From: Borislav Petkov <bp@suse.de>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH v5 08/11] TAAv5 8
Date: Tue, 15 Oct 2019 19:47:02 +0200 [thread overview]
Message-ID: <20191015174702.GF1815@zn.tnic> (raw)
In-Reply-To: <20191015103454.GW317@dhcp22.suse.cz>
On Tue, Oct 15, 2019 at 12:34:54PM +0200, speck for Michal Hocko wrote:
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index d6e1faa28c58..9823e34b81ce 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1940,6 +1940,28 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS
>
> If unsure, say y.
>
> +config X86_INTEL_ENABLE_SAFE_TSX
> + prompt ""
Needs a prompt sentence, otherwise it looks like this in menuconfig:
│ │ [ ] Intel Memory Protection Keys │ │
│ │ [ ] (NEW) │ │
│ │ [*] EFI runtime service support
> + def_bool n
> + depends on CPU_SUP_INTEL
> + ---help---
> + Intel's TSX (Transactional Synchronization Extensions) feature
> + allows to optimize locking protocols through lock elision which
> + can lead to a noticeable performance boost.
> +
> + On the other hand it has been shown that TSX can be exploited
> + to form side channel attacks (e.g. TAA) and chances are there
> + will be more of those attacks discovered in the future.
> +
> + Therefore the TSX is not enabled by default. An admin might override
s/the //
> + this decision by tsx=on command line parameter. This has a risk that
> + TSX will get enabled also on platforms which are known to be vulnerable
> + to attacks like TAA and a safer option is to use tsx=auto command line
> + parameter. Enabling this config option will make tsx=auto the default.
> + See Documentation/admin-guide/kernel-parameters.txt for more details.
> +
> + If you really benefit from TSX then enable this option, otherwise say n.
^
and you know what you're doing,
> +
> config EFI
> bool "EFI runtime service support"
> depends on ACPI
> diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
> index 96320449abb7..d3dc1ce5cd4b 100644
> --- a/arch/x86/kernel/cpu/tsx.c
> +++ b/arch/x86/kernel/cpu/tsx.c
> @@ -69,6 +69,14 @@ static bool __init tsx_ctrl_is_supported(void)
> return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);
> }
>
> +static enum tsx_ctrl_states x86_safe_tsx_mode(void)
x86_get_tsx_mode()
Thx.
--
Regards/Gruss,
Boris.
SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, HRB 36809, AG Nürnberg
--
next prev parent reply other threads:[~2019-10-15 17:47 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-05 6:17 [MODERATED] [PATCH v5 00/11] TAAv5 0 Pawan Gupta
2019-10-05 6:26 ` [MODERATED] [PATCH v5 01/11] TAAv5 1 Pawan Gupta
2019-10-05 6:27 ` [MODERATED] [PATCH v5 02/11] TAAv5 2 Pawan Gupta
2019-10-05 6:28 ` [MODERATED] [PATCH v5 03/11] TAAv5 3 Pawan Gupta
2019-10-05 6:29 ` [MODERATED] [PATCH v5 04/11] TAAv5 4 Pawan Gupta
2019-10-05 6:30 ` [MODERATED] [PATCH v5 05/11] TAAv5 5 Pawan Gupta
2019-10-05 6:31 ` [MODERATED] [PATCH v5 06/11] TAAv5 6 Pawan Gupta
2019-10-05 6:32 ` [MODERATED] [PATCH v5 07/11] TAAv5 7 Pawan Gupta
2019-10-05 6:33 ` [MODERATED] [PATCH v5 08/11] TAAv5 8 Pawan Gupta
2019-10-05 6:34 ` [MODERATED] [PATCH v5 09/11] TAAv5 9 Pawan Gupta
2019-10-05 6:35 ` [MODERATED] [PATCH v5 10/11] TAAv5 10 Pawan Gupta
2019-10-05 6:36 ` [MODERATED] [PATCH v5 11/11] TAAv5 11 Pawan Gupta
