in to :-)

--
Josh