Detect AMD TSA mitigations (#166)
References:
* https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
* https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
Will show on all AMD CPUs that are not in the vulnerable range, or use CPUID value.
diff --git a/README.md b/README.md
index 354679d..88d68d5 100644
--- a/README.md
+++ b/README.md
@@ -281,7 +281,7 @@
| AMXBF16 | Tile computational operations on BFLOAT16 numbers |
| AMXINT8 | Tile computational operations on 8-bit integers |
| AMXFP16 | Tile computational operations on FP16 numbers |
-| AMXFP8 | Tile computational operations on FP8 numbers |
+| AMXFP8 | Tile computational operations on FP8 numbers |
| AMXCOMPLEX | Tile computational operations on complex numbers |
| AMXTILE | Tile architecture |
| AMXTF32 | Matrix Multiplication of TF32 Tiles into Packed Single Precision Tile |
@@ -451,6 +451,9 @@
| TLB_FLUSH_NESTED | AMD: Flushing includes all the nested translations for guest translations |
| TME | Intel Total Memory Encryption. The following MSRs are supported: IA32_TME_CAPABILITY, IA32_TME_ACTIVATE, IA32_TME_EXCLUDE_MASK, and IA32_TME_EXCLUDE_BASE. |
| TOPEXT | TopologyExtensions: topology extensions support. Indicates support for CPUID Fn8000_001D_EAX_x[N:0]-CPUID Fn8000_001E_EDX. |
+| TSA_L1_NO | AMD only: Not vulnerable to TSA-L1 |
+| TSA_SQ_NO | AMD only: Not vulnerable to TSA-SQ |
+| TSA_VERW_CLEAR | AMD: If set, the memory form of the VERW instruction may be used to help mitigate TSA |
| TSCRATEMSR | MSR based TSC rate control. Indicates support for MSR TSC ratio MSRC000_0104 |
| TSXLDTRK | Intel TSX Suspend Load Address Tracking |
| VAES | Vector AES. AVX(512) versions requires additional checks. |
diff --git a/cpuid.go b/cpuid.go
index eb50d3a..9cf7738 100644
--- a/cpuid.go
+++ b/cpuid.go
@@ -256,6 +256,9 @@
TLB_FLUSH_NESTED // AMD: Flushing includes all the nested translations for guest translations
TME // Intel Total Memory Encryption. The following MSRs are supported: IA32_TME_CAPABILITY, IA32_TME_ACTIVATE, IA32_TME_EXCLUDE_MASK, and IA32_TME_EXCLUDE_BASE.
TOPEXT // TopologyExtensions: topology extensions support. Indicates support for CPUID Fn8000_001D_EAX_x[N:0]-CPUID Fn8000_001E_EDX.
+ TSA_L1_NO // AMD only: Not vulnerable to TSA-L1
+ TSA_SQ_NO // AM onlyD: Not vulnerable to TSA-SQ
+ TSA_VERW_CLEAR // If set, the memory form of the VERW instruction may be used to help mitigate TSA
TSCRATEMSR // MSR based TSC rate control. Indicates support for MSR TSC ratio MSRC000_0104
TSXLDTRK // Intel TSX Suspend Load Address Tracking
VAES // Vector AES. AVX(512) versions requires additional checks.
@@ -1553,12 +1556,28 @@
}
if maxExtendedFunction() >= 0x80000021 && vend == AMD {
- a, _, _, _ := cpuid(0x80000021)
+ a, _, c, _ := cpuid(0x80000021)
fs.setIf((a>>31)&1 == 1, SRSO_MSR_FIX)
fs.setIf((a>>30)&1 == 1, SRSO_USER_KERNEL_NO)
fs.setIf((a>>29)&1 == 1, SRSO_NO)
fs.setIf((a>>28)&1 == 1, IBPB_BRTYPE)
fs.setIf((a>>27)&1 == 1, SBPB)
+ fs.setIf((c>>1)&1 == 1, TSA_L1_NO)
+ fs.setIf((c>>2)&1 == 1, TSA_SQ_NO)
+ fs.setIf((a>>5)&1 == 1, TSA_VERW_CLEAR)
+ }
+ if vend == AMD {
+ if family < 0x19 {
+ // AMD CPUs that are older than Family 19h are not vulnerable to TSA but do not set TSA_L1_NO or TSA_SQ_NO.
+ // Source: https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
+ fs.set(TSA_L1_NO)
+ fs.set(TSA_SQ_NO)
+ } else if family == 0x1a {
+ // AMD Family 1Ah models 00h-4Fh and 60h-7Fh are also not vulnerable to TSA but do not set TSA_L1_NO or TSA_SQ_NO.
