lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20200506221459.29104-1-nelson.dsouza@linux.intel.com>
Date:   Wed,  6 May 2020 15:14:59 -0700
From:   Nelson D'Souza <nelson.dsouza@...ux.intel.com>
To:     tglx@...utronix.de, bp@...en8.de
Cc:     mingo@...hat.com, x86@...nel.org, hpa@...or.com,
        linux-kernel@...r.kernel.org, Tony Luck <tony.luck@...el.com>
Subject: [PATCH v1] x86/cpu/tsx: Change the TSX default from "off" to "auto"

There are now several commercially available processors that have h/w
fixes for the TSX Async Abort (TAA) issue as indicated by enumerating
the ARCH_CAPABILITIES "TAA_NO" bit.

Change the default setting to "auto" so that these CPUs will leave
TSX enabled by default.

This can still be overridden by the kernel cmdline parameter
tsx=on|off|auto

Signed-off-by: Nelson D'Souza <nelson.dsouza@...ux.intel.com>
Reviewed-by: Tony Luck <tony.luck@...el.com>
---
 arch/x86/Kconfig | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 1d6104ea8af0..b444205c964a 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1905,7 +1905,7 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS
 choice
 	prompt "TSX enable mode"
 	depends on CPU_SUP_INTEL
-	default X86_INTEL_TSX_MODE_OFF
+	default X86_INTEL_TSX_MODE_AUTO
 	help
 	  Intel's TSX (Transactional Synchronization Extensions) feature
 	  allows to optimize locking protocols through lock elision which
@@ -1915,8 +1915,13 @@ choice
 	  to form side channel attacks (e.g. TAA) and chances are there
 	  will be more of those attacks discovered in the future.
 
-	  Therefore TSX is not enabled by default (aka tsx=off). An admin
-	  might override this decision by tsx=on the command line parameter.
+	  The default setting for TSX Mode is set to auto. This will enable
+	  TSX feature for platforms that are not vulnerable to the TAA issue.
+
+	  TSX feature will continue to be disabled on platforms that are
+	  vulnerable to TAA and support disabling TSX via the updated microcode.
+
+	  An admin might override this decision by a kernel command line parameter.
 	  Even with TSX enabled, the kernel will attempt to enable the best
 	  possible TAA mitigation setting depending on the microcode available
 	  for the particular machine.
-- 
2.24.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