19. TSX Async Abort (TAA) mitigation

19.1. Overview

TSX Async Abort (TAA) is a side channel attack on internal buffers in someIntel processors similar to Microachitectural Data Sampling (MDS). In thiscase certain loads may speculatively pass invalid data to dependent operationswhen an asynchronous abort condition is pending in a TransactionalSynchronization Extensions (TSX) transaction. This includes loads with nofault or assist condition. Such loads may speculatively expose stale data fromthe same uarch data structures as in MDS, with same scope of exposure i.e.same-thread and cross-thread. This issue affects all current processors thatsupport TSX.

19.2. Mitigation strategy

a) TSX disable - one of the mitigations is to disable TSX. A new MSRIA32_TSX_CTRL will be available in future and current processors aftermicrocode update which can be used to disable TSX. In addition, itcontrols the enumeration of the TSX feature bits (RTM and HLE) in CPUID.

b) Clear CPU buffers - similar to MDS, clearing the CPU buffers mitigates thisvulnerability. More details on this approach can be found inDocumentation/admin-guide/hw-vuln/mds.rst.

19.3. Kernel internal mitigation modes

offMitigation is disabled. Either the CPU is not affected ortsx_async_abort=off is supplied on the kernel command line.
tsx disabledMitigation is enabled. TSX feature is disabled by default atbootup on processors that support TSX control.
verwMitigation is enabled. CPU is affected and MD_CLEAR isadvertised in CPUID.
ucode neededMitigation is enabled. CPU is affected and MD_CLEAR is notadvertised in CPUID. That is mainly for virtualizationscenarios where the host has the updated microcode but thehypervisor does not expose MD_CLEAR in CPUID. It’s a besteffort approach without guarantee.

If the CPU is affected and the “tsx_async_abort” kernel command line parameter isnot provided then the kernel selects an appropriate mitigation depending on thestatus of RTM and MD_CLEAR CPUID bits.

Below tables indicate the impact of tsx=on|off|auto cmdline options on state ofTAA mitigation, VERW behavior and TSX feature for various combinations ofMSR_IA32_ARCH_CAPABILITIES bits.

  1. “tsx=off”
MSR_IA32_ARCH_CAPABILITIES bitsResult with cmdline tsx=off
TAA_NOMDS_NOTSX_CTRL_MSRTSX stateafter bootupVERW can clearCPU buffersTAA mitigationtsx_async_abort=offTAA mitigationtsx_async_abort=full
000HW defaultYesSame as MDSSame as MDS
001Invalid caseInvalid caseInvalid caseInvalid case
010HW defaultNoNeed ucode updateNeed ucode update
011DisabledYesTSX disabledTSX disabled
1X1DisabledXNone neededNone needed
  1. “tsx=on”
MSR_IA32_ARCH_CAPABILITIES bitsResult with cmdline tsx=on
TAA_NOMDS_NOTSX_CTRL_MSRTSX stateafter bootupVERW can clearCPU buffersTAA mitigationtsx_async_abort=offTAA mitigationtsx_async_abort=full
000HW defaultYesSame as MDSSame as MDS
001Invalid caseInvalid caseInvalid caseInvalid case
010HW defaultNoNeed ucode updateNeed ucode update
011EnabledYesNoneSame as MDS
1X1EnabledXNone neededNone needed
  1. “tsx=auto”
MSR_IA32_ARCH_CAPABILITIES bitsResult with cmdline tsx=auto
TAA_NOMDS_NOTSX_CTRL_MSRTSX stateafter bootupVERW can clearCPU buffersTAA mitigationtsx_async_abort=offTAA mitigationtsx_async_abort=full
000HW defaultYesSame as MDSSame as MDS
001Invalid caseInvalid caseInvalid caseInvalid case
010HW defaultNoNeed ucode updateNeed ucode update
011DisabledYesTSX disabledTSX disabled
1X1EnabledXNone neededNone needed

In the tables, TSX_CTRL_MSR is a new bit in MSR_IA32_ARCH_CAPABILITIES thatindicates whether MSR_IA32_TSX_CTRL is supported.

There are two control bits in IA32_TSX_CTRL MSR:

Bit 0: When set it disables the Restricted Transactional Memory (RTM)
sub-feature of TSX (will force all transactions to abort on theXBEGIN instruction).
Bit 1: When set it disables the enumeration of the RTM and HLE feature
(i.e. it will make CPUID(EAX=7).EBX{bit4} andCPUID(EAX=7).EBX{bit11} read as 0).