Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Intel Hardware

Intel To Disable TSX By Default On More CPUs With New Microcode (phoronix.com) 46

Intel is going to be disabling Transactional Synchronization Extensions (TSX) by default for various Skylake through Coffee Lake processors with forthcoming microcode updates. Phoronix reports: Transactional Synchronization Extensions (TSX) have been around since Haswell for hardware transactional memory support and going off Intel's own past numbers can be around 40% faster in specific workloads or as much 4~5 times faster in database transaction benchmarks. TSX issues have been found in the past such as a possible side channel timing attack that could lead to KASLR being defeated and CVE-2019-11135 (TSX Async Abort) for an MDS-style flaw. Now in 2021 Intel is disabling TSX by default across multiple families of Intel CPUs from Skylake through Coffee Lake. [...] The Linux kernel is preparing for this microcode change as seen in the flow of new patches this morning for the 5.14 merge window.

A memory ordering issue is what is reportedly leading Intel to now deprecate TSX on various processors. There is this Intel whitepaper (PDF) updated this month that outlines the problem at length. As noted in the revision history, the memory ordering issue has been known to Intel since at least before October 2018 but only now in June 2021 are they pushing out microcode updates to disable TSX by default. With forthcoming microcode updates will effectively deprecate TSX for all Skylake Xeon CPUs prior to Stepping 5 (including Xeon D and 1st Gen Xeon Scalable), all 6th Gen Xeon E3-1500m v5 / E3-1200 v5 Skylake processors, all 7th/8th Gen Core and Pentium Kaby/Coffee/Whiskey CPUs prior to 0x8 stepping, and all 8th/9th Gen Core/Pentium Coffee Lake CPUs prior to 0xC stepping will be affected. That ultimately spans from various Skylake steppings through Coffee Lake; it was with 10th Gen Comet Lake and Ice Lake where TSX/TSX-NI was subsequently removed.

In addition to disabling TSX by default and force-aborting all RTM transactions by default, a new CPUID bit is being enumerated with the new microcode to indicate that the force aborting of RTM transactions. It's due to that new CPUID bit that the Linux kernel is seeing patches. Previously Linux and other operating systems applied a workaround for the TSX memory ordering issue but now when this feature is disabled, the kernel can drop said workaround. These patches are coming with the Linux 5.14 cycle and will likely be back-ported to stable too.

This discussion has been archived. No new comments can be posted.

Intel To Disable TSX By Default On More CPUs With New Microcode

Comments Filter:
  • by chuckugly ( 2030942 ) on Monday June 28, 2021 @04:32PM (#61531214)

    Seems like a known defect - class action lawsuit in the pipe yet?

    • by thegarbz ( 1787294 ) on Monday June 28, 2021 @04:46PM (#61531260)

      Gotta love the American reaction. Something happens so we need to either sue it or shoot it.

      • And when aliens invade we'll shoot them first then sic our lawyers on them. No one messes with the US.

        • by Tablizer ( 95088 )

          And when aliens invade we'll shoot them first then sic our lawyers on them. No one messes with the US.

          The problem is Klingons keep pounding our judges into bloody pulp. What's Plan B?

        • by ytene ( 4376651 )
          Why not just shoot the lawyers: cut out the middleman. :/
          • Very Old idea.

              "The first thing we do, let's kill all the lawyers".

            William Shakespeare; Henry VI, Part 2, Act IV,

        • Send in the lawyers first. If we get lucky they'll kill each other off at the same time.
      • by AmiMoJo ( 196126 ) on Monday June 28, 2021 @05:01PM (#61531320) Homepage Journal

        It's due to weak consumer protection laws.

        I'm many European countries you would just go back to the retailer to get your partial refund for lost performance. No need to sue, small claims court is available if they refuse.

        • by tlhIngan ( 30335 )

          It's due to weak consumer protection laws.

          I'm many European countries you would just go back to the retailer to get your partial refund for lost performance. No need to sue, small claims court is available if they refuse.

          Except the Europeans pay for their consumer protection laws. TINSTAAFL after all. You might know this as "Europeans pay higher prices".

          Sure, some of it is because the sales tax is embedded in the price, but the other part of the difference is the legislative cost - regulations cost money an

          • by AmiMoJo ( 196126 )

            The problem with warranties is that they are all different, covering and excluding different things. It's much better to have a clear law with clear principals.

            There might be some additional cost, but again warranties are an upsell item that is mostly profit. If it's a legal requirement then there is the normal price competition pressure and an incentive to build stuff that lasts. Well, it's more like an incentive for retailers to only stock stuff that isn't junk, because they are the ones liable.

            There are

          • by Bert64 ( 520050 )

            Small claims court in european countries is usually very cheap, you pay a fixed filing fee and don't need to hire a lawyer. For a claim of $500 the fee would be under $100, and i'm pretty sure you do get awarded the filing cost if the judgement goes your way.
            Consumer law is also pretty straight forward, so if the company you're claiming against is in the wrong they will lose. In many cases companies know this and won't even contest the claim, but they will often ignore you prior to that in the hope that you

      • Because for the american corporation about the only thing that keeps them in line is the threat of lawsuits or fed/state regulations.
      • What's your reaction to a product getting 40% worse in usability after the sale?

        - "Ask nicely for a refund, bowing down deeply with hat in hand"
        - "Keep a stiff upper lip and just take the losses"
        - "Don't care and continue watching sportsball"
        - "Write a flaming Twitter post to vent anger"
        - "Warn everyone that criticism of intel is dogwhistle antisemitism"

        Which is it?

        • None of the above. I get compensated under fairly standard consumer protection laws for lost performance after the fact based on an expectation for duration of service and advertised performance.

