summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPawan Gupta <pawan.kumar.gupta@linux.intel.com>2019-10-23 06:32:55 -0400
committerThomas Gleixner <tglx@linutronix.de>2019-10-28 03:37:00 -0400
commita7a248c593e4fd7a67c50b5f5318fe42a0db335e (patch)
tree7189814c8fa8f037a73a72e5b8dfd11b9f4ad5f2
parent7531a3596e3272d1f6841e0d601a614555dc6b65 (diff)
x86/speculation/taa: Add documentation for TSX Async Abort
Add the documenation for TSX Async Abort. Include the description of the issue, how to check the mitigation state, control the mitigation, guidance for system administrators. [ bp: Add proper SPDX tags, touch ups by Josh and me. ] Co-developed-by: Antonio Gomez Iglesias <antonio.gomez.iglesias@intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Antonio Gomez Iglesias <antonio.gomez.iglesias@intel.com> Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Mark Gross <mgross@linux.intel.com> Reviewed-by: Tony Luck <tony.luck@intel.com> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
-rw-r--r--Documentation/ABI/testing/sysfs-devices-system-cpu1
-rw-r--r--Documentation/admin-guide/hw-vuln/index.rst1
-rw-r--r--Documentation/admin-guide/hw-vuln/tsx_async_abort.rst276
-rw-r--r--Documentation/admin-guide/kernel-parameters.txt38
-rw-r--r--Documentation/x86/index.rst1
-rw-r--r--Documentation/x86/tsx_async_abort.rst117
6 files changed, 434 insertions, 0 deletions
diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
index 06d0931119cc..0e77569bd5e0 100644
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
@@ -486,6 +486,7 @@ What: /sys/devices/system/cpu/vulnerabilities
486 /sys/devices/system/cpu/vulnerabilities/spec_store_bypass 486 /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
487 /sys/devices/system/cpu/vulnerabilities/l1tf 487 /sys/devices/system/cpu/vulnerabilities/l1tf
488 /sys/devices/system/cpu/vulnerabilities/mds 488 /sys/devices/system/cpu/vulnerabilities/mds
489 /sys/devices/system/cpu/vulnerabilities/tsx_async_abort
489Date: January 2018 490Date: January 2018
490Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org> 491Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
491Description: Information about CPU vulnerabilities 492Description: Information about CPU vulnerabilities
diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst
index 49311f3da6f2..0802b1c67452 100644
--- a/Documentation/admin-guide/hw-vuln/index.rst
+++ b/Documentation/admin-guide/hw-vuln/index.rst
@@ -12,3 +12,4 @@ are configurable at compile, boot or run time.
12 spectre 12 spectre
13 l1tf 13 l1tf
14 mds 14 mds
15 tsx_async_abort
diff --git a/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
new file mode 100644
index 000000000000..fddbd7579c53
--- /dev/null
+++ b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
@@ -0,0 +1,276 @@
1.. SPDX-License-Identifier: GPL-2.0
2
3TAA - TSX Asynchronous Abort
4======================================
5
6TAA is a hardware vulnerability that allows unprivileged speculative access to
7data which is available in various CPU internal buffers by using asynchronous
8aborts within an Intel TSX transactional region.
9
10Affected processors
11-------------------
12
13This vulnerability only affects Intel processors that support Intel
14Transactional Synchronization Extensions (TSX) when the TAA_NO bit (bit 8)
15is 0 in the IA32_ARCH_CAPABILITIES MSR. On processors where the MDS_NO bit
16(bit 5) is 0 in the IA32_ARCH_CAPABILITIES MSR, the existing MDS mitigations
17also mitigate against TAA.
18
19Whether a processor is affected or not can be read out from the TAA
20vulnerability file in sysfs. See :ref:`tsx_async_abort_sys_info`.
21
22Related CVEs
23------------
24
25The following CVE entry is related to this TAA issue:
26
27 ============== ===== ===================================================
28 CVE-2019-11135 TAA TSX Asynchronous Abort (TAA) condition on some
29 microprocessors utilizing speculative execution may
30 allow an authenticated user to potentially enable
31 information disclosure via a side channel with
32 local access.
33 ============== ===== ===================================================
34
35Problem
36-------
37
38When performing store, load or L1 refill operations, processors write
39data into temporary microarchitectural structures (buffers). The data in
40those buffers can be forwarded to load operations as an optimization.
