From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 24 Oct 2019 15:42:17 -0000 Received: from us-smtp-2.mimecast.com ([205.139.110.61] helo=us-smtp-delivery-1.mimecast.com) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iNfFg-0001i0-Ge for speck@linutronix.de; Thu, 24 Oct 2019 17:42:16 +0200 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 98F0B628 for ; Thu, 24 Oct 2019 15:30:17 +0000 (UTC) Received: from treble (ovpn-121-225.rdu2.redhat.com [10.10.121.225]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 44AA26061E for ; Thu, 24 Oct 2019 15:30:17 +0000 (UTC) Date: Thu, 24 Oct 2019 10:30:15 -0500 From: Josh Poimboeuf Subject: [MODERATED] Re: [PATCH 3/9] TAA 3 Message-ID: <20191024153015.akowqjkf2wm52scv@treble> References: <580e02757c3e639bff00fcea830aa46eba46a92f.1571905227.git.bp@suse.de> MIME-Version: 1.0 In-Reply-To: <580e02757c3e639bff00fcea830aa46eba46a92f.1571905227.git.bp@suse.de> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Wed, Oct 23, 2019 at 11:01:53AM +0200, speck for Pawan Gupta wrote: > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -4848,6 +4848,17 @@ > interruptions from clocksource watchdog are not > acceptable). > > + tsx= [X86] Control Transactional Synchronization > + Extensions (TSX) feature in Intel processors that > + support TSX control. > + > + This parameter controls the TSX feature. The options are: > + > + on - Enable TSX on the system. > + off - Disable TSX on the system. > + > + Not specifying this option is equivalent to tsx=off. This still needs details about when 'tsx=off' does and doesn't work. The above makes it sound like it's off for all CPUs, when in fact it's only off for newer MDS_NO CPUs. It should also perhaps describe the risks associated with tsx=on. While there are mitigations for all known issues (i.e., the tsx_async_abort= option), TSX has been known to be an accelerator for several previous speculation-related CVEs, and so there may be unknown security risks associated with leaving it enabled. -- Josh