Intel disables insecure TSX feature on legacy CPUs – Computer – News

Intel decided to disable transaction synchronization extensions in processor chips from Skylake, Kaby Lake, Coffee Lake and Whiskey Lake CPUs. Intel is disabling the feature due to memory arrangement errors and because hackers can exploit it.

Phoronix has discovered that TSX will soon be deprecated in a CPU mini update Accidentally when reading new kernel patches. Disabling TSX will result in poor performance on older chips on certain tasks. TSX is adding hardware transaction memory support to CPUs, giving them up to 40 percent better performance on certain tasks, according to Intel figures. TSX has been in chips based on the Haswell microarchitecture since the Skylake generation since 2013.

In 2016, it was discovered that TSX can be exploited in a side-channel timing attack, in which hackers can break the randomness of a kernal address space layout, or KASLR, to gain access to a system. This is one of the reasons why the feature is not supported.

The most important reason, according to Phoronix, is that TSX can cause an error in the order of the memory, that is, the sequence of memory accesses. Intel posted about this earlier this month white paper in pdf. This issue has been known since 2018 and therefore has already been disabled in SGX and SMM. With the partial update, TSX is no longer accessible and there is no workaround in the Linux kernel.