tsx_async_abort.rst - OpenGrok cross reference for /Documentation/admin-guide/hw-vuln/tsx_async

Lines Matching +full:processor +full:- +full:a +full:- +full:side
1 .. SPDX-License-Identifier: GPL-2.0
3 TAA - TSX Asynchronous Abort
6 TAA is a hardware vulnerability that allows unprivileged speculative access to
11 -------------------
19 Whether a processor is affected or not can be read out from the TAA
23 ------------
28    CVE-2019-11135  TAA    TSX Asynchronous Abort (TAA) condition on some
31                           information disclosure via a side channel with
36 -------
43 hardware transactional memory support to improve performance of multi-threaded
44 software. TSX lets the processor expose and exploit concurrency hidden in an
49 are rolled back. An asynchronous abort takes place, among other options, when a
50 different thread accesses a cache line that is also used within the transactional
51 region when that access might lead to a data race.
55 operations. This can be then used to infer the value via a cache side channel
58 Because the buffers are potentially shared between Hyper-Threads cross
59 Hyper-Thread attacks are possible.
61 The victim of a malicious actor does not need to make use of TSX. Only the
62 attacker needs to begin a TSX transaction and raise an asynchronous abort
70 ----------------
77 a result, the malicious actor has to sample as much data as possible and
80 A potential attacker only has read access to the data. Also, there is no direct
87 -----------------------
89 The Linux kernel provides a sysfs interface to enumerate the current TAA status
96 .. list-table::
98    * - 'Vulnerable'
99 …- The CPU is affected by this vulnerability and the microcode and kernel mitigation are not applie…
100    * - 'Vulnerable: Clear CPU buffers attempted, no microcode'
101      - The processor is vulnerable but microcode is not updated. The
102        mitigation is enabled on a best effort basis.
104        If the processor is vulnerable but the availability of the microcode
106        selects a best effort mitigation mode. This mode invokes the mitigation
107        instructions without a guarantee that they clear the CPU buffers.
112        protection takes effect; otherwise a few CPU cycles are wasted
114    * - 'Mitigation: Clear CPU buffers'
115      - The microcode has been updated to clear the buffers. TSX is still enabled.
116    * - 'Mitigation: TSX disabled'
117      - TSX is disabled.
118    * - 'Not affected'
119      - The CPU is not affected by this issue.
122 --------------------
125 required. If a CPU is affected and the microcode is available, then the kernel
129 The mitigation can be controlled at boot time via a kernel command line option.
146 ---------------------------------------------
158                 systems which are MDS-affected and deploy MDS mitigation,
165                 CPU is not vulnerable to cross-thread TAA attacks.
185                 and which get the new IA32_TSX_CTRL MSR through a microcode
193                 several previous speculation-related CVEs, and so there may be
207                                           buffers. Cross-thread attacks are still
209   tsx=on     tsx_async_abort=full,nosmt   As above, cross-thread attacks on SMT
213                                           provides a TSX control MSR. If so,
241 --------------------------
246 If all user space applications are from a trusted source and do not execute
255 might allow a malicious actor to leak data from the host or from other
259 are prevented in a virtualized environment as well, even if the VMs do not
266 -------------------
270   - Deploy TSX disable mitigation (tsx_async_abort=full tsx=off).