Intel to disable insecure TSX feature on older CPUs
Intel has decided to disable Transactional Synchronization Extensions in processor chips from Skylake, Kaby Lake, Coffee Lake and Whiskey Lake CPUs. Intel disables the feature due to memory-arranging errors and because it can be exploited by hackers.
TSX will soon be disabled in a micro-update for the CPUs, Phoronix discovered by chance while reading new kernel patches . Disabling TSX will lead to poorer performance in older chips in certain tasks. TSX adds hardware transactional memory support to the CPUs, giving them up to 40 percent better performance in certain tasks, according to Intel figures. TSX has been in Intel CPUs since 2013.
In 2016, it was discovered that TSX could be exploited for a side-channel timing attack, where hackers could break kernel address space layout randomization , or KASLR, to gain access to a system. That’s one of the reasons the feature is no longer supported.
A more important reason, according to Phoronix, is that TSX can cause an error in the memory ordering, i.e. the sequence of accessing memory. Intel published a white paper on this in PDF earlier this month . That issue has been known since 2018 and the feature was therefore already disabled in SGX and SMM . With the micro-update, TSX can no longer be accessed and there is emphatically no workaround in the Linux kernel.