A patch queued up into tip/tip.git’s x86/cpu Git branch ahead of the upcoming Linux 6.20~7.0 kernel cycle enables the Intel Transactional Synchronization Extensions (TSX) functionality by default on the mainline kernel for capable CPUs and those not affected by side-channel attacks due to TSX Async Abort (TAA) and similar vulnerabilities. For newer Intel CPUs with safe TSX support, this change can mean better performance with the kernel defaults.
SUSE Linux engineer Nikolay Borisov authored the patch for changing the default Intel TSX mode to “auto” to better match the behavior used by default on SUSE Enterprise Linux:
“At SUSE we’ve been releasing our kernels with TSX enabled for the past 6 years and some customers have started to rely on it. Furthermore, the last known vulnerability concerning TSX was TAA (CVE-2019-11135) and a significant amount time has passed since then without anyone reporting any issues. Intel has released numerous processors which do not have the TAA vulnerability (Cooper/Ice Lake, Sapphire/Emerald/Granite Rappids) yet TSX remains being disabled by default.
The main aim of this patch is to reduce the divergence between SUSE’s configuration and the upstream by switching the default TSX mode to auto. I believe this strikes the right balance between keeping it enabled where appropriate (i.e every machine which doesn’t contain the TAA vulnerability) and disabling it preventively.”
That patch to change the default TSX mode for the Linux kernel from “off” to “auto” is queued now into tip/tip.git’s x86/cpu branch. With it being in a TIP branch, it will likely be submitted for the next kernel cycle (Linux 6.20~7.0) barring any last minute objections to this default change from surfacing.
With the default “auto” mode for TSX, Transactional Synchronization Extensions is enabled for processors believed to be safe against side-channel attacks (a.k.a. newer Intel Xeon processors, see past articles from years ago like Intel To Disable TSX By Default On More CPUs With New Microcode) while those with vulnerabilities like TAA won’t see it enabled by default. For that you need to boot with “tsz=on” for the “on” mode rather than the “auto” mode.
While SUSE’s kernels ship with the auto default already, others like Ubuntu Linux still rely on CONFIG_X86_INTEL_TSX_MODE_OFF=y and thus will hopefully follow the future upstream default moving forward. Checking if TSX support is present and enabled can be done via the hle and rtm flags in /proc/cpuinfo output.
Intel TSX allows for optimizing locking protocols through lock elision for better performance in workloads like databases, high performance computing (HPC), and other workloads sensitive to locking performance. Given this default kernel change coming, time for some fresh Intel TSX performance comparison benchmarks on Phoronix.
