From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: "Luck, Tony" <tony.luck@intel.com>,
Ingo Molnar <mingo@kernel.org>, Fenghua Yu <fenghua.yu@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
H Peter Anvin <hpa@zytor.com>, Ashok Raj <ashok.raj@intel.com>,
Ravi V Shankar <ravi.v.shankar@intel.com>,
linux-kernel <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>
Subject: Re: [PATCH v10 6/6] x86/split_lock: Enable split lock detection by kernel parameter
Date: Fri, 22 Nov 2019 10:44:57 -0800 [thread overview]
Message-ID: <20191122184457.GA31235@linux.intel.com> (raw)
In-Reply-To: <20191122152715.GA1909@hirez.programming.kicks-ass.net>
On Fri, Nov 22, 2019 at 04:27:15PM +0100, Peter Zijlstra wrote:
> On Fri, Nov 22, 2019 at 11:51:41AM +0100, Peter Zijlstra wrote:
>
> > A non-lethal default enabled variant would be even better for them :-)
>
> diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
> index d779366ce3f8..d23638a0525e 100644
> --- a/arch/x86/include/asm/thread_info.h
> +++ b/arch/x86/include/asm/thread_info.h
> @@ -92,6 +92,7 @@ struct thread_info {
> #define TIF_NOCPUID 15 /* CPUID is not accessible in userland */
> #define TIF_NOTSC 16 /* TSC is not accessible in userland */
> #define TIF_IA32 17 /* IA32 compatibility process */
> +#define TIF_SLD 18 /* split_lock_detect */
Maybe use SLAC (Split-Lock AC) as the acronym? I can't help but read
SLD as "split-lock disabled". And name this TIF_NOSLAC (or TIF_NOSLD if
you don't like SLAC) since it's set when the task is running without #AC?
> #define TIF_NOHZ 19 /* in adaptive nohz mode */
> #define TIF_MEMDIE 20 /* is terminating due to OOM killer */
> #define TIF_POLLING_NRFLAG 21 /* idle is polling for TIF_NEED_RESCHED */
> @@ -122,6 +123,7 @@ struct thread_info {
> #define _TIF_NOCPUID (1 << TIF_NOCPUID)
> #define _TIF_NOTSC (1 << TIF_NOTSC)
> #define _TIF_IA32 (1 << TIF_IA32)
> +#define _TIF_SLD (1 << TIF_SLD)
> #define _TIF_NOHZ (1 << TIF_NOHZ)
> #define _TIF_POLLING_NRFLAG (1 << TIF_POLLING_NRFLAG)
> #define _TIF_IO_BITMAP (1 << TIF_IO_BITMAP)
...
> +void handle_split_lock(void)
> +{
> + return sld_state != sld_off;
> +}
> +
> +void handle_user_split_lock(struct pt_regs *regs, long error_code)
> +{
> + if (sld_state == sld_fatal)
> + return false;
> +
> + pr_alert("#AC: %s/%d took a split_lock trap at address: 0x%lx\n",
> + current->comm, current->pid, regs->ip);
> +
> + __sld_set_msr(false);
> + set_tsk_thread_flag(current, TIF_CLD);
> + return true;
> +}
> +
> +void switch_sld(struct task_struct *prev)
> +{
> + __sld_set_msr(true);
> + clear_tsk_thread_flag(current, TIF_CLD);
> +}
...
> diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
> index bd2a11ca5dd6..c04476a1f970 100644
> --- a/arch/x86/kernel/process.c
> +++ b/arch/x86/kernel/process.c
> @@ -654,6 +654,9 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p)
> /* Enforce MSR update to ensure consistent state */
> __speculation_ctrl_update(~tifn, tifn);
> }
> +
> + if (tifp & _TIF_SLD)
> + switch_sld(prev_p);
> }
Re-enabling #AC when scheduling out the misbehaving task would also work
well for KVM, e.g. call a variant of handle_user_split_lock() on an
unhandled #AC in the guest. We can also reuse KVM's existing code to
restore the MSR on return to userspace so that an #AC in the guest doesn't
disable detection in the userspace VMM.