41
42Intel TSX is an extension to the x86 instruction set architecture that adds
43hardware transactional memory support to improve performance of multi-threaded
44software. TSX lets the processor expose and exploit concurrency hidden in an
45application due to dynamically avoiding unnecessary synchronization.
46
47TSX supports atomic memory transactions that are either committed (success) or
48aborted. During an abort, operations that happened within the transactional region
49are rolled back. An asynchronous abort takes place, among other options, when a
50different thread accesses a cache line that is also used within the transactional
51region when that access might lead to a data race.
52
53Immediately after an uncompleted asynchronous abort, certain speculatively
54executed loads may read data from those internal buffers and pass it to dependent
55operations. This can be then used to infer the value via a cache side channel
56attack.
57
58Because the buffers are potentially shared between Hyper-Threads cross
59Hyper-Thread attacks are possible.
60
61The victim of a malicious actor does not need to make use of TSX. Only the
62attacker needs to begin a TSX transaction and raise an asynchronous abort
63which in turn potenitally leaks data stored in the buffers.
64
65More detailed technical information is available in the TAA specific x86
66architecture section: :ref:`Documentation/x86/tsx_async_abort.rst <tsx_async_abort>`.
67
68
69Attack scenarios
70----------------
71
72Attacks against the TAA vulnerability can be implemented from unprivileged
73applications running on hosts or guests.
74
75As for MDS, the attacker has no control over the memory addresses that can
76be leaked. Only the victim is responsible for bringing data to the CPU. As
77a result, the malicious actor has to sample as much data as possible and
78then postprocess it to try to infer any useful information from it.
79
80A potential attacker only has read access to the data. Also, there is no direct
81privilege escalation by using this technique.
82
83
84.. _tsx_async_abort_sys_info:
85
86TAA system information
87-----------------------
88
89The Linux kernel provides a sysfs interface to enumerate the current TAA status
90of mitigated systems. The relevant sysfs file is:
91
92/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
93
94The possible values in this file are:
95
96.. list-table::
97
98 * - 'Vulnerable'
99 - The CPU is affected by this vulnerability and the microcode and kernel mitigation are not applied.
100 * - 'Vulnerable: Clear CPU buffers attempted, no microcode'
101 - The system tries to clear the buffers but the microcode might not support the operation.
102 * - 'Mitigation: Clear CPU buffers'
103 - The microcode has been updated to clear the buffers. TSX is still enabled.
104 * - 'Mitigation: TSX disabled'
105 - TSX is disabled.
106 * - 'Not affected'
107 - The CPU is not affected by this issue.
108
109.. _ucode_needed:
110
111Best effort mitigation mode
112^^^^^^^^^^^^^^^^^^^^^^^^^^^
113
114If the processor is vulnerable, but the availability of the microcode-based
115mitigation mechanism is not advertised via CPUID the kernel selects a best
116effort mitigation mode. This mode invokes the mitigation instructions
117without a guarantee that they clear the CPU buffers.
118
119This is done to address virtualization scenarios where the host has the
120microcode update applied, but the hypervisor is not yet updated to expose the
121CPUID to the guest. If the host has updated microcode the protection takes
122effect; otherwise a few CPU cycles are wasted pointlessly.
123
124The state in the tsx_async_abort sysfs file reflects this situation
125accordingly.
126
127
128Mitigation mechanism
129--------------------
130
131The kernel detects the affected CPUs and the presence of the microcode which is
132required. If a CPU is affected and the microcode is available, then the kernel
133enables the mitigation by default.
134
135
136The mitigation can be controlled at boot time via a kernel command line option.
137See :ref:`taa_mitigation_control_command_line`.
138
139.. _virt_mechanism:
140
141Virtualization mitigation
142^^^^^^^^^^^^^^^^^^^^^^^^^
143
144Affected systems where the host has TAA microcode and TAA is mitigated by
145having disabled TSX previously, are not vulnerable regardless of the status
146of the VMs.
147
148In all other cases, if the host either does not have the TAA microcode or
149the kernel is not mitigated, the system might be vulnerable.
150
151
152.. _taa_mitigation_control_command_line:
153
154Mitigation control on the kernel command line
155---------------------------------------------
156
157The kernel command line allows to control the TAA mitigations at boot time with
158the option "tsx_async_abort=". The valid arguments for this option are:
159
160 ============ =============================================================
161 off This option disables the TAA mitigation on affected platforms.
162 If the system has TSX enabled (see next parameter) and the CPU
163 is affected, the system is vulnerable.
