6
votes

Is this correct that Hardware Lock Elision is disabled for all current CPUs due to Spectre mitigation, and any attempt to have a mutex using HLE intrinsics/instructions would result in usual mutex?

Is this likely that there will not be anything like HLE mutexes in future to avoid vulnerabilities like Spectre?

1
What is the link between spectre and HLE? xacquire and xrelease (the HLE instructions) avoid adding the acquire and release stores on the lock to the write-set of the thread transaction (otherwise all threads would be serialized as normal). Spectre variants work by mis-training the branch predictor to fetch a sensitive data-dependent line in the cache, meltdown is a little different. Note that if you were referring to the TSX extenstion, used to suppress the exceptions, then it is often disabled due to bugs. Retpolines are a better way to fork the transient e non transient path.Margaret Bloom
I read it here: news.ycombinator.com/item?id=21533791 (but I want some authoritative references as an answer)Alex Guteniev
I think they are disabling HLE to prevent the TAA attack (kernel.org/doc/html/latest/x86/tsx_async_abort.html), not spectre. They probably dubbed HLE as less important than RTM and disabled it altogether.Margaret Bloom

1 Answers

3
votes

So, TSX may be disabled not to mitigate Spectre, but as a part of another vulnerability mitigation, TSX Asynchronous Abort (TAA).

Here's relevant article on Intel website:

Which links to two more detailed articles:

Links contain the following information:

  • Some future or even current CPUs may have hardware mitigation for TAA, detected by IA32_ARCH_CAPABILITIES[TAA_NO]=1.
  • Otherwise if the CPU is susceptible to MDS (IA32_ARCH_CAPABILITIES[MDS_NO]=0), software mitigation for MDS will also mitigate TAA
  • In the case of IA32_ARCH_CAPABILITIES[TAA_NO]=0 and IA32_ARCH_CAPABILITIES[MDS_NO]=1, TAA should be mitigated by one of following:
    • Software mitigation
    • Selectively disabling TSX

Ability for above mentioned selectively disabling TSX arrives with microcode update. After such microcode update, ability to control TSX is controlled by IA32_ARCH_CAPABILITIES[TSX_CTRL] (bit 7)=1.

Now, about HLE. TAA article says:

Some processors may need to load a microcode update to add support for IA32_TSX_CTRL. The MSR supports disabling the RTM functionality of Intel TSX by setting TSX_CTRL_RTM_DISABLE (bit 0). When this bit is set, all RTM transactions will abort with abort code 0 before any instructions can execute within the transaction, even speculatively. On processors that enumerate IA32_ARCH_CAPABILITIES[TSX_CTRL] (bit 7)=1, HLE prefix hints are always ignored.

The HLE feature is also marked as removed in Intel® 64 and IA-32 Architectures Software Developer’s Manual:

2.5 INTEL INSTRUCTION SET ARCHITECTURE AND FEATURES REMOVED

Intel® Memory Protection Extensions (Intel® MPX) MSR_TEST_CTRL, bit 31 (MSR address 33H) Hardware Lock Elision (HLE)

I believe that I have answers to my questions:

Is this correct that Hardware Lock Elision is disabled for all current CPUs due to Spectre TAA mitigation, and any attempt to have a mutex using HLE intrinsics/instructions would result in usual mutex?

Yes. It is deprecated. Unless Intel undeprecates it.

Is this likely that there will not be anything like HLE mutexes in future to avoid vulnerabilities like Spectre?

No. There is still RTM, which may be not disabled, and it can be used to create mutexes like HLE mutexes. There may also may be future processors not susceptible to TAA, RTM may work for them.