Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp1704429pxx;
        Fri, 30 Oct 2020 17:31:48 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxVQ9G/kulUmk8Vm6e0ggpG08cBlYZlQg4EvFzerCDvh4Ppg41wKNGVU9C1vfjK/4daQtJo
X-Received: by 2002:aa7:d988:: with SMTP id u8mr5426067eds.64.1604104308709;
        Fri, 30 Oct 2020 17:31:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1604104308; cv=none;
        d=google.com; s=arc-20160816;
        b=cLXV5VRaee09GTljXVV5TeI0tW+NCdQqvJNtm2iLUwKAJUOPvL4S2I06jXLP40TVRJ
         7q3Ws94Nhuuq2M/P5Xl7D3Il8pAOEygG72ViCZjTU+FNCO7VbfNm0hgxFJPB+W+fXwTI
         of/KYqm0GB6GZ1JK5gyuAyjOLdLjLGZfSjn3kty8dRQCqno/4bdBzc7+ha4cUeWjp1wk
         Ew4jH/ZPCJP38JIGNN+Ff0bGX/IO41NF9kANCZoee/8sE0e0LPVRh1bVr9Enf58/zBJc
         MM+tbV7/eQ78JXvv4gNXv5Up6UVerEYPDNocF/oHZ5ahgAJfzidndzg1c8aieIjb1ONQ
         C1fw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:ironport-sdr:ironport-sdr;
        bh=X6zl9xPb6CAtJirnnHTrIqUdQNB9PQXozPtmqrtS6mg=;
        b=WW2BR+JIpVwcR1CXEVocCfLcT4fkI+/W6qOyfCBn7BPA/Crkw8qOJaBo3E466JjEWo
         oBMecCmm0ZU/TNQw67/qzfEpIqjs0iuzXzeZB4Ocf86L/J8dNCu2Tr8Iy3J/B/s4WBHf
         OhtC1jRP31ezVV0dJoDtGg4dPrO9rcWtY4mnEpemxTFliRwAc8EJ5SOFfJhOEJR/PzTX
         JptfKkWHj3wIaKe2lWFnDeB72bAZUAqQczs+b4bsNwdahFwiNLvBL9YNMCjduQimq565
         SU7epKsxbq/ZCcyvnyB8bjXUQQRfb2JcPyTdVMFX1LoftffsVb38imiD+r7HqJn4eOjm
         ORmQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id n9si5417997ejx.364.2020.10.30.17.31.25;
        Fri, 30 Oct 2020 17:31:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725800AbgJaA1x (ORCPT <rfc822;zcyberian@gmail.com> + 99 others);
        Fri, 30 Oct 2020 20:27:53 -0400
Received: from mga06.intel.com ([134.134.136.31]:24067 "EHLO mga06.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725446AbgJaA1x (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 30 Oct 2020 20:27:53 -0400
IronPort-SDR: m9/GxqAQraEtEekYzt+V6sb68YWpSJtzWr2qvFpQKNBALJRf8kTQ2QzNVql1WWb6TYwYJCMYFk
 S6Mv9hl+SXCQ==
X-IronPort-AV: E=McAfee;i="6000,8403,9790"; a="230318023"
X-IronPort-AV: E=Sophos;i="5.77,435,1596524400"; 
   d="scan'208";a="230318023"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Oct 2020 17:27:53 -0700
IronPort-SDR: MQlrTZMYLXGOeRlKjMOe8kvXP6V7s+AUaJYIEoF0cDAgfKNVho4uRVnXjzicC8hJ+69Ow5snBy
 j+KJTo3cZGOg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.77,435,1596524400"; 
   d="scan'208";a="469683903"
Received: from otcwcpicx6.sc.intel.com ([172.25.55.29])
  by orsmga004.jf.intel.com with ESMTP; 30 Oct 2020 17:27:52 -0700
From:   Fenghua Yu <fenghua.yu@intel.com>
To:     "Thomas Gleixner" <tglx@linutronix.de>,
        "Borislav Petkov" <bp@alien8.de>, "Ingo Molnar" <mingo@redhat.com>,
        "Peter Zijlstra" <peterz@infradead.org>,
        "Randy Dunlap" <rdunlap@infradead.org>,
        "Tony Luck" <tony.luck@intel.com>,
        "Christopherson Sean J" <sean.j.christopherson@intel.com>,
        "Ashok Raj" <ashok.raj@intel.com>,
        "Ravi V Shankar" <ravi.v.shankar@intel.com>
Cc:     "linux-kernel" <linux-kernel@vger.kernel.org>,
        "x86" <x86@kernel.org>, Fenghua Yu <fenghua.yu@intel.com>
Subject: [PATCH RFC v3 0/4] x86/bus_lock: Enable bus lock detection
Date:   Sat, 31 Oct 2020 00:27:10 +0000
Message-Id: <20201031002714.3649728-1-fenghua.yu@intel.com>
X-Mailer: git-send-email 2.29.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

