From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: "Luck, Tony" <tony.luck@intel.com>,
Ingo Molnar <mingo@kernel.org>, Fenghua Yu <fenghua.yu@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
H Peter Anvin <hpa@zytor.com>, Ashok Raj <ashok.raj@intel.com>,
Ravi V Shankar <ravi.v.shankar@intel.com>,
linux-kernel <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>
Subject: Re: [PATCH v10 6/6] x86/split_lock: Enable split lock detection by kernel parameter
Date: Fri, 22 Nov 2019 10:44:57 -0800 [thread overview]
Message-ID: <20191122184457.GA31235@linux.intel.com> (raw)
In-Reply-To: <20191122152715.GA1909@hirez.programming.kicks-ass.net>
On Fri, Nov 22, 2019 at 04:27:15PM +0100, Peter Zijlstra wrote:
> On Fri, Nov 22, 2019 at 11:51:41AM +0100, Peter Zijlstra wrote:
>
> > A non-lethal default enabled variant would be even better for them :-)
>
> diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
> index d779366ce3f8..d23638a0525e 100644
> --- a/arch/x86/include/asm/thread_info.h
> +++ b/arch/x86/include/asm/thread_info.h
> @@ -92,6 +92,7 @@ struct thread_info {
> #define TIF_NOCPUID 15 /* CPUID is not accessible in userland */
> #define TIF_NOTSC 16 /* TSC is not accessible in userland */
> #define TIF_IA32 17 /* IA32 compatibility process */
> +#define TIF_SLD 18 /* split_lock_detect */
Maybe use SLAC (Split-Lock AC) as the acronym? I can't help but read
SLD as "split-lock disabled". And name this TIF_NOSLAC (or TIF_NOSLD if
you don't like SLAC) since it's set when the task is running without #AC?
> #define TIF_NOHZ 19 /* in adaptive nohz mode */
> #define TIF_MEMDIE 20 /* is terminating due to OOM killer */
> #define TIF_POLLING_NRFLAG 21 /* idle is polling for TIF_NEED_RESCHED */
> @@ -122,6 +123,7 @@ struct thread_info {
> #define _TIF_NOCPUID (1 << TIF_NOCPUID)
> #define _TIF_NOTSC (1 << TIF_NOTSC)
> #define _TIF_IA32 (1 << TIF_IA32)
> +#define _TIF_SLD (1 << TIF_SLD)
> #define _TIF_NOHZ (1 << TIF_NOHZ)
> #define _TIF_POLLING_NRFLAG (1 << TIF_POLLING_NRFLAG)
> #define _TIF_IO_BITMAP (1 << TIF_IO_BITMAP)
...
> +void handle_split_lock(void)
> +{
> + return sld_state != sld_off;
> +}
> +
> +void handle_user_split_lock(struct pt_regs *regs, long error_code)
> +{
> + if (sld_state == sld_fatal)
> + return false;
> +
> + pr_alert("#AC: %s/%d took a split_lock trap at address: 0x%lx\n",
> + current->comm, current->pid, regs->ip);
> +
> + __sld_set_msr(false);
> + set_tsk_thread_flag(current, TIF_CLD);
> + return true;
> +}
> +
> +void switch_sld(struct task_struct *prev)
> +{
> + __sld_set_msr(true);
> + clear_tsk_thread_flag(current, TIF_CLD);
> +}
...
> diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
> index bd2a11ca5dd6..c04476a1f970 100644
> --- a/arch/x86/kernel/process.c
> +++ b/arch/x86/kernel/process.c
> @@ -654,6 +654,9 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p)
> /* Enforce MSR update to ensure consistent state */
> __speculation_ctrl_update(~tifn, tifn);
> }
> +
> + if (tifp & _TIF_SLD)
> + switch_sld(prev_p);
> }
Re-enabling #AC when scheduling out the misbehaving task would also work
well for KVM, e.g. call a variant of handle_user_split_lock() on an
unhandled #AC in the guest. We can also reuse KVM's existing code to
restore the MSR on return to userspace so that an #AC in the guest doesn't
disable detection in the userspace VMM.
