There are now several commercially available processors that have h/w fixes for the TSX Async Abort (TAA) issue as indicated by enumerating the ARCH_CAPABILITIES "TAA_NO" bit.
Change the default setting to "auto" so that these CPUs will leave TSX enabled by default. This can still be overridden by the kernel cmdline parameter tsx=on|off|auto Signed-off-by: Nelson D'Souza <nelson.dso...@linux.intel.com> Reviewed-by: Tony Luck <tony.l...@intel.com> --- arch/x86/Kconfig | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 1d6104ea8af0..b444205c964a 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1905,7 +1905,7 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS choice prompt "TSX enable mode" depends on CPU_SUP_INTEL - default X86_INTEL_TSX_MODE_OFF + default X86_INTEL_TSX_MODE_AUTO help Intel's TSX (Transactional Synchronization Extensions) feature allows to optimize locking protocols through lock elision which @@ -1915,8 +1915,13 @@ choice to form side channel attacks (e.g. TAA) and chances are there will be more of those attacks discovered in the future. - Therefore TSX is not enabled by default (aka tsx=off). An admin - might override this decision by tsx=on the command line parameter. + The default setting for TSX Mode is set to auto. This will enable + TSX feature for platforms that are not vulnerable to the TAA issue. + + TSX feature will continue to be disabled on platforms that are + vulnerable to TAA and support disabling TSX via the updated microcode. + + An admin might override this decision by a kernel command line parameter. Even with TSX enabled, the kernel will attempt to enable the best possible TAA mitigation setting depending on the microcode available for the particular machine. -- 2.24.1