[PATCH v3 0/5] Optionally flush L1D on context switch
From: Balbir Singh
Date: Wed Apr 08 2020 - 05:03:03 EST
Provide a mechanism to flush the L1D cache on context switch. The goal
is to allow tasks that are paranoid due to the recent snoop assisted data
sampling vulnerabilites, to flush their L1D on being switched out.
This protects their data from being snooped or leaked via side channels
after the task has context switched out.
The core of the patches is patch 3, the rest largely refactor the code
so that common bits can be reused.
Changelog v3:
- Refactor the return value of what flush_l1d_cache_hw() returns
- Refactor the code, so that the generic setup bits come first
(patch 3 from previous posting is now patches 3 and 4)
- Move from arch_prctl() to the prctl() interface as recommend
in the reviews.
Changelog v2:
- Fix a miss of mutex_unlock (caught by Borislav Petkov <bp@xxxxxxxxx>)
- Add documentation about the changes (Josh Poimboeuf
<jpoimboe@xxxxxxxxxx>)
Changelog:
- Refactor the code and reuse cond_ibpb() - code bits provided by tglx
- Merge mm state tracking for ibpb and l1d flush
- Rename TIF_L1D_FLUSH to TIF_SPEC_FLUSH_L1D
Changelog RFC:
- Reuse existing code for allocation and flush
- Simplify the goto logic in the actual l1d_flush function
- Optimize the code path with jump labels/static functions
The previous version of this patch posted at:
https://lore.kernel.org/lkml/20200406031946.11815-1-sblbir@xxxxxxxxxx/
Balbir Singh (5):
arch/x86/kvm: Refactor l1d flush lifecycle management
arch/x86: Refactor tlbflush and l1d flush
arch/x86/mm: Refactor cond_ibpb() to support other use cases
arch/x86: Optionally flush L1D on context switch
arch/x86: Add L1D flushing Documentation
Documentation/admin-guide/hw-vuln/index.rst | 1 +
.../admin-guide/hw-vuln/l1d_flush.rst | 40 +++++++
arch/x86/include/asm/cacheflush.h | 6 +
arch/x86/include/asm/thread_info.h | 6 +-
arch/x86/include/asm/tlbflush.h | 2 +-
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/l1d_flush.c | 85 ++++++++++++++
arch/x86/kvm/vmx/vmx.c | 56 ++-------
arch/x86/mm/tlb.c | 109 ++++++++++++++----
include/uapi/linux/prctl.h | 4 +
kernel/sys.c | 20 ++++
11 files changed, 259 insertions(+), 71 deletions(-)
create mode 100644 Documentation/admin-guide/hw-vuln/l1d_flush.rst
create mode 100644 arch/x86/kernel/l1d_flush.c
--
2.17.1