          Kind of the same reason why all red-ringed xboxes were replaced out of warranty in my country while in the USA Americans were told "hahah fuck you". Or the reason why my parents got a significant amount of cash back from Volkswagen a few years ago without ever having to resort to sueing or shooting anyone (or even a

          • My brother got $4000 or so from M-B over a defective thing, no need to sue. We live in America. Welcome to the real world.

            Let me see your shocked face.

            (My sue them post was a JOKE, but it will probably happen)

            • No need for a shocked face. I have zero doubt that if your brother's defective thing was wide spread that people would sue.

              But congrats to your brother on finding a corporation which is ethical. That's rare and he should consider himself truly lucky rather than a citizen of a sanely setup society. 99% of corporations will happily just send you a fuck you unless the law says they can't.

              • I'm sorry you've had such a negative experience in your time living in America. Rest assured that your hardship is not at all typical of the experience of anyone I know in real life here in the good old USA. Maybe your luck will change. All the best. Perhaps dealing with businesses who care about their brand and reputation will help?

                In any case, hope things improve for you.

        • by DarkOx ( 621550 )

          You skipped - wait for someone people that care more than I do to file a class action suit. Sign my name on the little card that comes in the mail - wait for my $5 check and 10% coupon for a future purchase.

  • it's worse than this : https://www.youtube.com/watch?... [youtube.com]

    Why not just say : "Intel is downgrading remotely your CPU into 2012 because they just fucked up"

    • by Tablizer ( 95088 )

      Why not just say : "Intel is downgrading remotely your CPU into 2012 because they just f*cked up"

      Another prospective is "they have to take away the speed cheats because they've been caught taking unsafe shortcuts."

      • Do you believe the changes to the architecture or the ISA could have been characterized as risky or unwise before these attacks were discovered? The procedures are sophisticated in these attacks in many cases. Was it bad luck, bad design, or worse pushing to some limit/edge that ended up crumbling on Intel and others?
        • by HiThere ( 15173 )

          I don't know about the particular ISA problem, but they've been caught using known unsafe shortcuts before, so it's not an unreasonable assumption.

        • by Tablizer ( 95088 )

          I don't know enough specifics to say if it is "reasonable" that they should have tested for or been concerned about cross-thread data leak hacks.

  • I wonder if they'll hire Justin Long to do another one of those "go Intel" commercials?

  • Huge vulnerability. (Score:5, Informative)

    by Gravis Zero ( 934156 ) on Monday June 28, 2021 @06:00PM (#61531494)

    If they are disabling it it means a definitive hack that can quickly compromise an entire system (similar to meltdown) has been identified. Intel doesn't do anything out of "an abundance of caution" (they have been aware of flaws in TSX for years) if it means they can still tout that their chip is faster at something. Instead, Intel only takes reactionary measures which means they are not the only ones who know how to exploit it. I expect a new CVE probably in a month after the microcode update has been pushed.

    • Yeah, and they're STILL going to claim their chips are faster, if history is any indication. Even though this has been disabled by default, signaling that it is too dangerous to use, they will base their performance claims on benchmarks with it enabled.

  • Anyone knows if GCC / LLVM had any optimizations for using TSX ?
    If if any DB software running on Linux was using TSX ?
    If it's yet another instruction Intel added just for use in a useless benchmark and not actually used by any software ...

    • Anyone knows if GCC / LLVM had any optimizations for using TSX ?

      I'm pretty sure both of them would use TSX for C++11 atomic types [cppreference.com] and C11 atomic types [cppreference.com]. I should be noted that transactional memory is actually implemented in software and on half a dozen architectures, so this it's not a wasted effort (OK, maybe the TSX specific parts but not the rest).

      If it's yet another instruction Intel added just for use in a useless benchmark and not actually used by any software

      Any software that uses atomics and built for x86_64 is going to be affected. However, since it's an optional feature and identified in the CPUID register, all software generated by compilers will fallback on software imple

    • by godrik ( 1287354 )

      yeah.
      Many lock free datastructures use these instructions. There are standard implementation in various libraries. They are certainly used in filesystems.

      There were TSX patches discussed on postgresql mailing list last year.

  • All those side channel weaknesses are not normally exploitable on single user machines. Is there a list of those bugs (Spectre, Meltdown, this one, etc) and whether or not you can safely leave them on with single user machines with or without servers running on them exposed to the outside ? And how to disable the patches on Linux. Something like 'nopti' and others.
    • All those side channel weaknesses are not normally exploitable on single user machines.

      Unless you download and run software, or use a web browser which lets other people run software on your computer without you actually installing it. You know, use your computer as a computer?

      • by dargaud ( 518470 )
        Are those really exploitable from web scripts ? Not just assembly programs ?
        • There's PoC, I don't know if anyone has actually been exploited. Who knows?

          But putting aside WebAssembly is probably a mistake, most people will run whatever

  • Look at it this way (Score:5, Interesting)

    by dddux ( 3656447 ) on Tuesday June 29, 2021 @06:24AM (#61532958)

    Look at it this way: I just read that Microsoft is doing all kind of stuff in the name of security that makes it much harder [read - you should buy a new computer] to use its upcoming Windows 11 with the same echelon of older computers. Coincidence? I don't think so. Now Intel is going to deliberately cripple their older than 10xxx processors so that people will have to buy these newer processors, and in order to have better performance even with Linux. It's all about the profit, not security. Criminals, only high level corporate ones. Too many people sticking with Skylake to Kaby Lake CPUs? Cripple them somehow [since previous patches didn't cripple them enough, it seems]. Force people to buy new computers. They need your money.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...