From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: Borislav Petkov <bp@alien8.de>, Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Andi Kleen <ak@linux.intel.com>, Tony Luck <tony.luck@intel.com>,
linux-kernel@vger.kernel.org,
antonio.gomez.iglesias@linux.intel.com,
neelima.krishnan@intel.com, stable@vger.kernel.org,
Andrew Cooper <Andrew.Cooper3@citrix.com>,
Josh Poimboeuf <jpoimboe@redhat.com>
Subject: [PATCH v2 2/2] x86/tsx: Disable TSX development mode at boot
Date: Thu, 10 Mar 2022 14:02:09 -0800 [thread overview]
Message-ID: <347bd844da3a333a9793c6687d4e4eb3b2419a3e.1646943780.git.pawan.kumar.gupta@linux.intel.com> (raw)
In-Reply-To: <cover.1646943780.git.pawan.kumar.gupta@linux.intel.com>
A microcode update on some Intel processors causes all TSX transactions
to always abort by default [*]. Microcode also added functionality to
re-enable TSX for development purpose. With this microcode loaded, if
tsx=on was passed on the cmdline, and TSX development mode was already
enabled before the kernel boot, it may make the system vulnerable to TSX
Asynchronous Abort (TAA).
To be on safer side, unconditionally disable TSX development mode at
boot. If needed, a user can enable it using msr-tools.
[*] Intel Transactional Synchronization Extension (Intel TSX) Disable Update for Selected Processors
https://cdrdv2.intel.com/v1/dl/getContent/643557
Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Suggested-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Cc: <stable@vger.kernel.org>
---
arch/x86/include/asm/msr-index.h | 4 +--
arch/x86/kernel/cpu/cpu.h | 1 +
arch/x86/kernel/cpu/intel.c | 4 +++
arch/x86/kernel/cpu/tsx.c | 34 ++++++++++++++++++++++++++
tools/arch/x86/include/asm/msr-index.h | 4 +--
5 files changed, 43 insertions(+), 4 deletions(-)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index a4a39c3e0f19..0c2610cde6ea 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -128,9 +128,9 @@
#define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM feature */
#define TSX_CTRL_CPUID_CLEAR BIT(1) /* Disable TSX enumeration */
-/* SRBDS support */
#define MSR_IA32_MCU_OPT_CTRL 0x00000123
-#define RNGDS_MITG_DIS BIT(0)
+#define RNGDS_MITG_DIS BIT(0) /* SRBDS support */
+#define RTM_ALLOW BIT(1) /* TSX development mode */
#define MSR_IA32_SYSENTER_CS 0x00000174
#define MSR_IA32_SYSENTER_ESP 0x00000175
diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
index ee6f23f7587d..628d18062372 100644
--- a/arch/x86/kernel/cpu/cpu.h
+++ b/arch/x86/kernel/cpu/cpu.h
@@ -58,6 +58,7 @@ extern void __init tsx_init(void);
extern void tsx_enable(void);
extern void tsx_disable(void);
extern void tsx_clear_cpuid(void);
+extern bool tsx_dev_mode_disable(void);
#else
static inline void tsx_init(void) { }
#endif /* CONFIG_CPU_SUP_INTEL */
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 8abf995677a4..46cb5a18bd97 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -717,6 +717,10 @@ static void init_intel(struct cpuinfo_x86 *c)
init_intel_misc_features(c);
+ /* Boot CPU is handled in tsx_init() */
+ if (c->cpu_index != boot_cpu_data.cpu_index)
+ tsx_dev_mode_disable();
+
if (tsx_ctrl_state == TSX_CTRL_ENABLE)
tsx_enable();
else if (tsx_ctrl_state == TSX_CTRL_DISABLE)
diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
index 2835fa89fc6f..513e479bca2e 100644
--- a/arch/x86/kernel/cpu/tsx.c
+++ b/arch/x86/kernel/cpu/tsx.c
@@ -142,11 +142,45 @@ void tsx_clear_cpuid(void)
}
}
+/*
+ * Disable TSX development mode
+ *
+ * When the microcode released in Feb 2022 is applied, TSX will be disabled by
+ * default on some processors. MSR 0x122 (TSX_CTRL) and MSR 0x123
+ * (IA32_MCU_OPT_CTRL) can be used to re-enable TSX for development, doing so is
+ * not recommended for production deployments. In particular, applying MD_CLEAR
+ * flows for mitigation of the Intel TSX Asynchronous Abort (TAA) transient
+ * execution attack may not be effective on these processors when Intel TSX is
+ * enabled with updated microcode.
+ */
+bool tsx_dev_mode_disable(void)
+{
+ u64 mcu_opt_ctrl;
+
+ /* Check if RTM_ALLOW exists */
+ if (!boot_cpu_has_bug(X86_BUG_TAA) || !tsx_ctrl_is_supported() ||
+ !boot_cpu_has(X86_FEATURE_SRBDS_CTRL))
+ return false;
+
+ rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_opt_ctrl);
+
+ if (mcu_opt_ctrl & RTM_ALLOW) {
+ mcu_opt_ctrl &= ~RTM_ALLOW;
+ wrmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_opt_ctrl);
+ return true;
+ }
+
+ return false;
+}
+
void __init tsx_init(void)
{
char arg[5] = {};
int ret;
+ if (tsx_dev_mode_disable())
+ setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT);
+
/*
* Hardware will always abort a TSX transaction when CPUID
* RTM_ALWAYS_ABORT is set. In this case, it is better not to enumerate
diff --git a/tools/arch/x86/include/asm/msr-index.h b/tools/arch/x86/include/asm/msr-index.h
index a4a39c3e0f19..0c2610cde6ea 100644
--- a/tools/arch/x86/include/asm/msr-index.h
+++ b/tools/arch/x86/include/asm/msr-index.h
@@ -128,9 +128,9 @@
#define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM feature */
#define TSX_CTRL_CPUID_CLEAR BIT(1) /* Disable TSX enumeration */
-/* SRBDS support */
#define MSR_IA32_MCU_OPT_CTRL 0x00000123
-#define RNGDS_MITG_DIS BIT(0)
+#define RNGDS_MITG_DIS BIT(0) /* SRBDS support */
+#define RTM_ALLOW BIT(1) /* TSX development mode */
#define MSR_IA32_SYSENTER_CS 0x00000174
#define MSR_IA32_SYSENTER_ESP 0x00000175
--
2.25.1
next prev parent reply other threads:[~2022-03-10 22:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-10 21:59 [PATCH v2 0/2] TSX update Pawan Gupta
2022-03-10 22:00 ` [PATCH v2 1/2] x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits Pawan Gupta
2022-03-10 22:02 ` Pawan Gupta [this message]
2022-03-29 16:24 ` [PATCH v2 2/2] x86/tsx: Disable TSX development mode at boot Borislav Petkov
2022-03-29 22:47 ` Pawan Gupta
2022-03-30 5:27 ` Pawan Gupta
2022-04-06 19:13 ` Krishnan, Neelima
2022-03-22 23:32 ` [PATCH v2 0/2] TSX update Pawan Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=347bd844da3a333a9793c6687d4e4eb3b2419a3e.1646943780.git.pawan.kumar.gupta@linux.intel.com \
--to=pawan.kumar.gupta@linux.intel.com \
--cc=Andrew.Cooper3@citrix.com \
--cc=ak@linux.intel.com \
--cc=antonio.gomez.iglesias@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=neelima.krishnan@intel.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.