Intel is going to disable insecure TSX feature on older CPUs
Intel has decided to disable Transactional Synchronization Extensions in processor chips of Skylake, Kaby Lake, Coffee Lake, and Whiskey Lake CPUs. Intel is disabling the feature due to errors in memory ordering and because it can be exploited by hackers.
TSX will soon be turned off in a micro-update for the CPUs, Phoronix discovered coincidentally when reading new kernel patches. Disabling TSX will degrade performance in older chips in certain tasks. TSX adds hardware transactional memory support to the CPUs, allowing them to perform up to 40 percent better in certain tasks, according to Intel figures. TSX has been in Intel CPUs since 2013.
In 2016, it was discovered that TSX could be exploited for a side-channel timing attack, where hackers could break kernel address space layout randomization, or KASLR, to gain access to a system. That’s one of the reasons the feature is no longer supported.
A more important reason, according to Phoronix, is that TSX can cause a memory ordering error, i.e. the order of accessing memory. Intel published about this earlier this month a white paper in pdf. This problem has been known since 2018 and the function has therefore already been disabled in SGX and SMM. With the micro-update, TSX can no longer be accessed and in addition there will be no workaround in the Linux kernel.