Alternatively, KVM could manually do it's own thing and context switch
the MSR on VM-Enter/VM-Exit (after an unhandled #AC), but I'd rather keep
this out of the VM-Enter path and also avoid thrashing the MSR on an SMT
CPU. The only downside is that KVM itself would occasionally run with #AC
disabled, but that doesn't seem like a big deal since split locks should
not be magically appearing in KVM.
Last thought, KVM should only expose split lock #AC to the guest if SMT=n
or the host is in "force" mode so that split lock #AC is always enabled
in hardware (for the guest) when then guest wants it enabled. KVM would
obviously not actually disable #AC in hardware when running in force mode,
regardless of the guest's wishes.
> /*
> diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
> index 3451a004e162..3cba28c9c4d9 100644
> --- a/arch/x86/kernel/traps.c
> +++ b/arch/x86/kernel/traps.c
> @@ -242,7 +242,6 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
> {
> struct task_struct *tsk = current;
>
> -
> if (!do_trap_no_signal(tsk, trapnr, str, regs, error_code))
> return;
>
> @@ -288,9 +287,34 @@ DO_ERROR(X86_TRAP_OLD_MF, SIGFPE, 0, NULL, "coprocessor segment overru
> DO_ERROR(X86_TRAP_TS, SIGSEGV, 0, NULL, "invalid TSS", invalid_TSS)
> DO_ERROR(X86_TRAP_NP, SIGBUS, 0, NULL, "segment not present", segment_not_present)
> DO_ERROR(X86_TRAP_SS, SIGBUS, 0, NULL, "stack segment", stack_segment)
> -DO_ERROR(X86_TRAP_AC, SIGBUS, BUS_ADRALN, NULL, "alignment check", alignment_check)
> #undef IP
>
> +dotraplinkage void do_alignment_check(struct pt_regs *regs, long error_code)
> +{
> + unsigned int trapnr = X86_TRAP_AC;
> + char str[] = "alignment check";
> + int signr = SIGBUS;
> +
> + RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU");
> +
> + if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr) == NOTIFY_STOP)
> + return;
> +
> + if (!handle_split_lock())
Pretty sure this should be omitted entirely. For an #AC in the kernel,
simply restarting the instruction will fault indefinitely, e.g. dieing is
probably the best course of action if a (completely unexpteced) #AC occurs
in "off" mode. Dropping this check also lets handle_user_split_lock() do
the right thing for #AC due to EFLAGS.AC=1 (pointed out by Tony).
> + return;
> +
> + if (!user_mode(regs))
> + die("Split lock detected\n", regs, error_code);
> +
> + cond_local_irq_enable(regs);
> +
> + if (handle_user_split_lock(regs, error_code))
> + return;
> +
> + do_trap(X86_TRAP_AC, SIGBUS, "alignment check", regs,
> + error_code, BUS_ADRALN, NULL);
> +}
> +
> #ifdef CONFIG_VMAP_STACK
> __visible void __noreturn handle_stack_overflow(const char *message,
> struct pt_regs *regs,
next prev parent reply other threads:[~2019-11-22 18:45 UTC|newest]
Thread overview: 145+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-21 0:53 [PATCH v10 0/6] Enable split lock detection for real time and debug Fenghua Yu
