Back to home page

OSCL-LXR
 
 

     

0001 .. SPDX-License-Identifier: GPL-2.0
0002 
0003 TSX Async Abort (TAA) mitigation
0004 ================================
0005 
0006 .. _tsx_async_abort:
0007 
0008 Overview
0009 --------
0010 
0011 TSX Async Abort (TAA) is a side channel attack on internal buffers in some
0012 Intel processors similar to Microachitectural Data Sampling (MDS).  In this
0013 case certain loads may speculatively pass invalid data to dependent operations
0014 when an asynchronous abort condition is pending in a Transactional
0015 Synchronization Extensions (TSX) transaction.  This includes loads with no
0016 fault or assist condition. Such loads may speculatively expose stale data from
0017 the same uarch data structures as in MDS, with same scope of exposure i.e.
0018 same-thread and cross-thread. This issue affects all current processors that
0019 support TSX.
0020 
0021 Mitigation strategy
0022 -------------------
0023 
0024 a) TSX disable - one of the mitigations is to disable TSX. A new MSR
0025 IA32_TSX_CTRL will be available in future and current processors after
0026 microcode update which can be used to disable TSX. In addition, it
0027 controls the enumeration of the TSX feature bits (RTM and HLE) in CPUID.
0028 
0029 b) Clear CPU buffers - similar to MDS, clearing the CPU buffers mitigates this
0030 vulnerability. More details on this approach can be found in
0031 :ref:`Documentation/admin-guide/hw-vuln/mds.rst <mds>`.
0032 
0033 Kernel internal mitigation modes
0034 --------------------------------
0035 
0036  =============    ============================================================
0037  off              Mitigation is disabled. Either the CPU is not affected or
0038                   tsx_async_abort=off is supplied on the kernel command line.
0039 
0040  tsx disabled     Mitigation is enabled. TSX feature is disabled by default at
0041                   bootup on processors that support TSX control.
0042 
0043  verw             Mitigation is enabled. CPU is affected and MD_CLEAR is
0044                   advertised in CPUID.
0045 
0046  ucode needed     Mitigation is enabled. CPU is affected and MD_CLEAR is not
0047                   advertised in CPUID. That is mainly for virtualization
0048                   scenarios where the host has the updated microcode but the
0049                   hypervisor does not expose MD_CLEAR in CPUID. It's a best
0050                   effort approach without guarantee.
0051  =============    ============================================================
0052 
0053 If the CPU is affected and the "tsx_async_abort" kernel command line parameter is
0054 not provided then the kernel selects an appropriate mitigation depending on the
0055 status of RTM and MD_CLEAR CPUID bits.
0056 
0057 Below tables indicate the impact of tsx=on|off|auto cmdline options on state of
0058 TAA mitigation, VERW behavior and TSX feature for various combinations of
0059 MSR_IA32_ARCH_CAPABILITIES bits.
0060 
0061 1. "tsx=off"
0062 
0063 =========  =========  ============  ============  ==============  ===================  ======================
0064 MSR_IA32_ARCH_CAPABILITIES bits     Result with cmdline tsx=off
0065 ----------------------------------  -------------------------------------------------------------------------
0066 TAA_NO     MDS_NO     TSX_CTRL_MSR  TSX state     VERW can clear  TAA mitigation       TAA mitigation
0067                                     after bootup  CPU buffers     tsx_async_abort=off  tsx_async_abort=full
0068 =========  =========  ============  ============  ==============  ===================  ======================
0069     0          0           0         HW default         Yes           Same as MDS           Same as MDS
0070     0          0           1        Invalid case   Invalid case       Invalid case          Invalid case
0071     0          1           0         HW default         No         Need ucode update     Need ucode update
0072     0          1           1          Disabled          Yes           TSX disabled          TSX disabled
0073     1          X           1          Disabled           X             None needed           None needed
0074 =========  =========  ============  ============  ==============  ===================  ======================
0075 
0076 2. "tsx=on"
0077 
0078 =========  =========  ============  ============  ==============  ===================  ======================
0079 MSR_IA32_ARCH_CAPABILITIES bits     Result with cmdline tsx=on
0080 ----------------------------------  -------------------------------------------------------------------------
0081 TAA_NO     MDS_NO     TSX_CTRL_MSR  TSX state     VERW can clear  TAA mitigation       TAA mitigation
0082                                     after bootup  CPU buffers     tsx_async_abort=off  tsx_async_abort=full
0083 =========  =========  ============  ============  ==============  ===================  ======================
0084     0          0           0         HW default        Yes            Same as MDS          Same as MDS
0085     0          0           1        Invalid case   Invalid case       Invalid case         Invalid case
0086     0          1           0         HW default        No          Need ucode update     Need ucode update
0087     0          1           1          Enabled          Yes               None              Same as MDS
0088     1          X           1          Enabled          X              None needed          None needed
0089 =========  =========  ============  ============  ==============  ===================  ======================
0090 
0091 3. "tsx=auto"
0092 
0093 =========  =========  ============  ============  ==============  ===================  ======================
0094 MSR_IA32_ARCH_CAPABILITIES bits     Result with cmdline tsx=auto
0095 ----------------------------------  -------------------------------------------------------------------------
0096 TAA_NO     MDS_NO     TSX_CTRL_MSR  TSX state     VERW can clear  TAA mitigation       TAA mitigation
0097                                     after bootup  CPU buffers     tsx_async_abort=off  tsx_async_abort=full
0098 =========  =========  ============  ============  ==============  ===================  ======================
0099     0          0           0         HW default    Yes                Same as MDS           Same as MDS
0100     0          0           1        Invalid case  Invalid case        Invalid case          Invalid case
0101     0          1           0         HW default    No              Need ucode update     Need ucode update
0102     0          1           1          Disabled      Yes               TSX disabled          TSX disabled
0103     1          X           1          Enabled       X                 None needed           None needed
0104 =========  =========  ============  ============  ==============  ===================  ======================
0105 
0106 In the tables, TSX_CTRL_MSR is a new bit in MSR_IA32_ARCH_CAPABILITIES that
0107 indicates whether MSR_IA32_TSX_CTRL is supported.
0108 
0109 There are two control bits in IA32_TSX_CTRL MSR:
0110 
0111       Bit 0: When set it disables the Restricted Transactional Memory (RTM)
0112              sub-feature of TSX (will force all transactions to abort on the
0113              XBEGIN instruction).
0114 
0115       Bit 1: When set it disables the enumeration of the RTM and HLE feature
0116              (i.e. it will make CPUID(EAX=7).EBX{bit4} and
0117              CPUID(EAX=7).EBX{bit11} read as 0).
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!