164
165 full TAA mitigation is enabled. If TSX is enabled, on an affected
166 system it will clear CPU buffers on ring transitions. On
167 systems which are MDS-affected and deploy MDS mitigation,
168 TAA is also mitigated. Specifying this option on those
169 systems will have no effect.
170
171 full,nosmt The same as tsx_async_abort=full, with SMT disabled on
172 vulnerable CPUs that have TSX enabled. This is the complete
173 mitigation. When TSX is disabled, SMT is not disabled because
174 CPU is not vulnerable to cross-thread TAA attacks.
175 ============ =============================================================
176
177Not specifying this option is equivalent to "tsx_async_abort=full".
178
179The kernel command line also allows to control the TSX feature using the
180parameter "tsx=" on CPUs which support TSX control. MSR_IA32_TSX_CTRL is used
181to control the TSX feature and the enumeration of the TSX feature bits (RTM
182and HLE) in CPUID.
183
184The valid options are:
185
186 ============ =============================================================
187 off Disables TSX on the system.
188
189 Note that this option takes effect only on newer CPUs which are
190 not vulnerable to MDS, i.e., have MSR_IA32_ARCH_CAPABILITIES.MDS_NO=1
191 and which get the new IA32_TSX_CTRL MSR through a microcode
192 update. This new MSR allows for the reliable deactivation of
193 the TSX functionality.
194
195 on Enables TSX.
196
197 Although there are mitigations for all known security
198 vulnerabilities, TSX has been known to be an accelerator for
199 several previous speculation-related CVEs, and so there may be
200 unknown security risks associated with leaving it enabled.
201
202 auto Disables TSX if X86_BUG_TAA is present, otherwise enables TSX
203 on the system.
204 ============ =============================================================
205
206Not specifying this option is equivalent to "tsx=off".
207
208The following combinations of the "tsx_async_abort" and "tsx" are possible. For
209affected platforms tsx=auto is equivalent to tsx=off and the result will be:
210
211 ========= ========================== =========================================
212 tsx=on tsx_async_abort=full The system will use VERW to clear CPU
213 buffers. Cross-thread attacks are still
214 possible on SMT machines.
215 tsx=on tsx_async_abort=full,nosmt As above, cross-thread attacks on SMT
216 mitigated.
217 tsx=on tsx_async_abort=off The system is vulnerable.
218 tsx=off tsx_async_abort=full TSX might be disabled if microcode
219 provides a TSX control MSR. If so,
220 system is not vulnerable.
221 tsx=off tsx_async_abort=full,nosmt Ditto
222 tsx=off tsx_async_abort=off ditto
223 ========= ========================== =========================================
224
225
226For unaffected platforms "tsx=on" and "tsx_async_abort=full" does not clear CPU
227buffers. For platforms without TSX control (MSR_IA32_ARCH_CAPABILITIES.MDS_NO=0)
228"tsx" command line argument has no effect.
229
230For the affected platforms below table indicates the mitigation status for the
231combinations of CPUID bit MD_CLEAR and IA32_ARCH_CAPABILITIES MSR bits MDS_NO
232and TSX_CTRL_MSR.
233
234 ======= ========= ============= ========================================
235 MDS_NO MD_CLEAR TSX_CTRL_MSR Status
236 ======= ========= ============= ========================================
237 0 0 0 Vulnerable (needs microcode)
238 0 1 0 MDS and TAA mitigated via VERW
239 1 1 0 MDS fixed, TAA vulnerable if TSX enabled
240 because MD_CLEAR has no meaning and
241 VERW is not guaranteed to clear buffers
242 1 X 1 MDS fixed, TAA can be mitigated by
243 VERW or TSX_CTRL_MSR
244 ======= ========= ============= ========================================
245
246Mitigation selection guide
247--------------------------
248
2491. Trusted userspace and guests
250^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
251
252If all user space applications are from a trusted source and do not execute
253untrusted code which is supplied externally, then the mitigation can be
254disabled. The same applies to virtualized environments with trusted guests.
255
256
2572. Untrusted userspace and guests
258^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
259
260If there are untrusted applications or guests on the system, enabling TSX
261might allow a malicious actor to leak data from the host or from other
262processes running on the same physical core.
263
264If the microcode is available and the TSX is disabled on the host, attacks
265are prevented in a virtualized environment as well, even if the VMs do not
266explicitly enable the mitigation.
267
268
269.. _taa_default_mitigations:
270
271Default mitigations
272-------------------
273
274The kernel's default action for vulnerable processors is:
275
276 - Deploy TSX disable mitigation (tsx_async_abort=full tsx=off).
