x86/tsx: Add config options to set tsx=on|off|auto
There is a general consensus that TSX usage is not largely spread while the history shows there is a non trivial space for side channel attacks possible. Therefore the tsx is disabled by default even on platforms that might have a safe implementation of TSX according to the current knowledge. This is a fair trade off to make. There are, however, workloads that really do benefit from using TSX and updating to a newer kernel with TSX disabled might introduce a noticeable regressions. This would be especially a problem for Linux distributions which will provide TAA mitigations. Introduce config options X86_INTEL_TSX_MODE_OFF, X86_INTEL_TSX_MODE_ON and X86_INTEL_TSX_MODE_AUTO to control the TSX feature. The config setting can be overridden by the tsx cmdline options. [ bp: Text cleanups from Josh. ] Suggested-by: Borislav Petkov <bpetkov@suse.de> Signed-off-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
This commit is contained in:
Michal Hocko
Thomas Gleixner
parent
a7a248c593
commit
db616173d7
@ -1940,6 +1940,51 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS
|
|||||||
|
|
||||||
If unsure, say y.
|
If unsure, say y.
|
||||||
|
|
||||||
|
choice
|
||||||
|
prompt "TSX enable mode"
|
||||||
|
depends on CPU_SUP_INTEL
|
||||||
|
default X86_INTEL_TSX_MODE_OFF
|
||||||
|
help
|
||||||
|
Intel's TSX (Transactional Synchronization Extensions) feature
|
||||||
|
allows to optimize locking protocols through lock elision which
|
||||||
|
can lead to a noticeable performance boost.
|
||||||
|
|
||||||
|
On the other hand it has been shown that TSX can be exploited
|
||||||
|
to form side channel attacks (e.g. TAA) and chances are there
|
||||||
|
will be more of those attacks discovered in the future.
|
||||||
|
|
||||||
|
Therefore TSX is not enabled by default (aka tsx=off). An admin
|
||||||
|
might override this decision by tsx=on the command line parameter.
|
||||||
|
Even with TSX enabled, the kernel will attempt to enable the best
|
||||||
|
possible TAA mitigation setting depending on the microcode available
|
||||||
|
for the particular machine.
|
||||||
|
|
||||||
|
This option allows to set the default tsx mode between tsx=on, =off
|
||||||
|
and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
|
||||||
|
details.
|
||||||
|
|
||||||
|
Say off if not sure, auto if TSX is in use but it should be used on safe
|
||||||
|
platforms or on if TSX is in use and the security aspect of tsx is not
|
||||||
|
relevant.
|
||||||
|
|
||||||
|
config X86_INTEL_TSX_MODE_OFF
|
||||||
|
bool "off"
|
||||||
|
help
|
||||||
|
TSX is disabled if possible - equals to tsx=off command line parameter.
|
||||||
|
|
||||||
|
config X86_INTEL_TSX_MODE_ON
|
||||||
|
bool "on"
|
||||||
|
help
|
||||||
|
TSX is always enabled on TSX capable HW - equals the tsx=on command
|
||||||
|
line parameter.
|
||||||
|
|
||||||
|
config X86_INTEL_TSX_MODE_AUTO
|
||||||
|
bool "auto"
|
||||||
|
help
|
||||||
|
TSX is enabled on TSX capable HW that is believed to be safe against
|
||||||
|
side channel attacks- equals the tsx=auto command line parameter.
|
||||||
|
endchoice
|
||||||
|
|
||||||
config EFI
|
config EFI
|
||||||
bool "EFI runtime service support"
|
bool "EFI runtime service support"
|
||||||
depends on ACPI
|
depends on ACPI
|
||||||
|
|||||||
@ -73,6 +73,14 @@ static bool __init tsx_ctrl_is_supported(void)
|
|||||||
return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);
|
return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static enum tsx_ctrl_states x86_get_tsx_auto_mode(void)
|
||||||
|
{
|
||||||
|
if (boot_cpu_has_bug(X86_BUG_TAA))
|
||||||
|
return TSX_CTRL_DISABLE;
|
||||||
|
|
||||||
|
return TSX_CTRL_ENABLE;
|
||||||
|
}
|
||||||
|
|
||||||
void __init tsx_init(void)
|
void __init tsx_init(void)
|
||||||
{
|
{
|
||||||
char arg[5] = {};
|
char arg[5] = {};
|
||||||
@ -88,17 +96,19 @@ void __init tsx_init(void)
|
|||||||
} else if (!strcmp(arg, "off")) {
|
} else if (!strcmp(arg, "off")) {
|
||||||
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||||
} else if (!strcmp(arg, "auto")) {
|
} else if (!strcmp(arg, "auto")) {
|
||||||
if (boot_cpu_has_bug(X86_BUG_TAA))
|
tsx_ctrl_state = x86_get_tsx_auto_mode();
|
||||||
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
|
||||||
else
|
|
||||||
tsx_ctrl_state = TSX_CTRL_ENABLE;
|
|
||||||
} else {
|
} else {
|
||||||
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||||
pr_err("tsx: invalid option, defaulting to off\n");
|
pr_err("tsx: invalid option, defaulting to off\n");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* tsx= not provided, defaulting to off */
|
/* tsx= not provided */
|
||||||
|
if (IS_ENABLED(CONFIG_X86_INTEL_TSX_MODE_AUTO))
|
||||||
|
tsx_ctrl_state = x86_get_tsx_auto_mode();
|
||||||
|
else if (IS_ENABLED(CONFIG_X86_INTEL_TSX_MODE_OFF))
|
||||||
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||||
|
else
|
||||||
|
tsx_ctrl_state = TSX_CTRL_ENABLE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tsx_ctrl_state == TSX_CTRL_DISABLE) {
|
if (tsx_ctrl_state == TSX_CTRL_DISABLE) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user