Alternatively, KVM could manually do it's own thing and context switch
the MSR on VM-Enter/VM-Exit (after an unhandled #AC), but I'd rather keep
this out of the VM-Enter path and also avoid thrashing the MSR on an SMT
CPU. The only downside is that KVM itself would occasionally run with #AC
disabled, but that doesn't seem like a big deal since split locks should
not be magically appearing in KVM.
Last thought, KVM should only expose split lock #AC to the guest if SMT=n
or the host is in "force" mode so that split lock #AC is always enabled
in hardware (for the guest) when then guest wants it enabled. KVM would
obviously not actually disable #AC in hardware when running in force mode,
regardless of the guest's wishes.
> /*
> diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
> index 3451a004e162..3cba28c9c4d9 100644
> --- a/arch/x86/kernel/traps.c
> +++ b/arch/x86/kernel/traps.c
> @@ -242,7 +242,6 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
> {
> struct task_struct *tsk = current;
>
> -
> if (!do_trap_no_signal(tsk, trapnr, str, regs, error_code))
> return;
>
> @@ -288,9 +287,34 @@ DO_ERROR(X86_TRAP_OLD_MF, SIGFPE, 0, NULL, "coprocessor segment overru
> DO_ERROR(X86_TRAP_TS, SIGSEGV, 0, NULL, "invalid TSS", invalid_TSS)
> DO_ERROR(X86_TRAP_NP, SIGBUS, 0, NULL, "segment not present", segment_not_present)
> DO_ERROR(X86_TRAP_SS, SIGBUS, 0, NULL, "stack segment", stack_segment)
> -DO_ERROR(X86_TRAP_AC, SIGBUS, BUS_ADRALN, NULL, "alignment check", alignment_check)
> #undef IP
>
> +dotraplinkage void do_alignment_check(struct pt_regs *regs, long error_code)
> +{
> + unsigned int trapnr = X86_TRAP_AC;
> + char str[] = "alignment check";
> + int signr = SIGBUS;
> +
> + RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU");
> +
> + if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr) == NOTIFY_STOP)
> + return;
> +
> + if (!handle_split_lock())
Pretty sure this should be omitted entirely. For an #AC in the kernel,
simply restarting the instruction will fault indefinitely, e.g. dieing is
probably the best course of action if a (completely unexpteced) #AC occurs
in "off" mode. Dropping this check also lets handle_user_split_lock() do
the right thing for #AC due to EFLAGS.AC=1 (pointed out by Tony).
> + return;
> +
> + if (!user_mode(regs))
> + die("Split lock detected\n", regs, error_code);
> +
> + cond_local_irq_enable(regs);
> +
> + if (handle_user_split_lock(regs, error_code))
> + return;
> +
> + do_trap(X86_TRAP_AC, SIGBUS, "alignment check", regs,
> + error_code, BUS_ADRALN, NULL);
> +}
> +
> #ifdef CONFIG_VMAP_STACK
> __visible void __noreturn handle_stack_overflow(const char *message,
> struct pt_regs *regs,
next prev parent reply other threads:[~2019-11-22 18:45 UTC|newest]
Thread overview: 145+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-21 0:53 [PATCH v10 0/6] Enable split lock detection for real time and debug Fenghua Yu
