| Pawan Gupta | a7a248c | 2019-10-23 12:32:55 +0200 | [diff] [blame] | 1 | .. SPDX-License-Identifier: GPL-2.0 |
| 2 | |
| 3 | TSX Async Abort (TAA) mitigation |
| 4 | ================================ |
| 5 | |
| 6 | .. _tsx_async_abort: |
| 7 | |
| 8 | Overview |
| 9 | -------- |
| 10 | |
| 11 | TSX Async Abort (TAA) is a side channel attack on internal buffers in some |
| 12 | Intel processors similar to Microachitectural Data Sampling (MDS). In this |
| 13 | case certain loads may speculatively pass invalid data to dependent operations |
| 14 | when an asynchronous abort condition is pending in a Transactional |
| 15 | Synchronization Extensions (TSX) transaction. This includes loads with no |
| 16 | fault or assist condition. Such loads may speculatively expose stale data from |
| 17 | the same uarch data structures as in MDS, with same scope of exposure i.e. |
| 18 | same-thread and cross-thread. This issue affects all current processors that |
| 19 | support TSX. |
| 20 | |
| 21 | Mitigation strategy |
| 22 | ------------------- |
| 23 | |
| 24 | a) TSX disable - one of the mitigations is to disable TSX. A new MSR |
| 25 | IA32_TSX_CTRL will be available in future and current processors after |
| 26 | microcode update which can be used to disable TSX. In addition, it |
| 27 | controls the enumeration of the TSX feature bits (RTM and HLE) in CPUID. |
| 28 | |
| 29 | b) Clear CPU buffers - similar to MDS, clearing the CPU buffers mitigates this |
| 30 | vulnerability. More details on this approach can be found in |
| 31 | :ref:`Documentation/admin-guide/hw-vuln/mds.rst <mds>`. |
| 32 | |
| 33 | Kernel internal mitigation modes |
| 34 | -------------------------------- |
| 35 | |
| 36 | ============= ============================================================ |
| 37 | off Mitigation is disabled. Either the CPU is not affected or |
| 38 | tsx_async_abort=off is supplied on the kernel command line. |
| 39 | |
| 40 | tsx disabled Mitigation is enabled. TSX feature is disabled by default at |
| 41 | bootup on processors that support TSX control. |
| 42 | |
| 43 | verw Mitigation is enabled. CPU is affected and MD_CLEAR is |
| 44 | advertised in CPUID. |
| 45 | |
| 46 | ucode needed Mitigation is enabled. CPU is affected and MD_CLEAR is not |
| 47 | advertised in CPUID. That is mainly for virtualization |
| 48 | scenarios where the host has the updated microcode but the |
| 49 | hypervisor does not expose MD_CLEAR in CPUID. It's a best |
| 50 | effort approach without guarantee. |
| 51 | ============= ============================================================ |
| 52 | |
| 53 | If the CPU is affected and the "tsx_async_abort" kernel command line parameter is |
| 54 | not provided then the kernel selects an appropriate mitigation depending on the |
| 55 | status of RTM and MD_CLEAR CPUID bits. |
| 56 | |
| 57 | Below tables indicate the impact of tsx=on|off|auto cmdline options on state of |
| 58 | TAA mitigation, VERW behavior and TSX feature for various combinations of |
| 59 | MSR_IA32_ARCH_CAPABILITIES bits. |
| 60 | |
| 61 | 1. "tsx=off" |
| 62 | |
| 63 | ========= ========= ============ ============ ============== =================== ====================== |
| 64 | MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=off |
| 65 | ---------------------------------- ------------------------------------------------------------------------- |
| 66 | TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation |
| 67 | after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full |
| 68 | ========= ========= ============ ============ ============== =================== ====================== |
| 69 | 0 0 0 HW default Yes Same as MDS Same as MDS |
| 70 | 0 0 1 Invalid case Invalid case Invalid case Invalid case |
| 71 | 0 1 0 HW default No Need ucode update Need ucode update |
| 72 | 0 1 1 Disabled Yes TSX disabled TSX disabled |
| 73 | 1 X 1 Disabled X None needed None needed |
| 74 | ========= ========= ============ ============ ============== =================== ====================== |
| 75 | |
| 76 | 2. "tsx=on" |
| 77 | |
| 78 | ========= ========= ============ ============ ============== =================== ====================== |
| 79 | MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=on |
| 80 | ---------------------------------- ------------------------------------------------------------------------- |
| 81 | TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation |
| 82 | after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full |
| 83 | ========= ========= ============ ============ ============== =================== ====================== |
| 84 | 0 0 0 HW default Yes Same as MDS Same as MDS |
| 85 | 0 0 1 Invalid case Invalid case Invalid case Invalid case |
| 86 | 0 1 0 HW default No Need ucode update Need ucode update |
| 87 | 0 1 1 Enabled Yes None Same as MDS |
| 88 | 1 X 1 Enabled X None needed None needed |
| 89 | ========= ========= ============ ============ ============== =================== ====================== |
| 90 | |
| 91 | 3. "tsx=auto" |
| 92 | |
| 93 | ========= ========= ============ ============ ============== =================== ====================== |
| 94 | MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=auto |
| 95 | ---------------------------------- ------------------------------------------------------------------------- |
| 96 | TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation |
| 97 | after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full |
| 98 | ========= ========= ============ ============ ============== =================== ====================== |
| 99 | 0 0 0 HW default Yes Same as MDS Same as MDS |
| 100 | 0 0 1 Invalid case Invalid case Invalid case Invalid case |
| 101 | 0 1 0 HW default No Need ucode update Need ucode update |
| 102 | 0 1 1 Disabled Yes TSX disabled TSX disabled |
| 103 | 1 X 1 Enabled X None needed None needed |
| 104 | ========= ========= ============ ============ ============== =================== ====================== |
| 105 | |
| 106 | In the tables, TSX_CTRL_MSR is a new bit in MSR_IA32_ARCH_CAPABILITIES that |
| 107 | indicates whether MSR_IA32_TSX_CTRL is supported. |
| 108 | |
| 109 | There are two control bits in IA32_TSX_CTRL MSR: |
| 110 | |
| 111 | Bit 0: When set it disables the Restricted Transactional Memory (RTM) |
| 112 | sub-feature of TSX (will force all transactions to abort on the |
| 113 | XBEGIN instruction). |
| 114 | |
| 115 | Bit 1: When set it disables the enumeration of the RTM and HLE feature |
| 116 | (i.e. it will make CPUID(EAX=7).EBX{bit4} and |
| 117 | CPUID(EAX=7).EBX{bit11} read as 0). |