Intel To Disable TSX By Default On More CPUs With New Microcode
Transactional Synchronization Extensions (TSX) have been around since Haswell for hardware transactional memory support and going off Intel's own past numbers can be around 40% faster in specific workloads or as much 4~5 times faster in database transaction benchmarks. TSX issues have been found in the past such as a possible side channel timing attack that could lead to KASLR being defeated and CVE-2019-11135 (TSX Async Abort) for an MDS-style flaw. Now in 2021 Intel is disabling TSX by default across multiple families of Intel CPUs from Skylake through Coffee Lake.
No widespread announcement on the change seems to have been made as this is the first time I have heard of this deprecation/disabling and not mentioned on other news sites, but noticed it with the fresh round of patches going into the new Linux 5.14 cycle. The Linux kernel is preparing for this microcode change as seen in the flow of new patches this morning for the 5.14 merge window.
A memory ordering issue is what is reportedly leading Intel to now deprecate TSX on various processors. There is this Intel whitepaper updated this month that outlines the problem at length. As noted in the revision history, the memory ordering issue has been known to Intel since at least before October 2018 but only now in June 2021 are they pushing out microcode updates to disable TSX by default.
When going through the new Linux patches, there was reference to this guidance from 12 June that outlines the intended change. That update was published a few days after Intel's latest CPU microcode update earlier this month that did not note any TSX changes but noted other security updates. (Trying this latest microcode update on one of the affected CPUs still shows TSX as active with TAA mitigations still active.) With forthcoming microcode updates will effectively deprecate TSX for all Skylake Xeon CPUs prior to Stepping 5 (including Xeon D and 1st Gen Xeon Scalable), all 6th Gen Xeon E3-1500m v5 / E3-1200 v5 Skylake processors, all 7th/8th Gen Core and Pentium Kaby/Coffee/Whiskey CPUs prior to 0x8 stepping, and all 8th/9th Gen Core/Pentium Coffee Lake CPUs prior to 0xC stepping will be affected. That ultimately spans from various Skylake steppings through Coffee Lake; it was with 10th Gen Comet Lake and Ice Lake where TSX/TSX-NI was subsequently removed.
In addition to disabling TSX by default and force-aborting all RTM transactions by default, a new CPUID bit is being enumerated with the new microcode to indicate that the force aborting of RTM transactions. It's due to that new CPUID bit that the Linux kernel is seeing patches. Previously Linux and other operating systems applied a workaround for the TSX memory ordering issue but now when this feature is disabled, the kernel can drop said workaround. These patches are coming with the Linux 5.14 cycle and will likely be back-ported to stable too.
Intel disabling TSX via microcode updates isn't entirely new as back when the feature first appeared with Haswell they ended up selectively disabling the feature due to early bugs in that original implementation but now this effectively killing it off spans multiple product generations and years after software has been adapted to allow making use of Transactional Synchronization Extensions. TSX performance on Linux has already been degraded for newer processors as well stemming from the TAA mitigations enacted back in late 2019.
Intel's guidance this month around the forthcoming microcode change does acknowledge "Workloads that were benefited from Intel TSX might experience a change in performance." Thus time to fire up some new benchmarks.