A bus lock [1] is acquired either through split locked access to
writeback (WB) memory or by using locks to uncacheable (UC) memory
(e.g. direct device assignment). This is typically >1000 cycles slower
than an atomic operation within a cache line. It also disrupts performance
on other cores.

Although split lock can be detected by #AC trap, the trap is triggered
before the instruction acquires bus lock. This makes it difficult to
mitigate bus lock (e.g. throttle the user application).

Some CPUs have ability to notify the kernel by an #DB trap after a user
instruction acquires a bus lock and is executed. This allows the kernel
to enforce user application throttling or mitigations.

#DB for bus lock detect fixes issues in #AC for split lock detect:
1) It's architectural ... just need to look at one CPUID bit to know it
   exists
2) The IA32_DEBUGCTL MSR, which reports bus lock in #DB, is per-thread.
   So each process or guest can have different behavior.
3) It has support for VMM/guests (new VMEXIT codes, etc).

Hardware only generates #DB for bus lock detect when CPL>0 to avoid
nested #DB from multiple bus locks while the first #DB is being handled.

Use the existing kernel command line option "split_lock_detect=" to handle
#DB for bus lock:

split_lock_detect=
		#AC for split lock		#DB for bus lock

off		Do nothing			Do nothing

warn		Kernel OOPs			Warn once per task and
		Warn once per task and		and continues to run.
		disable future checking 	When both features are
						supported, warn in #DB

fatal		Kernel OOPs			Send SIGBUS to user
		Send SIGBUS to user
		When both features are
		supported, fatal in #AC.

ratelimit:N	Do nothing			Limit bus lock rate to
						N per second in the
						current non root user.

Default split_lock_detect is "warn".

[1] Chapter 8 https://software.intel.com/sites/default/files/managed/c5/15/architecture-instruction-set-extensions-programming-reference.pdf

Change Log:
RFC v3:
- Remove DR6_RESERVED change (PeterZ).
- Simplify the documentation (Randy).

RFC v2:
- Architecture changed based on feedback from Thomas and PeterZ. #DB is
  no longer generated for bus lock in ring0.
- Split the one single patch into four patches.
[RFC v1 can be found at: https://lore.kernel.org/lkml/1595021700-68460-1-git-send-email-fenghua.yu@intel.com/]

Fenghua Yu (4):
  x86/cpufeatures: Enumerate #DB for bus lock detection
  x86/bus_lock: Handle warn and fatal in #DB for bus lock
  x86/bus_lock: Set rate limit for bus lock
  Documentation/admin-guide: Change doc for split_lock_detect parameter

 .../admin-guide/kernel-parameters.txt         |  28 +++-
 arch/x86/include/asm/cpu.h                    |  10 +-
 arch/x86/include/asm/cpufeatures.h            |   1 +
 arch/x86/include/asm/msr-index.h              |   1 +
 arch/x86/include/uapi/asm/debugreg.h          |   1 +
 arch/x86/kernel/cpu/common.c                  |   2 +-
 arch/x86/kernel/cpu/intel.c                   | 145 +++++++++++++++---
 arch/x86/kernel/traps.c                       |   7 +
 include/linux/sched/user.h                    |   4 +-
 kernel/user.c                                 |   7 +
 10 files changed, 176 insertions(+), 30 deletions(-)

-- 
2.29.1