+ // Future AMD CPUs will set these CPUID bits if appropriate. CPUs will be designed to set these CPUID bits if appropriate.
+ notVuln := model <= 0x4f || (model >= 0x60 && model <= 0x7f)
+ fs.setIf(notVuln, TSA_L1_NO, TSA_SQ_NO)
+ }
}
if mfi >= 0x20 {
diff --git a/featureid_string.go b/featureid_string.go
index f39971e..2888bae 100644
--- a/featureid_string.go
+++ b/featureid_string.go
@@ -190,64 +190,67 @@
_ = x[TLB_FLUSH_NESTED-180]
_ = x[TME-181]
_ = x[TOPEXT-182]
- _ = x[TSCRATEMSR-183]
- _ = x[TSXLDTRK-184]
- _ = x[VAES-185]
- _ = x[VMCBCLEAN-186]
- _ = x[VMPL-187]
- _ = x[VMSA_REGPROT-188]
- _ = x[VMX-189]
- _ = x[VPCLMULQDQ-190]
- _ = x[VTE-191]
- _ = x[WAITPKG-192]
- _ = x[WBNOINVD-193]
- _ = x[WRMSRNS-194]
- _ = x[X87-195]
- _ = x[XGETBV1-196]
- _ = x[XOP-197]
- _ = x[XSAVE-198]
- _ = x[XSAVEC-199]
- _ = x[XSAVEOPT-200]
- _ = x[XSAVES-201]
- _ = x[AESARM-202]
- _ = x[ARMCPUID-203]
- _ = x[ASIMD-204]
- _ = x[ASIMDDP-205]
- _ = x[ASIMDHP-206]
- _ = x[ASIMDRDM-207]
- _ = x[ATOMICS-208]
- _ = x[CRC32-209]
- _ = x[DCPOP-210]
- _ = x[EVTSTRM-211]
- _ = x[FCMA-212]
- _ = x[FHM-213]
- _ = x[FP-214]
- _ = x[FPHP-215]
- _ = x[GPA-216]
- _ = x[JSCVT-217]
- _ = x[LRCPC-218]
- _ = x[PMULL-219]
- _ = x[RNDR-220]
- _ = x[TLB-221]
- _ = x[TS-222]
- _ = x[SHA1-223]
- _ = x[SHA2-224]
- _ = x[SHA3-225]
- _ = x[SHA512-226]
- _ = x[SM3-227]
- _ = x[SM4-228]
- _ = x[SVE-229]
- _ = x[PMU_FIXEDCOUNTER_CYCLES-230]
- _ = x[PMU_FIXEDCOUNTER_REFCYCLES-231]
- _ = x[PMU_FIXEDCOUNTER_INSTRUCTIONS-232]
- _ = x[PMU_FIXEDCOUNTER_TOPDOWN_SLOTS-233]
- _ = x[lastID-234]
+ _ = x[TSA_L1_NO-183]
+ _ = x[TSA_SQ_NO-184]
+ _ = x[TSA_VERW_CLEAR-185]
+ _ = x[TSCRATEMSR-186]
+ _ = x[TSXLDTRK-187]
+ _ = x[VAES-188]
+ _ = x[VMCBCLEAN-189]
+ _ = x[VMPL-190]
+ _ = x[VMSA_REGPROT-191]
+ _ = x[VMX-192]
+ _ = x[VPCLMULQDQ-193]
+ _ = x[VTE-194]
+ _ = x[WAITPKG-195]
+ _ = x[WBNOINVD-196]
+ _ = x[WRMSRNS-197]
+ _ = x[X87-198]
+ _ = x[XGETBV1-199]
+ _ = x[XOP-200]
+ _ = x[XSAVE-201]
+ _ = x[XSAVEC-202]
+ _ = x[XSAVEOPT-203]
+ _ = x[XSAVES-204]
+ _ = x[AESARM-205]
+ _ = x[ARMCPUID-206]
+ _ = x[ASIMD-207]
+ _ = x[ASIMDDP-208]
+ _ = x[ASIMDHP-209]
+ _ = x[ASIMDRDM-210]
+ _ = x[ATOMICS-211]
+ _ = x[CRC32-212]
+ _ = x[DCPOP-213]
+ _ = x[EVTSTRM-214]
+ _ = x[FCMA-215]
+ _ = x[FHM-216]
+ _ = x[FP-217]
+ _ = x[FPHP-218]
+ _ = x[GPA-219]
+ _ = x[JSCVT-220]
+ _ = x[LRCPC-221]
+ _ = x[PMULL-222]
+ _ = x[RNDR-223]
+ _ = x[TLB-224]
+ _ = x[TS-225]
+ _ = x[SHA1-226]
+ _ = x[SHA2-227]
+ _ = x[SHA3-228]
+ _ = x[SHA512-229]
+ _ = x[SM3-230]
+ _ = x[SM4-231]
+ _ = x[SVE-232]
+ _ = x[PMU_FIXEDCOUNTER_CYCLES-233]
+ _ = x[PMU_FIXEDCOUNTER_REFCYCLES-234]
+ _ = x[PMU_FIXEDCOUNTER_INSTRUCTIONS-235]
+ _ = x[PMU_FIXEDCOUNTER_TOPDOWN_SLOTS-236]