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 6e548cddb6c3..fa8f03ddff24 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2636,6 +2636,7 @@
2636 ssbd=force-off [ARM64] 2636 ssbd=force-off [ARM64]
2637 l1tf=off [X86] 2637 l1tf=off [X86]
2638 mds=off [X86] 2638 mds=off [X86]
2639 tsx_async_abort=off [X86]
2639 2640
2640 auto (default) 2641 auto (default)
2641 Mitigate all CPU vulnerabilities, but leave SMT 2642 Mitigate all CPU vulnerabilities, but leave SMT
@@ -2651,6 +2652,7 @@
2651 be fully mitigated, even if it means losing SMT. 2652 be fully mitigated, even if it means losing SMT.
2652 Equivalent to: l1tf=flush,nosmt [X86] 2653 Equivalent to: l1tf=flush,nosmt [X86]
2653 mds=full,nosmt [X86] 2654 mds=full,nosmt [X86]
2655 tsx_async_abort=full,nosmt [X86]
2654 2656
2655 mminit_loglevel= 2657 mminit_loglevel=
2656 [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this 2658 [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
@@ -4877,6 +4879,42 @@
4877 See Documentation/admin-guide/hw-vuln/tsx_async_abort.rst 4879 See Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
4878 for more details. 4880 for more details.
4879 4881
4882 tsx_async_abort= [X86,INTEL] Control mitigation for the TSX Async
4883 Abort (TAA) vulnerability.
4884
4885 Similar to Micro-architectural Data Sampling (MDS)
4886 certain CPUs that support Transactional
4887 Synchronization Extensions (TSX) are vulnerable to an
4888 exploit against CPU internal buffers which can forward
4889 information to a disclosure gadget under certain
4890 conditions.
4891
4892 In vulnerable processors, the speculatively forwarded
4893 data can be used in a cache side channel attack, to
4894 access data to which the attacker does not have direct
4895 access.
4896
4897 This parameter controls the TAA mitigation. The
4898 options are:
4899
4900 full - Enable TAA mitigation on vulnerable CPUs
4901 if TSX is enabled.
4902
4903 full,nosmt - Enable TAA mitigation and disable SMT on
4904 vulnerable CPUs. If TSX is disabled, SMT
4905 is not disabled because CPU is not
4906 vulnerable to cross-thread TAA attacks.
4907 off - Unconditionally disable TAA mitigation
4908
4909 Not specifying this option is equivalent to
4910 tsx_async_abort=full. On CPUs which are MDS affected
4911 and deploy MDS mitigation, TAA mitigation is not
4912 required and doesn't provide any additional
4913 mitigation.
4914
4915 For details see:
4916 Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
4917
4880 turbografx.map[2|3]= [HW,JOY] 4918 turbografx.map[2|3]= [HW,JOY]
4881 TurboGraFX parallel port interface 4919 TurboGraFX parallel port interface
4882 Format: 4920 Format:
diff --git a/Documentation/x86/index.rst b/Documentation/x86/index.rst
index af64c4bb4447..a8de2fbc1caa 100644
--- a/Documentation/x86/index.rst
+++ b/Documentation/x86/index.rst
@@ -27,6 +27,7 @@ x86-specific Documentation
27 mds 27 mds
28 microcode 28 microcode
29 resctrl_ui 29 resctrl_ui
30 tsx_async_abort
30 usb-legacy-support 31 usb-legacy-support
31 i386/index 32 i386/index
32 x86_64/index 33 x86_64/index
diff --git a/Documentation/x86/tsx_async_abort.rst b/Documentation/x86/tsx_async_abort.rst
new file mode 100644
index 000000000000..583ddc185ba2
--- /dev/null
+++ b/Documentation/x86/tsx_async_abort.rst
@@ -0,0 +1,117 @@
1.. SPDX-License-Identifier: GPL-2.0
2
3TSX Async Abort (TAA) mitigation
4================================
5
6.. _tsx_async_abort:
7
8Overview
9--------
10
11TSX Async Abort (TAA) is a side channel attack on internal buffers in some
12Intel processors similar to Microachitectural Data Sampling (MDS). In this
13case certain loads may speculatively pass invalid data to dependent operations
14when an asynchronous abort condition is pending in a Transactional
15Synchronization Extensions (TSX) transaction. This includes loads with no
16fault or assist condition. Such loads may speculatively expose stale data from
17the same uarch data structures as in MDS, with same scope of exposure i.e.
