118 lines
6.8 KiB
ReStructuredText
118 lines
6.8 KiB
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
TSX Async Abort (TAA) mitigation
|
|
================================
|
|
|
|
.. _tsx_async_abort:
|
|
|
|
Overview
|
|
--------
|
|
|
|
TSX Async Abort (TAA) is a side channel attack on internal buffers in some
|
|
Intel processors similar to Microachitectural Data Sampling (MDS). In this
|
|
case certain loads may speculatively pass invalid data to dependent operations
|
|
when an asynchronous abort condition is pending in a Transactional
|
|
Synchronization Extensions (TSX) transaction. This includes loads with no
|
|
fault or assist condition. Such loads may speculatively expose stale data from
|
|
the same uarch data structures as in MDS, with same scope of exposure i.e.
|
|
same-thread and cross-thread. This issue affects all current processors that
|
|
support TSX.
|
|
|
|
Mitigation strategy
|
|
-------------------
|
|
|
|
a) TSX disable - one of the mitigations is to disable TSX. A new MSR
|
|
IA32_TSX_CTRL will be available in future and current processors after
|
|
microcode update which can be used to disable TSX. In addition, it
|
|
controls the enumeration of the TSX feature bits (RTM and HLE) in CPUID.
|
|
|
|
b) Clear CPU buffers - similar to MDS, clearing the CPU buffers mitigates this
|
|
vulnerability. More details on this approach can be found in
|
|
:ref:`Documentation/hw-vuln/mds.rst <mds>`.
|
|
|
|
Kernel internal mitigation modes
|
|
--------------------------------
|
|
|
|
============= ============================================================
|
|
off Mitigation is disabled. Either the CPU is not affected or
|
|
tsx_async_abort=off is supplied on the kernel command line.
|
|
|
|
tsx disabled Mitigation is enabled. TSX feature is disabled by default at
|
|
bootup on processors that support TSX control.
|
|
|
|
verw Mitigation is enabled. CPU is affected and MD_CLEAR is
|
|
advertised in CPUID.
|
|
|
|
ucode needed Mitigation is enabled. CPU is affected and MD_CLEAR is not
|
|
advertised in CPUID. That is mainly for virtualization
|
|
scenarios where the host has the updated microcode but the
|
|
hypervisor does not expose MD_CLEAR in CPUID. It's a best
|
|
effort approach without guarantee.
|
|
============= ============================================================
|
|
|
|
If the CPU is affected and the "tsx_async_abort" kernel command line parameter is
|
|
not provided then the kernel selects an appropriate mitigation depending on the
|
|
status of RTM and MD_CLEAR CPUID bits.
|
|
|
|
Below tables indicate the impact of tsx=on|off|auto cmdline options on state of
|
|
TAA mitigation, VERW behavior and TSX feature for various combinations of
|
|
MSR_IA32_ARCH_CAPABILITIES bits.
|
|
|
|
1. "tsx=off"
|
|
|
|
========= ========= ============ ============ ============== =================== ======================
|
|
MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=off
|
|
---------------------------------- -------------------------------------------------------------------------
|
|
TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
|
|
after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full
|
|
========= ========= ============ ============ ============== =================== ======================
|
|
0 0 0 HW default Yes Same as MDS Same as MDS
|
|
0 0 1 Invalid case Invalid case Invalid case Invalid case
|
|
0 1 0 HW default No Need ucode update Need ucode update
|
|
0 1 1 Disabled Yes TSX disabled TSX disabled
|
|
1 X 1 Disabled X None needed None needed
|
|
========= ========= ============ ============ ============== =================== ======================
|
|
|
|
2. "tsx=on"
|
|
|
|
========= ========= ============ ============ ============== =================== ======================
|
|
MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=on
|
|
---------------------------------- -------------------------------------------------------------------------
|
|
TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
|
|
after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full
|
|
========= ========= ============ ============ ============== =================== ======================
|
|
0 0 0 HW default Yes Same as MDS Same as MDS
|
|
0 0 1 Invalid case Invalid case Invalid case Invalid case
|
|
0 1 0 HW default No Need ucode update Need ucode update
|
|
0 1 1 Enabled Yes None Same as MDS
|
|
1 X 1 Enabled X None needed None needed
|
|
========= ========= ============ ============ ============== =================== ======================
|
|
|
|
3. "tsx=auto"
|
|
|
|
========= ========= ============ ============ ============== =================== ======================
|
|
MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=auto
|
|
---------------------------------- -------------------------------------------------------------------------
|
|
TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
|
|
after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full
|
|
========= ========= ============ ============ ============== =================== ======================
|
|
0 0 0 HW default Yes Same as MDS Same as MDS
|
|
0 0 1 Invalid case Invalid case Invalid case Invalid case
|
|
0 1 0 HW default No Need ucode update Need ucode update
|
|
0 1 1 Disabled Yes TSX disabled TSX disabled
|
|
1 X 1 Enabled X None needed None needed
|
|
========= ========= ============ ============ ============== =================== ======================
|
|
|
|
In the tables, TSX_CTRL_MSR is a new bit in MSR_IA32_ARCH_CAPABILITIES that
|
|
indicates whether MSR_IA32_TSX_CTRL is supported.
|
|
|
|
There are two control bits in IA32_TSX_CTRL MSR:
|
|
|
|
Bit 0: When set it disables the Restricted Transactional Memory (RTM)
|
|
sub-feature of TSX (will force all transactions to abort on the
|
|
XBEGIN instruction).
|
|
|
|
Bit 1: When set it disables the enumeration of the RTM and HLE feature
|
|
(i.e. it will make CPUID(EAX=7).EBX{bit4} and
|
|
CPUID(EAX=7).EBX{bit11} read as 0).
|