+ _ = x[lastID-237]
_ = x[firstID-0]
}
-const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXFP16AMXINT8AMXFP8AMXTILEAMXTF32AMXCOMPLEXAMXTRANSPOSEAPX_FAVXAVX10AVX10_128AVX10_256AVX10_512AVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXIFMAAVXNECONVERTAVXSLOWAVXVNNIAVXVNNIINT8AVXVNNIINT16BHI_CTRLBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPCCXADDCMPSB_SCADBS_SHORTCMPXCHG8CPBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBPB_BRTYPEIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKIBS_FETCH_CTLXIBS_OPDATA4IBS_OPFUSEIBS_PREVENTHOSTIBS_ZEN4IDPRED_CTRLINT_WBINVDINVLPGBKEYLOCKERKEYLOCKERWLAHFLAMLBRVIRTLZCNTMCAOVERFLOWMCDT_NOMCOMMITMD_CLEARMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMOVSB_ZLMOVUMPXMSRIRCMSRLISTMSR_PAGEFLUSHNRIPSNXOSXSAVEPCONFIGPOPCNTPPINPREFETCHIPSFDRDPRURDRANDRDSEEDRDTSCPRRSBA_CTRLRTMRTM_ALWAYS_ABORTSBPBSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSGXPQCSHASMESME_COHERENTSM3_X86SM4_X86SPEC_CTRL_SSBDSRBDS_CTRLSRSO_MSR_FIXSRSO_NOSRSO_USER_KERNEL_NOSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWBNOINVDWRMSRNSX87XGETBV1XOPXSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFHMFPFPHPGPAJSCVTLRCPCPMULLRNDRTLBTSSHA1SHA2SHA3SHA512SM3SM4SVEPMU_FIXEDCOUNTER_CYCLESPMU_FIXEDCOUNTER_REFCYCLESPMU_FIXEDCOUNTER_INSTRUCTIONSPMU_FIXEDCOUNTER_TOPDOWN_SLOTSlastID"
+const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXFP16AMXINT8AMXFP8AMXTILEAMXTF32AMXCOMPLEXAMXTRANSPOSEAPX_FAVXAVX10AVX10_128AVX10_256AVX10_512AVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXIFMAAVXNECONVERTAVXSLOWAVXVNNIAVXVNNIINT8AVXVNNIINT16BHI_CTRLBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPCCXADDCMPSB_SCADBS_SHORTCMPXCHG8CPBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBPB_BRTYPEIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKIBS_FETCH_CTLXIBS_OPDATA4IBS_OPFUSEIBS_PREVENTHOSTIBS_ZEN4IDPRED_CTRLINT_WBINVDINVLPGBKEYLOCKERKEYLOCKERWLAHFLAMLBRVIRTLZCNTMCAOVERFLOWMCDT_NOMCOMMITMD_CLEARMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMOVSB_ZLMOVUMPXMSRIRCMSRLISTMSR_PAGEFLUSHNRIPSNXOSXSAVEPCONFIGPOPCNTPPINPREFETCHIPSFDRDPRURDRANDRDSEEDRDTSCPRRSBA_CTRLRTMRTM_ALWAYS_ABORTSBPBSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSGXPQCSHASMESME_COHERENTSM3_X86SM4_X86SPEC_CTRL_SSBDSRBDS_CTRLSRSO_MSR_FIXSRSO_NOSRSO_USER_KERNEL_NOSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSA_L1_NOTSA_SQ_NOTSA_VERW_CLEARTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWBNOINVDWRMSRNSX87XGETBV1XOPXSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFHMFPFPHPGPAJSCVTLRCPCPMULLRNDRTLBTSSHA1SHA2SHA3SHA512SM3SM4SVEPMU_FIXEDCOUNTER_CYCLESPMU_FIXEDCOUNTER_REFCYCLESPMU_FIXEDCOUNTER_INSTRUCTIONSPMU_FIXEDCOUNTER_TOPDOWN_SLOTSlastID"