2019-11-21 0:53 ` [PATCH v10 1/6] x86/msr-index: Add two new MSRs Fenghua Yu
2019-11-21 0:53 ` [PATCH v10 2/6] x86/cpufeatures: Enumerate the IA32_CORE_CAPABILITIES MSR Fenghua Yu
2019-11-21 0:53 ` [PATCH v10 3/6] x86/split_lock: Enumerate split lock detection by " Fenghua Yu
2019-11-21 0:53 ` [PATCH v10 4/6] x86/split_lock: Enumerate split lock detection if the IA32_CORE_CAPABILITIES MSR is not supported Fenghua Yu
2019-11-21 22:07 ` Andy Lutomirski
2019-11-22 0:37 ` Fenghua Yu
2019-11-22 2:13 ` Andy Lutomirski
2019-11-22 9:46 ` Peter Zijlstra
2019-11-21 0:53 ` [PATCH v10 5/6] x86/split_lock: Handle #AC exception for split lock Fenghua Yu
2019-11-21 22:10 ` Andy Lutomirski
2019-11-21 23:14 ` Fenghua Yu
2019-11-21 23:12 ` Andy Lutomirski
2019-11-21 0:53 ` [PATCH v10 6/6] x86/split_lock: Enable split lock detection by kernel parameter Fenghua Yu
2019-11-21 6:04 ` Ingo Molnar
2019-11-21 13:01 ` Peter Zijlstra
2019-11-21 13:15 ` Peter Zijlstra
2019-11-21 21:51 ` Luck, Tony
2019-11-21 22:24 ` Andy Lutomirski
2019-11-21 22:29 ` Luck, Tony
2019-11-21 23:18 ` Andy Lutomirski
2019-11-21 23:53 ` Fenghua Yu
2019-11-22 1:52 ` Sean Christopherson
2019-11-22 2:21 ` Andy Lutomirski
2019-11-22 2:39 ` Xiaoyao Li
2019-11-22 2:57 ` Andy Lutomirski
2019-11-21 23:55 ` Luck, Tony
2019-11-22 0:55 ` Luck, Tony
2019-11-22 10:08 ` Peter Zijlstra
2019-11-21 16:14 ` Fenghua Yu
2019-11-21 17:14 ` Ingo Molnar
2019-11-21 17:35 ` Peter Zijlstra
2019-11-21 17:12 ` Ingo Molnar
2019-11-21 17:34 ` Luck, Tony
2019-11-22 10:51 ` Peter Zijlstra
2019-11-22 15:27 ` Peter Zijlstra
2019-11-22 17:22 ` Luck, Tony
2019-11-22 20:23 ` Peter Zijlstra
2019-11-22 18:02 ` Luck, Tony
2019-11-22 20:23 ` Peter Zijlstra
2019-11-22 20:42 ` Fenghua Yu
2019-11-22 21:25 ` Andy Lutomirski
2019-12-12 8:57 ` Peter Zijlstra
2019-12-12 18:52 ` Luck, Tony
2019-12-12 19:46 ` Luck, Tony
2019-12-12 20:01 ` Andy Lutomirski
2019-12-16 16:21 ` David Laight
2019-11-22 18:44 ` Sean Christopherson [this message]
2019-11-22 20:30 ` Peter Zijlstra
2019-11-23 0:30 ` Luck, Tony
2019-11-25 16:13 ` Sean Christopherson
2019-12-02 18:20 ` Luck, Tony
2019-12-12 8:59 ` Peter Zijlstra
2020-01-10 19:24 ` [PATCH v11] x86/split_lock: Enable split lock detection by kernel Luck, Tony
2020-01-14 5:55 ` Sean Christopherson
2020-01-15 22:27 ` Luck, Tony
2020-01-15 22:57 ` Sean Christopherson
2020-01-15 23:48 ` Luck, Tony
2020-01-22 18:55 ` [PATCH v12] " Luck, Tony
2020-01-22 19:04 ` Borislav Petkov
2020-01-22 20:03 ` Luck, Tony
2020-01-22 20:55 ` Borislav Petkov
2020-01-22 22:42 ` Arvind Sankar
2020-01-22 22:52 ` Arvind Sankar
2020-01-22 23:24 ` Luck, Tony
2020-01-23 0:45 ` Arvind Sankar
2020-01-23 1:23 ` Luck, Tony
2020-01-23 4:21 ` Arvind Sankar
2020-01-23 17:15 ` Luck, Tony
2020-01-23 3:53 ` [PATCH v13] " Luck, Tony
2020-01-23 4:45 ` Arvind Sankar
2020-01-23 23:16 ` [PATCH v14] " Luck, Tony
2020-01-24 21:36 ` Thomas Gleixner
2020-01-25 2:47 ` [PATCH v15] " Luck, Tony
