Commit db616173 authored by Michal Hocko's avatar Michal Hocko Committed by Thomas Gleixner
Browse files

x86/tsx: Add config options to set tsx=on|off|auto 



There is a general consensus that TSX usage is not largely spread while
the history shows there is a non trivial space for side channel attacks
possible. Therefore the tsx is disabled by default even on platforms
that might have a safe implementation of TSX according to the current
knowledge. This is a fair trade off to make.

There are, however, workloads that really do benefit from using TSX and
updating to a newer kernel with TSX disabled might introduce a
noticeable regressions. This would be especially a problem for Linux
distributions which will provide TAA mitigations.

Introduce config options X86_INTEL_TSX_MODE_OFF, X86_INTEL_TSX_MODE_ON
and X86_INTEL_TSX_MODE_AUTO to control the TSX feature. The config
setting can be overridden by the tsx cmdline options.

 [ bp: Text cleanups from Josh. ]

Suggested-by: default avatarBorislav Petkov <bpetkov@suse.de>
Signed-off-by: default avatarMichal Hocko <mhocko@suse.com>
Signed-off-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
parent a7a248c5

arch/x86/Kconfig

+45 −0
Original line number Diff line number Diff line
@@ -1940,6 +1940,51 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS 


	  If unsure, say y.



choice

	prompt "TSX enable mode"

	depends on CPU_SUP_INTEL

	default X86_INTEL_TSX_MODE_OFF

	help

	  Intel's TSX (Transactional Synchronization Extensions) feature

	  allows to optimize locking protocols through lock elision which

	  can lead to a noticeable performance boost.



	  On the other hand it has been shown that TSX can be exploited

	  to form side channel attacks (e.g. TAA) and chances are there

	  will be more of those attacks discovered in the future.



	  Therefore TSX is not enabled by default (aka tsx=off). An admin

	  might override this decision by tsx=on the command line parameter.

	  Even with TSX enabled, the kernel will attempt to enable the best

	  possible TAA mitigation setting depending on the microcode available

	  for the particular machine.



	  This option allows to set the default tsx mode between tsx=on, =off

	  and =auto. See Documentation/admin-guide/kernel-parameters.txt for more

	  details.



	  Say off if not sure, auto if TSX is in use but it should be used on safe

	  platforms or on if TSX is in use and the security aspect of tsx is not

	  relevant.



config X86_INTEL_TSX_MODE_OFF

	bool "off"

	help

	  TSX is disabled if possible - equals to tsx=off command line parameter.



config X86_INTEL_TSX_MODE_ON

	bool "on"

	help

	  TSX is always enabled on TSX capable HW - equals the tsx=on command

	  line parameter.



config X86_INTEL_TSX_MODE_AUTO

	bool "auto"

	help

	  TSX is enabled on TSX capable HW that is believed to be safe against

	  side channel attacks- equals the tsx=auto command line parameter.

endchoice



config EFI

	bool "EFI runtime service support"

	depends on ACPI

arch/x86/kernel/cpu/tsx.c

+16 −6
Original line number Diff line number Diff line
@@ -73,6 +73,14 @@ static bool __init tsx_ctrl_is_supported(void) 
	return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);

}



static enum tsx_ctrl_states x86_get_tsx_auto_mode(void)

{

	if (boot_cpu_has_bug(X86_BUG_TAA))

		return TSX_CTRL_DISABLE;



	return TSX_CTRL_ENABLE;

}



void __init tsx_init(void)

{

	char arg[5] = {};
@@ -88,17 +96,19 @@ void __init tsx_init(void) 
		} else if (!strcmp(arg, "off")) {

			tsx_ctrl_state = TSX_CTRL_DISABLE;

		} else if (!strcmp(arg, "auto")) {

			if (boot_cpu_has_bug(X86_BUG_TAA))

				tsx_ctrl_state = TSX_CTRL_DISABLE;

			else

				tsx_ctrl_state = TSX_CTRL_ENABLE;

			tsx_ctrl_state = x86_get_tsx_auto_mode();

		} else {

			tsx_ctrl_state = TSX_CTRL_DISABLE;

			pr_err("tsx: invalid option, defaulting to off\n");

		}

	} else {

		/* tsx= not provided, defaulting to off */

		/* tsx= not provided */

		if (IS_ENABLED(CONFIG_X86_INTEL_TSX_MODE_AUTO))

			tsx_ctrl_state = x86_get_tsx_auto_mode();

		else if (IS_ENABLED(CONFIG_X86_INTEL_TSX_MODE_OFF))

			tsx_ctrl_state = TSX_CTRL_DISABLE;

		else

			tsx_ctrl_state = TSX_CTRL_ENABLE;

	}



	if (tsx_ctrl_state == TSX_CTRL_DISABLE) {

CRA Git | Maintained and supported by SUSTech CRA and CCSE