问题
Is this correct that Hardware Lock Elision is disabled for all current CPUs due to Spectre mitigation, and any attempt to have a mutex using HLE intrinsics/instructions would result in usual mutex?
Is this likely that there will not be anything like HLE mutexes in future to avoid vulnerabilities like Spectre?
回答1:
So, TSX may be disabled not to mitigate Spectre, but as a part of another vulnerability mitigation, TSX Asynchronous Abort (TAA).
Here's relevant article on Intel website:
- Intel® Transactional Synchronization Extensions (Intel® TSX) Asynchronous Abort / CVE-2019-11135 / INTEL-SA-00270
Which links to two more detailed articles:
- TSX Asynchronous Abort (TAA) CVE-2019-11135
- Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126
Links contain the following information:
- Some future or even current CPUs may have hardware mitigation for TAA, detected by
IA32_ARCH_CAPABILITIES[TAA_NO]=1. - Otherwise if the CPU is susceptible to MDS (
IA32_ARCH_CAPABILITIES[MDS_NO]=0), software mitigation for MDS will also mitigate TAA - In the case of
IA32_ARCH_CAPABILITIES[TAA_NO]=0andIA32_ARCH_CAPABILITIES[MDS_NO]=1, TAA should be mitigated by one of following:- Software mitigation
- Selectively disabling TSX
Ability for above mentioned selectively disabling TSX arrives with microcode update. After such microcode update, ability to control TSX is controlled by IA32_ARCH_CAPABILITIES[TSX_CTRL] (bit 7)=1.
Now, about HLE. TAA article says:
Some processors may need to load a microcode update to add support for
IA32_TSX_CTRL. The MSR supports disabling the RTM functionality of Intel TSX by settingTSX_CTRL_RTM_DISABLE (bit 0). When this bit is set, all RTM transactions will abort with abort code 0 before any instructions can execute within the transaction, even speculatively. On processors that enumerateIA32_ARCH_CAPABILITIES[TSX_CTRL] (bit 7)=1, HLE prefix hints are always ignored.
It is still ambiguous, if statement "On processors that enumerate IA32_ARCH_CAPABILITIES[TSX_CTRL] (bit 7)=1, HLE prefix hints are always ignored" is general, or refers only to the case "When this bit is set".
But since there are (current or future) CPUs not susceptible to TAA, I believe that I have answers to my questions:
Is this correct that Hardware Lock Elision is disabled for all current CPUs due to
SpectreTAA mitigation, and any attempt to have a mutex using HLE intrinsics/instructions would result in usual mutex?
Cannot tell for sure. CPUs that are not susceptible to TAA may be supporting HLE prefixes. It is still unclear if there's current CPU that enables HLE after all necessary updates and mitigations, or will there be some future such CPU.
Is this likely that there will not be anything like HLE mutexes in future to avoid vulnerabilities like Spectre?
No. There is still RTM, which may be not disabled, and it can be used to create mutexes like HLE mutexes.
来源:https://stackoverflow.com/questions/61310108/has-hardware-lock-elision-gone-forever-due-to-spectre-mitigation