2020-01-25 10:44 ` Borislav Petkov
2020-01-25 19:55 ` Luck, Tony
2020-01-25 20:12 ` Peter Zijlstra
2020-01-25 20:33 ` Borislav Petkov
2020-01-25 21:42 ` Luck, Tony
2020-01-25 22:17 ` Borislav Petkov
2020-01-25 20:29 ` Borislav Petkov
2020-01-25 13:41 ` Thomas Gleixner
2020-01-25 22:07 ` [PATCH v16] " Luck, Tony
2020-01-25 22:43 ` Mark D Rustad
2020-01-25 23:10 ` Luck, Tony
2020-01-26 17:27 ` Mark D Rustad
2020-01-26 20:05 ` [PATCH v17] " Luck, Tony
2020-01-29 12:31 ` Thomas Gleixner
2020-01-29 15:24 ` [tip: x86/cpu] " tip-bot2 for Peter Zijlstra (Intel)
2020-02-03 20:41 ` [PATCH v17] " Sean Christopherson
2020-02-06 0:49 ` [PATCH] x86/split_lock: Avoid runtime reads of the TEST_CTRL MSR Luck, Tony
2020-02-06 1:18 ` Andy Lutomirski
2020-02-06 16:46 ` Luck, Tony
2020-02-06 19:37 ` Andy Lutomirski
2020-03-03 19:22 ` Sean Christopherson
2020-02-04 0:04 ` [PATCH v17] x86/split_lock: Enable split lock detection by kernel Sean Christopherson
2020-02-04 12:52 ` Thomas Gleixner
2020-01-26 0:34 ` [PATCH v16] " Andy Lutomirski
2020-01-26 20:01 ` Luck, Tony
2020-01-25 21:25 ` [PATCH v15] " Arvind Sankar
2020-01-25 21:50 ` Luck, Tony
2020-01-25 23:51 ` Arvind Sankar
2020-01-26 2:52 ` Luck, Tony
2020-01-27 2:05 ` Tony Luck
2020-01-27 8:04 ` Peter Zijlstra
2020-01-27 8:36 ` Peter Zijlstra
2020-01-27 17:35 ` Luck, Tony
2020-01-27 8:02 ` Peter Zijlstra
2019-12-13 0:09 ` [PATCH v11] x86/split_lock: Enable split lock detection by kernel parameter Tony Luck
2019-12-13 0:16 ` Luck, Tony
2019-11-21 17:43 ` [PATCH v10 6/6] " David Laight
2019-11-21 17:51 ` Andy Lutomirski
2019-11-21 18:53 ` Fenghua Yu
2019-11-21 19:01 ` Andy Lutomirski
2019-11-21 20:25 ` Fenghua Yu
2019-11-21 20:19 ` Peter Zijlstra
2019-11-21 19:46 ` Peter Zijlstra
2019-11-21 20:25 ` Peter Zijlstra
2019-11-21 21:22 ` Andy Lutomirski
2019-11-22 9:25 ` Peter Zijlstra
2019-11-22 17:48 ` Luck, Tony
2019-11-22 20:31 ` Peter Zijlstra
2019-11-22 21:23 ` Andy Lutomirski
2019-12-11 17:52 ` Peter Zijlstra
2019-12-11 18:12 ` Andy Lutomirski
2019-12-11 22:34 ` Peter Zijlstra
2019-12-12 19:40 ` Andy Lutomirski
2019-12-16 9:59 ` David Laight
2019-12-16 17:22 ` Andy Lutomirski
2019-12-16 17:45 ` David Laight
2019-12-16 18:06 ` Andy Lutomirski
2019-12-17 10:03 ` David Laight
2019-12-11 18:44 ` Luck, Tony
2019-12-11 22:39 ` Peter Zijlstra
2019-12-12 10:36 ` David Laight
2019-12-12 13:04 ` Peter Zijlstra
2019-12-12 16:02 ` Andy Lutomirski
2019-12-12 16:23 ` David Laight
2019-12-12 16:29 ` David Laight
2019-11-21 19:56 ` Peter Zijlstra
2019-11-21 21:01 ` Andy Lutomirski
2019-11-22 9:36 ` Peter Zijlstra
2019-11-22 9:46 ` David Laight
2019-11-22 20:32 ` Peter Zijlstra
2019-11-21 8:00 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191122184457.GA31235@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=ashok.raj@intel.com \
--cc=bp@alien8.de \
--cc=fenghua.yu@intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).