2019-11-21 0:53 ` [PATCH v10 1/6] x86/msr-index: Add two new MSRs Fenghua Yu
2019-11-21 0:53 ` [PATCH v10 2/6] x86/cpufeatures: Enumerate the IA32_CORE_CAPABILITIES MSR Fenghua Yu
2019-11-21 0:53 ` [PATCH v10 3/6] x86/split_lock: Enumerate split lock detection by " Fenghua Yu
2019-11-21 0:53 ` [PATCH v10 4/6] x86/split_lock: Enumerate split lock detection if the IA32_CORE_CAPABILITIES MSR is not supported Fenghua Yu
2019-11-21 22:07 ` Andy Lutomirski
2019-11-22 0:37 ` Fenghua Yu
2019-11-22 2:13 ` Andy Lutomirski
2019-11-22 9:46 ` Peter Zijlstra
2019-11-21 0:53 ` [PATCH v10 5/6] x86/split_lock: Handle #AC exception for split lock Fenghua Yu
2019-11-21 22:10 ` Andy Lutomirski
2019-11-21 23:14 ` Fenghua Yu
2019-11-21 23:12 ` Andy Lutomirski
2019-11-21 0:53 ` [PATCH v10 6/6] x86/split_lock: Enable split lock detection by kernel parameter Fenghua Yu
2019-11-21 6:04 ` Ingo Molnar
2019-11-21 13:01 ` Peter Zijlstra
2019-11-21 13:15 ` Peter Zijlstra
2019-11-21 21:51 ` Luck, Tony
2019-11-21 22:24 ` Andy Lutomirski
2019-11-21 22:29 ` Luck, Tony
2019-11-21 23:18 ` Andy Lutomirski
2019-11-21 23:53 ` Fenghua Yu
2019-11-22 1:52 ` Sean Christopherson
2019-11-22 2:21 ` Andy Lutomirski
2019-11-22 2:39 ` Xiaoyao Li
2019-11-22 2:57 ` Andy Lutomirski
2019-11-21 23:55 ` Luck, Tony
2019-11-22 0:55 ` Luck, Tony
2019-11-22 10:08 ` Peter Zijlstra
2019-11-21 16:14 ` Fenghua Yu
2019-11-21 17:14 ` Ingo Molnar
2019-11-21 17:35 ` Peter Zijlstra
2019-11-21 17:12 ` Ingo Molnar
2019-11-21 17:34 ` Luck, Tony
2019-11-22 10:51 ` Peter Zijlstra
2019-11-22 15:27 ` Peter Zijlstra
2019-11-22 17:22 ` Luck, Tony
2019-11-22 20:23 ` Peter Zijlstra
2019-11-22 18:02 ` Luck, Tony
2019-11-22 20:23 ` Peter Zijlstra
2019-11-22 20:42 ` Fenghua Yu
2019-11-22 21:25 ` Andy Lutomirski
2019-12-12 8:57 ` Peter Zijlstra
2019-12-12 18:52 ` Luck, Tony
2019-12-12 19:46 ` Luck, Tony
2019-12-12 20:01 ` Andy Lutomirski
2019-12-16 16:21 ` David Laight
2019-11-22 18:44 ` Sean Christopherson [this message]
2019-11-22 20:30 ` Peter Zijlstra
2019-11-23 0:30 ` Luck, Tony
2019-11-25 16:13 ` Sean Christopherson
2019-12-02 18:20 ` Luck, Tony
2019-12-12 8:59 ` Peter Zijlstra
2020-01-10 19:24 ` [PATCH v11] x86/split_lock: Enable split lock detection by kernel Luck, Tony
2020-01-14 5:55 ` Sean Christopherson
2020-01-15 22:27 ` Luck, Tony
2020-01-15 22:57 ` Sean Christopherson
2020-01-15 23:48 ` Luck, Tony
2020-01-22 18:55 ` [PATCH v12] " Luck, Tony
2020-01-22 19:04 ` Borislav Petkov
2020-01-22 20:03 ` Luck, Tony
2020-01-22 20:55 ` Borislav Petkov
2020-01-22 22:42 ` Arvind Sankar
2020-01-22 22:52 ` Arvind Sankar
2020-01-22 23:24 ` Luck, Tony
2020-01-23 0:45 ` Arvind Sankar
2020-01-23 1:23 ` Luck, Tony
2020-01-23 4:21 ` Arvind Sankar
2020-01-23 17:15 ` Luck, Tony
2020-01-23 3:53 ` [PATCH v13] " Luck, Tony
2020-01-23 4:45 ` Arvind Sankar
2020-01-23 23:16 ` [PATCH v14] " Luck, Tony
2020-01-24 21:36 ` Thomas Gleixner
2020-01-25 2:47 ` [PATCH v15] " Luck, Tony
