Documentation: Add L1D flushing Documentation

Add documentation of l1d flushing, explain the need for the feature and how it can be used. Signed-off-by: Balbir Singh <sblbir@amazon.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20210108121056.21940-6-sblbir@amazon.com
2024-11-12 23:23:03 +00:00 · 2021-01-08 23:10:56 +11:00 · 2021-01-08 23:10:56 +11:00 · b7fe54f6c2
commit b7fe54f6c2
parent e893bb1bb4
4 changed files with 95 additions and 0 deletions
--- a/Documentation/admin-guide/hw-vuln/index.rst
+++ b/Documentation/admin-guide/hw-vuln/index.rst
@ -16,3 +16,4 @@ are configurable at compile, boot or run time.
   multihit.rst
   special-register-buffer-data-sampling.rst
   core-scheduling.rst
   l1d_flush.rst
--- a/Documentation/admin-guide/hw-vuln/l1d_flush.rst
+++ b/Documentation/admin-guide/hw-vuln/l1d_flush.rst
@ -0,0 +1,69 @@
 L1D Flushing
 ============
 With an increasing number of vulnerabilities being reported around data
 leaks from the Level 1 Data cache (L1D) the kernel provides an opt-in
 mechanism to flush the L1D cache on context switch.
 This mechanism can be used to address e.g. CVE-2020-0550. For applications
 the mechanism keeps them safe from vulnerabilities, related to leaks
 (snooping of) from the L1D cache.
 Related CVEs
 ------------
 The following CVEs can be addressed by this
 mechanism
    =============       ========================     ==================
    CVE-2020-0550       Improper Data Forwarding     OS related aspects
    =============       ========================     ==================
 Usage Guidelines
 ----------------
 Please see document: :ref:`Documentation/userspace-api/spec_ctrl.rst
 <set_spec_ctrl>` for details.
 **NOTE**: The feature is disabled by default, applications need to
 specifically opt into the feature to enable it.
 Mitigation
 ----------
 When PR_SET_L1D_FLUSH is enabled for a task a flush of the L1D cache is
 performed when the task is scheduled out and the incoming task belongs to a
 different process and therefore to a different address space.
 If the underlying CPU supports L1D flushing in hardware, the hardware
 mechanism is used, software fallback for the mitigation, is not supported.
 Mitigation control on the kernel command line
 ---------------------------------------------
 The kernel command line allows to control the L1D flush mitigations at boot
 time with the option "l1d_flush=". The valid arguments for this option are:
  ============  =============================================================
  on            Enables the prctl interface, applications trying to use
                the prctl() will fail with an error if l1d_flush is not
                enabled
  ============  =============================================================
 By default the mechanism is disabled.
 Limitations
 -----------
 The mechanism does not mitigate L1D data leaks between tasks belonging to
 different processes which are concurrently executing on sibling threads of
 a physical CPU core when SMT is enabled on the system.
 This can be addressed by controlled placement of processes on physical CPU
 cores or by disabling SMT. See the relevant chapter in the L1TF mitigation
 document: :ref:`Documentation/admin-guide/hw-vuln/l1tf.rst <smt_control>`.
 **NOTE** : The opt-in of a task for L1D flushing works only when the task's
 affinity is limited to cores running in non-SMT mode. If a task which
 requested L1D flushing is scheduled on a SMT-enabled core the kernel sends
 a SIGBUS to the task.
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@ -2421,6 +2421,23 @@
 			feature (tagged TLBs) on capable Intel chips.
 			Default is 1 (enabled)
 	l1d_flush=	[X86,INTEL]
 			Control mitigation for L1D based snooping vulnerability.
 			Certain CPUs are vulnerable to an exploit against CPU
 			internal buffers which can forward information to a
 			disclosure gadget under certain conditions.
 			In vulnerable processors, the speculatively
 			forwarded data can be used in a cache side channel
 			attack, to access data to which the attacker does
 			not have direct access.
 			This parameter controls the mitigation. The
 			options are:
 			on         - enable the interface for the mitigation
 	l1tf=           [X86] Control mitigation of the L1TF vulnerability on
 			      affected CPUs
--- a/Documentation/userspace-api/spec_ctrl.rst
+++ b/Documentation/userspace-api/spec_ctrl.rst
@ -106,3 +106,11 @@ Speculation misfeature controls
   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0);
   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0);
   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0);
 - PR_SPEC_L1D_FLUSH: Flush L1D Cache on context switch out of the task
                        (works only when tasks run on non SMT cores)
  Invocations:
   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH, 0, 0, 0);
   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH, PR_SPEC_ENABLE, 0, 0);
   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH, PR_SPEC_DISABLE, 0, 0);