MyNixOS website logo
option

security.virtualisation.flushL1DataCache

Whether the hypervisor should flush the L1 data cache before entering guests. See also .

  • null: uses the kernel default
  • "never": disables L1 data cache flushing entirely. May be appropriate if all guests are trusted.
  • "cond": flushes L1 data cache only for pre-determined code paths. May leak information about the host address space layout.
  • "always": flushes L1 data cache every time the hypervisor enters the guest. May incur significant performance cost.
Declarations
Type
null or one of "never", "cond", "always"
Default
null
Sign in to create a configuration using this setting.