2019-10-05 10:54 ` [MODERATED] Re: [PATCH v5 02/11] TAAv5 2 Borislav Petkov
2019-10-07 17:48 ` Pawan Gupta
[not found] ` <5d98396a.1c69fb81.6c7a8.23b1SMTPIN_ADDED_BROKEN@mx.google.com>
2019-10-05 21:43 ` [MODERATED] Re: [PATCH v5 03/11] TAAv5 3 Andy Lutomirski
2019-10-07 17:50 ` Pawan Gupta
[not found] ` <5d9839a4.1c69fb81.238e9.8312SMTPIN_ADDED_BROKEN@mx.google.com>
2019-10-05 21:45 ` [MODERATED] Re: [PATCH v5 04/11] TAAv5 4 Andy Lutomirski
[not found] ` <5d983ad2.1c69fb81.63edd.6575SMTPIN_ADDED_BROKEN@mx.google.com>
2019-10-05 21:49 ` [MODERATED] Re: [PATCH v5 09/11] TAAv5 9 Andy Lutomirski
2019-10-07 18:35 ` Pawan Gupta
[not found] ` <5d9838f1.1c69fb81.f1bab.d886SMTPIN_ADDED_BROKEN@mx.google.com>
2019-10-05 21:49 ` [MODERATED] Re: [PATCH v5 01/11] TAAv5 1 Andy Lutomirski
2019-10-06 17:40 ` Andrew Cooper
[not found] ` <5d983ad2.1c69fb81.e6640.8f51SMTPIN_ADDED_BROKEN@mx.google.com>
2019-10-06 17:06 ` [MODERATED] Re: [PATCH v5 09/11] TAAv5 9 Greg KH
2019-10-08 6:01 ` Pawan Gupta
2019-10-10 21:31 ` Pawan Gupta
2019-10-11 8:45 ` Greg KH
2019-10-21 8:00 ` Thomas Gleixner
2019-10-08 2:46 ` [MODERATED] Re: [PATCH v5 05/11] TAAv5 5 Josh Poimboeuf
2019-10-09 1:45 ` Pawan Gupta
2019-10-08 2:57 ` [MODERATED] Re: [PATCH v5 09/11] TAAv5 9 Josh Poimboeuf
2019-10-08 6:10 ` Pawan Gupta
2019-10-08 10:49 ` Jiri Kosina
2019-10-09 13:12 ` [MODERATED] Re: ***UNCHECKED*** [PATCH v5 08/11] TAAv5 8 Michal Hocko
2019-10-14 19:41 ` Thomas Gleixner
2019-10-14 19:51 ` [MODERATED] " Jiri Kosina
2019-10-14 21:04 ` [MODERATED] " Borislav Petkov
2019-10-14 21:31 ` Jiri Kosina
2019-10-15 8:01 ` Thomas Gleixner
2019-10-15 10:34 ` [MODERATED] Re: ***UNCHECKED*** " Michal Hocko
2019-10-15 13:06 ` Josh Poimboeuf
2019-10-15 13:10 ` Jiri Kosina
2019-10-15 15:26 ` Josh Poimboeuf
2019-10-15 15:32 ` Jiri Kosina
2019-10-15 19:34 ` Tyler Hicks
2019-10-15 20:00 ` Josh Poimboeuf
2019-10-15 20:15 ` Jiri Kosina
2019-10-15 20:35 ` Jiri Kosina
2019-10-15 20:54 ` Josh Poimboeuf
2019-10-15 20:56 ` [MODERATED] " Pawan Gupta
2019-10-15 21:14 ` Jiri Kosina
2019-10-15 23:12 ` Josh Poimboeuf
2019-10-15 23:13 ` [MODERATED] [AUTOREPLY] [MODERATED] [AUTOREPLY] Automatic reply: " James, Hengameh M
2019-10-16 4:52 ` [MODERATED] " Jiri Kosina
2019-10-16 5:05 ` Jiri Kosina
2019-10-21 21:15 ` Luck, Tony
2019-10-16 7:14 ` Josh Poimboeuf
2019-10-16 7:20 ` Jiri Kosina
2019-10-18 1:17 ` Ben Hutchings
2019-10-18 4:04 ` Pawan Gupta
2019-10-15 17:47 ` Borislav Petkov [this message]
2019-10-16 7:26 ` [MODERATED] Re: ***UNCHECKED*** " Jiri Kosina
2019-10-16 7:54 ` [MODERATED] Re: ***UNCHECKED*** " Michal Hocko
2019-10-16 9:23 ` [MODERATED] Re: ***UNCHECKED*** " Michal Hocko
2019-10-16 12:15 ` Thomas Gleixner
2019-10-16 18:34 ` [MODERATED] " Pawan Gupta
2019-10-18 0:14 ` Pawan Gupta
2019-10-21 8:09 ` Thomas Gleixner
2019-10-21 12:54 ` [MODERATED] Re: ***UNCHECKED*** " Michal Hocko
2019-10-21 20:01 ` [MODERATED] " Pawan Gupta
2019-10-21 20:33 ` Josh Poimboeuf
2019-10-21 20:34 ` Josh Poimboeuf
2019-10-21 20:33 ` Pawan Gupta
2019-10-21 23:01 ` Andrew Cooper
2019-10-21 23:37 ` Luck, Tony
2019-10-21 23:39 ` Andrew Cooper
2019-10-14 21:05 ` [MODERATED] Re: ***UNCHECKED*** " Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191015174702.GF1815@zn.tnic \
--to=bp@suse.de \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).