lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 10 Mar 2022 13:59:47 -0800
From:   Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To:     Borislav Petkov <bp@...en8.de>,
        Thomas Gleixner <tglx@...utronix.de>
Cc:     Ingo Molnar <mingo@...hat.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        "H. Peter Anvin" <hpa@...or.com>, Andi Kleen <ak@...ux.intel.com>,
        Tony Luck <tony.luck@...el.com>, linux-kernel@...r.kernel.org,
        antonio.gomez.iglesias@...ux.intel.com, neelima.krishnan@...el.com,
        stable@...r.kernel.org, Andrew Cooper <Andrew.Cooper3@...rix.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>
Subject: [PATCH v2 0/2] TSX update

v2:
- Added patch to disable TSX development mode (Andrew, Boris)
- Rebased to v5.17-rc7

v1: https://lore.kernel.org/lkml/5bd785a1d6ea0b572250add0c6617b4504bc24d1.1644440311.git.pawan.kumar.gupta@linux.intel.com/

Hi,

After a recent microcode update some Intel processors will always abort
Transactional Synchronization Extensions (TSX) transactions [*]. On
these processors a new CPUID bit,
CPUID.07H.0H.EDX[11](RTM_ALWAYS_ABORT), will be enumerated to indicate
that the loaded microcode is forcing Restricted Transactional Memory
(RTM) abort. If the processor enumerated support for RTM previously, the
CPUID enumeration bits for TSX (CPUID.RTM and CPUID.HLE) continue to be
set by default after the microcode update.

First patch in this series clears CPUID.RTM and CPUID.HLE so that
userspace doesn't enumerate TSX feature. 

Microcode also added support to re-enable TSX for development purpose,
doing so is not recommended for production deployments, because MD_CLEAR
flows for the mitigation of TSX Asynchronous Abort (TAA) may not be
effective on these processors when TSX is enabled with updated
microcode.

Second patch unconditionally disables this TSX development mode, in case
it was enabled by the software running before kernel boot.

Thanks,
Pawan

[*] Intel Transactional Synchronization Extension (Intel TSX) Disable Update for Selected Processors
    https://cdrdv2.intel.com/v1/dl/getContent/643557

Pawan Gupta (2):
  x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits
  x86/tsx: Disable TSX development mode at boot

 arch/x86/include/asm/msr-index.h       |  4 +-
 arch/x86/kernel/cpu/cpu.h              |  1 +
 arch/x86/kernel/cpu/intel.c            |  5 ++
 arch/x86/kernel/cpu/tsx.c              | 88 ++++++++++++++++++++++++--
 tools/arch/x86/include/asm/msr-index.h |  4 +-
 5 files changed, 91 insertions(+), 11 deletions(-)


base-commit: ffb217a13a2eaf6d5bd974fc83036a53ca69f1e2
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