This week's hardware vulnerabilities

A set of patches has just been pushed into the mainline repository (andstable updates) for yetanother set of hardware vulnerabilities. "TSX async abort" (or TAA)exposes information through the usual side channels by way of internalbuffers used with the transactional memory (TSX) instructions. Mitigationis done by disabling TSX or by clearing the relevant buffers when switchingbetween kernel and user mode. Given that this is not the first problemwith TSX, disabling it entirely is recommended; a microcode update may beneeded to do so, though. This commit containsdocumentation on this vulnerability and its mitigation.

There are also fixes for another vulnerability:it seems that accessing a memory address immediately after the size of thepage containing it was changed (from a regular to a huge page, forexample) can cause the processor to lock up. This behavior is consideredundesirable by many. The vulnerability onlyexists for pages marked as executable; the mitigation is to force allexecutable pages to be the regular, 4K page size.