2020-01-25 10:44 ` Borislav Petkov
2020-01-25 19:55 ` Luck, Tony
2020-01-25 20:12 ` Peter Zijlstra
2020-01-25 20:33 ` Borislav Petkov
2020-01-25 21:42 ` Luck, Tony
2020-01-25 22:17 ` Borislav Petkov
2020-01-25 20:29 ` Borislav Petkov
2020-01-25 13:41 ` Thomas Gleixner
2020-01-25 22:07 ` [PATCH v16] " Luck, Tony
2020-01-25 22:43 ` Mark D Rustad
2020-01-25 23:10 ` Luck, Tony
2020-01-26 17:27 ` Mark D Rustad
2020-01-26 20:05 ` [PATCH v17] " Luck, Tony
2020-01-29 12:31 ` Thomas Gleixner
2020-01-29 15:24 ` [tip: x86/cpu] " tip-bot2 for Peter Zijlstra (Intel)
2020-02-03 20:41 ` [PATCH v17] " Sean Christopherson
2020-02-06 0:49 ` [PATCH] x86/split_lock: Avoid runtime reads of the TEST_CTRL MSR Luck, Tony
2020-02-06 1:18 ` Andy Lutomirski
2020-02-06 16:46 ` Luck, Tony
2020-02-06 19:37 ` Andy Lutomirski
2020-03-03 19:22 ` Sean Christopherson
2020-02-04 0:04 ` [PATCH v17] x86/split_lock: Enable split lock detection by kernel Sean Christopherson
2020-02-04 12:52 ` Thomas Gleixner
2020-01-26 0:34 ` [PATCH v16] " Andy Lutomirski
2020-01-26 20:01 ` Luck, Tony
2020-01-25 21:25 ` [PATCH v15] " Arvind Sankar
2020-01-25 21:50 ` Luck, Tony
2020-01-25 23:51 ` Arvind Sankar
2020-01-26 2:52 ` Luck, Tony
2020-01-27 2:05 ` Tony Luck
2020-01-27 8:04 ` Peter Zijlstra
2020-01-27 8:36 ` Peter Zijlstra
2020-01-27 17:35 ` Luck, Tony
2020-01-27 8:02 ` Peter Zijlstra
2019-12-13 0:09 ` [PATCH v11] x86/split_lock: Enable split lock detection by kernel parameter Tony Luck
2019-12-13 0:16 ` Luck, Tony
2019-11-21 17:43 ` [PATCH v10 6/6] " David Laight
2019-11-21 17:51 ` Andy Lutomirski
2019-11-21 18:53 ` Fenghua Yu
2019-11-21 19:01 ` Andy Lutomirski
2019-11-21 20:25 ` Fenghua Yu
2019-11-21 20:19 ` Peter Zijlstra
2019-11-21 19:46 ` Peter Zijlstra
2019-11-21 20:25 ` Peter Zijlstra
2019-11-21 21:22 ` Andy Lutomirski
2019-11-22 9:25 ` Peter Zijlstra
2019-11-22 17:48 ` Luck, Tony
2019-11-22 20:31 ` Peter Zijlstra
2019-11-22 21:23 ` Andy Lutomirski
2019-12-11 17:52 ` Peter Zijlstra
2019-12-11 18:12 ` Andy Lutomirski
2019-12-11 22:34 ` Peter Zijlstra
2019-12-12 19:40 ` Andy Lutomirski
2019-12-16 9:59 ` David Laight
2019-12-16 17:22 ` Andy Lutomirski
2019-12-16 17:45 ` David Laight
2019-12-16 18:06 ` Andy Lutomirski
2019-12-17 10:03 ` David Laight
2019-12-11 18:44 ` Luck, Tony
2019-12-11 22:39 ` Peter Zijlstra
2019-12-12 10:36 ` David Laight
2019-12-12 13:04 ` Peter Zijlstra
2019-12-12 16:02 ` Andy Lutomirski
2019-12-12 16:23 ` David Laight
2019-12-12 16:29 ` David Laight
2019-11-21 19:56 ` Peter Zijlstra
2019-11-21 21:01 ` Andy Lutomirski
2019-11-22 9:36 ` Peter Zijlstra
2019-11-22 9:46 ` David Laight
2019-11-22 20:32 ` Peter Zijlstra
2019-11-21 8:00 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191122184457.GA31235@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=ashok.raj@intel.com \
--cc=bp@alien8.de \
--cc=fenghua.yu@intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.