-var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 61, 68, 75, 85, 97, 102, 105, 110, 119, 128, 137, 141, 151, 163, 171, 179, 187, 195, 202, 212, 222, 230, 240, 251, 259, 269, 287, 302, 309, 321, 328, 335, 346, 358, 366, 370, 374, 380, 385, 393, 398, 404, 408, 417, 435, 443, 450, 454, 458, 472, 478, 482, 486, 495, 499, 503, 508, 513, 517, 521, 528, 532, 535, 541, 544, 547, 557, 567, 580, 593, 597, 608, 612, 626, 643, 646, 656, 667, 673, 681, 692, 700, 712, 728, 742, 753, 763, 778, 786, 797, 807, 814, 823, 833, 837, 840, 847, 852, 863, 870, 877, 885, 888, 894, 899, 908, 915, 923, 927, 930, 936, 943, 956, 961, 963, 970, 977, 983, 987, 996, 1000, 1005, 1011, 1017, 1023, 1033, 1036, 1052, 1056, 1065, 1068, 1077, 1092, 1105, 1111, 1125, 1132, 1135, 1140, 1146, 1149, 1152, 1164, 1171, 1178, 1192, 1202, 1214, 1221, 1240, 1243, 1247, 1251, 1255, 1260, 1265, 1270, 1275, 1289, 1300, 1306, 1309, 1314, 1323, 1327, 1332, 1337, 1343, 1350, 1355, 1358, 1367, 1383, 1386, 1392, 1402, 1410, 1414, 1423, 1427, 1439, 1442, 1452, 1455, 1462, 1470, 1477, 1480, 1487, 1490, 1495, 1501, 1509, 1515, 1521, 1529, 1534, 1541, 1548, 1556, 1563, 1568, 1573, 1580, 1584, 1587, 1589, 1593, 1596, 1601, 1606, 1611, 1615, 1618, 1620, 1624, 1628, 1632, 1638, 1641, 1644, 1647, 1670, 1696, 1725, 1755, 1761}
+var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 61, 68, 75, 85, 97, 102, 105, 110, 119, 128, 137, 141, 151, 163, 171, 179, 187, 195, 202, 212, 222, 230, 240, 251, 259, 269, 287, 302, 309, 321, 328, 335, 346, 358, 366, 370, 374, 380, 385, 393, 398, 404, 408, 417, 435, 443, 450, 454, 458, 472, 478, 482, 486, 495, 499, 503, 508, 513, 517, 521, 528, 532, 535, 541, 544, 547, 557, 567, 580, 593, 597, 608, 612, 626, 643, 646, 656, 667, 673, 681, 692, 700, 712, 728, 742, 753, 763, 778, 786, 797, 807, 814, 823, 833, 837, 840, 847, 852, 863, 870, 877, 885, 888, 894, 899, 908, 915, 923, 927, 930, 936, 943, 956, 961, 963, 970, 977, 983, 987, 996, 1000, 1005, 1011, 1017, 1023, 1033, 1036, 1052, 1056, 1065, 1068, 1077, 1092, 1105, 1111, 1125, 1132, 1135, 1140, 1146, 1149, 1152, 1164, 1171, 1178, 1192, 1202, 1214, 1221, 1240, 1243, 1247, 1251, 1255, 1260, 1265, 1270, 1275, 1289, 1300, 1306, 1309, 1314, 1323, 1327, 1332, 1337, 1343, 1350, 1355, 1358, 1367, 1383, 1386, 1392, 1401, 1410, 1424, 1434, 1442, 1446, 1455, 1459, 1471, 1474, 1484, 1487, 1494, 1502, 1509, 1512, 1519, 1522, 1527, 1533, 1541, 1547, 1553, 1561, 1566, 1573, 1580, 1588, 1595, 1600, 1605, 1612, 1616, 1619, 1621, 1625, 1628, 1633, 1638, 1643, 1647, 1650, 1652, 1656, 1660, 1664, 1670, 1673, 1676, 1679, 1702, 1728, 1757, 1787, 1793}
func (i FeatureID) String() string {
if i < 0 || i >= FeatureID(len(_FeatureID_index)-1) {
