// SPDX-License-Identifier: GPL-2.01/*2* Intel Transactional Synchronization Extensions (TSX) control.3*4* Copyright (C) 2019-2021 Intel Corporation5*6* Author:7* Pawan Gupta <[email protected]>8*/910#include <linux/cpufeature.h>1112#include <asm/cmdline.h>13#include <asm/cpu.h>14#include <asm/msr.h>1516#include "cpu.h"1718#undef pr_fmt19#define pr_fmt(fmt) "tsx: " fmt2021enum tsx_ctrl_states {22TSX_CTRL_AUTO,23TSX_CTRL_ENABLE,24TSX_CTRL_DISABLE,25TSX_CTRL_RTM_ALWAYS_ABORT,26TSX_CTRL_NOT_SUPPORTED,27};2829static enum tsx_ctrl_states tsx_ctrl_state __ro_after_init =30IS_ENABLED(CONFIG_X86_INTEL_TSX_MODE_AUTO) ? TSX_CTRL_AUTO :31IS_ENABLED(CONFIG_X86_INTEL_TSX_MODE_OFF) ? TSX_CTRL_DISABLE : TSX_CTRL_ENABLE;3233static void tsx_disable(void)34{35u64 tsx;3637rdmsrq(MSR_IA32_TSX_CTRL, tsx);3839/* Force all transactions to immediately abort */40tsx |= TSX_CTRL_RTM_DISABLE;4142/*43* Ensure TSX support is not enumerated in CPUID.44* This is visible to userspace and will ensure they45* do not waste resources trying TSX transactions that46* will always abort.47*/48tsx |= TSX_CTRL_CPUID_CLEAR;4950wrmsrq(MSR_IA32_TSX_CTRL, tsx);51}5253static void tsx_enable(void)54{55u64 tsx;5657rdmsrq(MSR_IA32_TSX_CTRL, tsx);5859/* Enable the RTM feature in the cpu */60tsx &= ~TSX_CTRL_RTM_DISABLE;6162/*63* Ensure TSX support is enumerated in CPUID.64* This is visible to userspace and will ensure they65* can enumerate and use the TSX feature.66*/67tsx &= ~TSX_CTRL_CPUID_CLEAR;6869wrmsrq(MSR_IA32_TSX_CTRL, tsx);70}7172static enum tsx_ctrl_states x86_get_tsx_auto_mode(void)73{74if (boot_cpu_has_bug(X86_BUG_TAA))75return TSX_CTRL_DISABLE;7677return TSX_CTRL_ENABLE;78}7980/*81* Disabling TSX is not a trivial business.82*83* First of all, there's a CPUID bit: X86_FEATURE_RTM_ALWAYS_ABORT84* which says that TSX is practically disabled (all transactions are85* aborted by default). When that bit is set, the kernel unconditionally86* disables TSX.87*88* In order to do that, however, it needs to dance a bit:89*90* 1. The first method to disable it is through MSR_TSX_FORCE_ABORT and91* the MSR is present only when *two* CPUID bits are set:92*93* - X86_FEATURE_RTM_ALWAYS_ABORT94* - X86_FEATURE_TSX_FORCE_ABORT95*96* 2. The second method is for CPUs which do not have the above-mentioned97* MSR: those use a different MSR - MSR_IA32_TSX_CTRL and disable TSX98* through that one. Those CPUs can also have the initially mentioned99* CPUID bit X86_FEATURE_RTM_ALWAYS_ABORT set and for those the same strategy100* applies: TSX gets disabled unconditionally.101*102* When either of the two methods are present, the kernel disables TSX and103* clears the respective RTM and HLE feature flags.104*105* An additional twist in the whole thing presents late microcode loading106* which, when done, may cause for the X86_FEATURE_RTM_ALWAYS_ABORT CPUID107* bit to be set after the update.108*109* A subsequent hotplug operation on any logical CPU except the BSP will110* cause for the supported CPUID feature bits to get re-detected and, if111* RTM and HLE get cleared all of a sudden, but, userspace did consult112* them before the update, then funny explosions will happen. Long story113* short: the kernel doesn't modify CPUID feature bits after booting.114*115* That's why, this function's call in init_intel() doesn't clear the116* feature flags.117*/118static void tsx_clear_cpuid(void)119{120u64 msr;121122/*123* MSR_TFA_TSX_CPUID_CLEAR bit is only present when both CPUID124* bits RTM_ALWAYS_ABORT and TSX_FORCE_ABORT are present.125*/126if (boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) &&127boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT)) {128rdmsrq(MSR_TSX_FORCE_ABORT, msr);129msr |= MSR_TFA_TSX_CPUID_CLEAR;130wrmsrq(MSR_TSX_FORCE_ABORT, msr);131} else if (cpu_feature_enabled(X86_FEATURE_MSR_TSX_CTRL)) {132rdmsrq(MSR_IA32_TSX_CTRL, msr);133msr |= TSX_CTRL_CPUID_CLEAR;134wrmsrq(MSR_IA32_TSX_CTRL, msr);135}136}137138/*139* Disable TSX development mode140*141* When the microcode released in Feb 2022 is applied, TSX will be disabled by142* default on some processors. MSR 0x122 (TSX_CTRL) and MSR 0x123143* (IA32_MCU_OPT_CTRL) can be used to re-enable TSX for development, doing so is144* not recommended for production deployments. In particular, applying MD_CLEAR145* flows for mitigation of the Intel TSX Asynchronous Abort (TAA) transient146* execution attack may not be effective on these processors when Intel TSX is147* enabled with updated microcode.148*/149static void tsx_dev_mode_disable(void)150{151u64 mcu_opt_ctrl;152153/* Check if RTM_ALLOW exists */154if (!boot_cpu_has_bug(X86_BUG_TAA) ||155!cpu_feature_enabled(X86_FEATURE_MSR_TSX_CTRL) ||156!cpu_feature_enabled(X86_FEATURE_SRBDS_CTRL))157return;158159rdmsrq(MSR_IA32_MCU_OPT_CTRL, mcu_opt_ctrl);160161if (mcu_opt_ctrl & RTM_ALLOW) {162mcu_opt_ctrl &= ~RTM_ALLOW;163wrmsrq(MSR_IA32_MCU_OPT_CTRL, mcu_opt_ctrl);164setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT);165}166}167168static int __init tsx_parse_cmdline(char *str)169{170if (!str)171return -EINVAL;172173if (!strcmp(str, "on")) {174tsx_ctrl_state = TSX_CTRL_ENABLE;175} else if (!strcmp(str, "off")) {176tsx_ctrl_state = TSX_CTRL_DISABLE;177} else if (!strcmp(str, "auto")) {178tsx_ctrl_state = TSX_CTRL_AUTO;179} else {180tsx_ctrl_state = TSX_CTRL_DISABLE;181pr_err("invalid option, defaulting to off\n");182}183184return 0;185}186early_param("tsx", tsx_parse_cmdline);187188void __init tsx_init(void)189{190tsx_dev_mode_disable();191192/*193* Hardware will always abort a TSX transaction when the CPUID bit194* RTM_ALWAYS_ABORT is set. In this case, it is better not to enumerate195* CPUID.RTM and CPUID.HLE bits. Clear them here.196*/197if (boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT)) {198tsx_ctrl_state = TSX_CTRL_RTM_ALWAYS_ABORT;199tsx_clear_cpuid();200setup_clear_cpu_cap(X86_FEATURE_RTM);201setup_clear_cpu_cap(X86_FEATURE_HLE);202return;203}204205/*206* TSX is controlled via MSR_IA32_TSX_CTRL. However, support for this207* MSR is enumerated by ARCH_CAP_TSX_MSR bit in MSR_IA32_ARCH_CAPABILITIES.208*209* TSX control (aka MSR_IA32_TSX_CTRL) is only available after a210* microcode update on CPUs that have their MSR_IA32_ARCH_CAPABILITIES211* bit MDS_NO=1. CPUs with MDS_NO=0 are not planned to get212* MSR_IA32_TSX_CTRL support even after a microcode update. Thus,213* tsx= cmdline requests will do nothing on CPUs without214* MSR_IA32_TSX_CTRL support.215*/216if (x86_read_arch_cap_msr() & ARCH_CAP_TSX_CTRL_MSR) {217setup_force_cpu_cap(X86_FEATURE_MSR_TSX_CTRL);218} else {219tsx_ctrl_state = TSX_CTRL_NOT_SUPPORTED;220return;221}222223if (tsx_ctrl_state == TSX_CTRL_AUTO)224tsx_ctrl_state = x86_get_tsx_auto_mode();225226if (tsx_ctrl_state == TSX_CTRL_DISABLE) {227tsx_disable();228229/*230* tsx_disable() will change the state of the RTM and HLE CPUID231* bits. Clear them here since they are now expected to be not232* set.233*/234setup_clear_cpu_cap(X86_FEATURE_RTM);235setup_clear_cpu_cap(X86_FEATURE_HLE);236} else if (tsx_ctrl_state == TSX_CTRL_ENABLE) {237238/*239* HW defaults TSX to be enabled at bootup.240* We may still need the TSX enable support241* during init for special cases like242* kexec after TSX is disabled.243*/244tsx_enable();245246/*247* tsx_enable() will change the state of the RTM and HLE CPUID248* bits. Force them here since they are now expected to be set.249*/250setup_force_cpu_cap(X86_FEATURE_RTM);251setup_force_cpu_cap(X86_FEATURE_HLE);252}253}254255void tsx_ap_init(void)256{257tsx_dev_mode_disable();258259if (tsx_ctrl_state == TSX_CTRL_ENABLE)260tsx_enable();261else if (tsx_ctrl_state == TSX_CTRL_DISABLE)262tsx_disable();263else if (tsx_ctrl_state == TSX_CTRL_RTM_ALWAYS_ABORT)264/* See comment over that function for more details. */265tsx_clear_cpuid();266}267268269