Skip to content

Virtualisation

security.virtualisation.flushL1DataCache

Whether the hypervisor should flush the L1 data cache before entering guests. See also .

  • null: uses the kernel default
  • "never": disables L1 data cache flushing entirely. May be appropriate if all guests are trusted.
  • "cond": flushes L1 data cache only for pre-determined code paths. May leak information about the host address space layout.
  • "always": flushes L1 data cache every time the hypervisor enters the guest. May incur significant performance cost.

Type: null or one of "never", "cond", "always"

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/misc.nix