18same-thread and cross-thread. This issue affects all current processors that
19support TSX.
20
21Mitigation strategy
22-------------------
23
24a) TSX disable - one of the mitigations is to disable TSX. A new MSR
25IA32_TSX_CTRL will be available in future and current processors after
26microcode update which can be used to disable TSX. In addition, it
27controls the enumeration of the TSX feature bits (RTM and HLE) in CPUID.
28
29b) Clear CPU buffers - similar to MDS, clearing the CPU buffers mitigates this
30vulnerability. More details on this approach can be found in
31:ref:`Documentation/admin-guide/hw-vuln/mds.rst <mds>`.
32
33Kernel internal mitigation modes
34--------------------------------
35
36 ============= ============================================================
37 off Mitigation is disabled. Either the CPU is not affected or
38 tsx_async_abort=off is supplied on the kernel command line.
39
40 tsx disabled Mitigation is enabled. TSX feature is disabled by default at
41 bootup on processors that support TSX control.
42
43 verw Mitigation is enabled. CPU is affected and MD_CLEAR is
44 advertised in CPUID.
45
46 ucode needed Mitigation is enabled. CPU is affected and MD_CLEAR is not
47 advertised in CPUID. That is mainly for virtualization
48 scenarios where the host has the updated microcode but the
49 hypervisor does not expose MD_CLEAR in CPUID. It's a best
50 effort approach without guarantee.
51 ============= ============================================================
52
53If the CPU is affected and the "tsx_async_abort" kernel command line parameter is
54not provided then the kernel selects an appropriate mitigation depending on the
55status of RTM and MD_CLEAR CPUID bits.
56
57Below tables indicate the impact of tsx=on|off|auto cmdline options on state of
58TAA mitigation, VERW behavior and TSX feature for various combinations of
59MSR_IA32_ARCH_CAPABILITIES bits.
60
611. "tsx=off"
62
63========= ========= ============ ============ ============== =================== ======================
64MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=off
65---------------------------------- -------------------------------------------------------------------------
66TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
67 after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full
68========= ========= ============ ============ ============== =================== ======================
69 0 0 0 HW default Yes Same as MDS Same as MDS
70 0 0 1 Invalid case Invalid case Invalid case Invalid case
71 0 1 0 HW default No Need ucode update Need ucode update
72 0 1 1 Disabled Yes TSX disabled TSX disabled
73 1 X 1 Disabled X None needed None needed
74========= ========= ============ ============ ============== =================== ======================
75
762. "tsx=on"
77
78========= ========= ============ ============ ============== =================== ======================
79MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=on
80---------------------------------- -------------------------------------------------------------------------
81TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
82 after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full
83========= ========= ============ ============ ============== =================== ======================
84 0 0 0 HW default Yes Same as MDS Same as MDS
85 0 0 1 Invalid case Invalid case Invalid case Invalid case
86 0 1 0 HW default No Need ucode update Need ucode update
87 0 1 1 Enabled Yes None Same as MDS
88 1 X 1 Enabled X None needed None needed
89========= ========= ============ ============ ============== =================== ======================
90
913. "tsx=auto"
92
93========= ========= ============ ============ ============== =================== ======================
94MSR_IA32_ARCH_CAPABILITIES bits Result with cmdline tsx=auto
95---------------------------------- -------------------------------------------------------------------------
96TAA_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
97 after bootup CPU buffers tsx_async_abort=off tsx_async_abort=full
98========= ========= ============ ============ ============== =================== ======================
99 0 0 0 HW default Yes Same as MDS Same as MDS
100 0 0 1 Invalid case Invalid case Invalid case Invalid case
101 0 1 0 HW default No Need ucode update Need ucode update
102 0 1 1 Disabled Yes TSX disabled TSX disabled
103 1 X 1 Enabled X None needed None needed
104========= ========= ============ ============ ============== =================== ======================
105
106In the tables, TSX_CTRL_MSR is a new bit in MSR_IA32_ARCH_CAPABILITIES that
107indicates whether MSR_IA32_TSX_CTRL is supported.
108
109There are two control bits in IA32_TSX_CTRL MSR:
110
111 Bit 0: When set it disables the Restricted Transactional Memory (RTM)
112 sub-feature of TSX (will force all transactions to abort on the
113 XBEGIN instruction).
114
115 Bit 1: When set it disables the enumeration of the RTM and HLE feature
116 (i.e. it will make CPUID(EAX=7).EBX{bit4} and
117 CPUID(EAX=7).EBX{bit11} read as 0).