lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251112190548.750746-1-nik.borisov@suse.com>
Date: Wed, 12 Nov 2025 21:05:48 +0200
From: Nikolay Borisov <nik.borisov@...e.com>
To: x86@...nel.org
Cc: dave.hansen@...ux.intel.com,
	mhocko@...e.de,
	asit.k.mallick@...el.com,
	linux-kernel@...r.kernel.org,
	Nikolay Borisov <nik.borisov@...e.com>
Subject: [RESEND PATCH v2] x86/tsx: Set default TSX mode to auto

At SUSE we've been releasing our kernels with TSX enabled for the past 6
years and some customers have started to rely on it. Furthermore, the last
known vulnerability concerning TSX was TAA (CVE-2019-11135) and a
significant amount time has passed since then without anyone reporting any
issues. Intel has released numerous processors which do not have the
TAA vulnerability (Cooper/Ice Lake, Sapphire/Emerald/Granite Rappids)
yet TSX remains being disabled by default.

The main aim of this patch is to reduce the divergence between SUSE's
configuration and the upstream by switching the default TSX mode to
auto. I believe this strikes the right balance between keeping it
enabled where appropriate (i.e every machine which doesn't contain the
TAA vulnerability) and disabling it preventively.

Signed-off-by: Nikolay Borisov <nik.borisov@...e.com>
---

Changes since v2:

 * Reworded the changelog log to hopefully make it clear that this has been in
 use for quite some time.
 arch/x86/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index fa3b616af03a..83f5132e2212 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1812,7 +1812,7 @@ config ARCH_PKEY_BITS
 choice
 	prompt "TSX enable mode"
 	depends on CPU_SUP_INTEL
-	default X86_INTEL_TSX_MODE_OFF
+	default X86_INTEL_TSX_MODE_AUTO
 	help
 	  Intel's TSX (Transactional Synchronization Extensions) feature
 	  allows to optimize locking protocols through lock elision which
--
2.51.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