On Tue, Mar 29, 2022 at 06:24:03PM +0200, Borislav Petkov wrote:
On Thu, Mar 10, 2022 at 02:02:09PM -0800, Pawan Gupta wrote:A microcode update on some Intel processors causes all TSX transactions to always abort by default [*]. Microcode also added functionality to re-enable TSX for development purpose. With this microcode loaded, if tsx=on was passed on the cmdline, and TSX development mode was already enabled before the kernel boot, it may make the system vulnerable to TSX Asynchronous Abort (TAA). To be on safer side, unconditionally disable TSX development mode at boot. If needed, a user can enable it using msr-tools. [*] Intel Transactional Synchronization Extension (Intel TSX) Disable Update for Selected Processors https://cdrdv2.intel.com/v1/dl/getContent/643557 Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Suggested-by: Borislav Petkov <bp@xxxxxxxxx> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> --- arch/x86/include/asm/msr-index.h | 4 +-- arch/x86/kernel/cpu/cpu.h | 1 + arch/x86/kernel/cpu/intel.c | 4 +++ arch/x86/kernel/cpu/tsx.c | 34 ++++++++++++++++++++++++++ tools/arch/x86/include/asm/msr-index.h | 4 +-- 5 files changed, 43 insertions(+), 4 deletions(-)Does this a lot more encapsulated version work too?
It look good to me. Thanks, Pawan
