Microcode updates to disable Intel TSX are on the way
Intel is preparing microcode patches that will disable a processor feature called Transactional Synchronization Extensions (TSX) on processor families spanning Skylake through Coffee Lake. The Santa Clara chipmaker seems to have quietly arranged these updates, but its intentions have been brought to light by Linux specialist site Phoronix, a reporter from which spotted the changes in new kernel patches, going into the new Linux 5.14 cycle.
If you haven’t heard of TSX before, they are designed to accelerate transactional memory in hardware. When Intel first came up with this technology, it would boast that it could boost processor performance by as much as 40 per cent on specific workloads, and as much as 4x to 5x in database transaction benchmarks.
TSX support has been present in Intel CPUs since the Haswell generation (2013). The latest patches cover Intel 6th, 7th, and 8th Gen processors – I expect that is because Intel deems processors any older to be beyond the scope of reasonable support. With the extensions disabled in the forthcoming microcode updates, any TSX benefits will be gone too, of course. Intel admits, “Workloads that were benefited from Intel TSX might experience a change in performance.”
Intel became aware of vulnerabilities / attack surfaces presented by TSX as far back as June 2018 and issued the first microcode patches to address these flaws in October the same year. However, to decide to simply disable TSX wholesale, it seems like its microcode sticking plasters were not enough.
Phoronix mentions some TSX issues that have caused consternation in the past; “a possible side channel timing attack that could lead to KASLR being defeated and CVE-2019-11135 (TSX Async Abort) for an MDS-style flaw.” Killing TSX is a drastic sidestep to avoid such problems, and Phoronix indicates it will be doing a bit of benchmarking after this change to see the results of the microcode updates when they are applied.