From: Fenghua Yu <fenghua.yu@intel.com>
To: "Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Peter Zijlstra" <peterz@infradead.org>,
"Randy Dunlap" <rdunlap@infradead.org>,
"Tony Luck" <tony.luck@intel.com>,
"Xiaoyao Li " <xiaoyao.li@intel.com>,
"Ravi V Shankar" <ravi.v.shankar@intel.com>
Cc: "linux-kernel" <linux-kernel@vger.kernel.org>,
"x86" <x86@kernel.org>, Fenghua Yu <fenghua.yu@intel.com>
Subject: [PATCH 4/4] Documentation/x86: Add ratelimit in buslock.rst
Date: Mon, 19 Apr 2021 21:49:58 +0000 [thread overview]
Message-ID: <20210419214958.4035512-5-fenghua.yu@intel.com> (raw)
In-Reply-To: <20210419214958.4035512-1-fenghua.yu@intel.com>
ratelimit is a new option in bus lock handling. Need to add it in
buslock.rst.
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
---
Documentation/x86/buslock.rst | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/Documentation/x86/buslock.rst b/Documentation/x86/buslock.rst
index 4deaf8b82338..87ee5925cb5c 100644
--- a/Documentation/x86/buslock.rst
+++ b/Documentation/x86/buslock.rst
@@ -61,6 +61,11 @@ The kernel #AC and #DB handlers handle bus lock based on kernel parameter
| |When both features are | |
| |supported, fatal in #AC | |
+------------------+----------------------------+-----------------------+
+|ratelimit:N |Do nothing |Limit bus lock rate to |
+|(0 < N <= 1000) | |N bus locks per second |
+| | |system wide and warn on|
+| | |bus locks. |
++------------------+----------------------------+-----------------------+
Usages
======
@@ -108,3 +113,21 @@ fatal
In this case, the bus lock is not tolerated and the process is killed.
It is useful in hard real time system.
+
+ratelimit
+---------
+
+A system wide bus lock rate limit N is specified where 0 < N <= 1000.
+Less bus locks can be generated when N is smaller.
+
+This may find usage in throttling malicious processes in cloud. For
+example, a few malicious users may generate a lot of bus locks to launch
+Denial of Service (DoS) attack. By setting ratelimit, the system wide
+bus locks is rate limited by N bus locks per second and the DoS attack
+will be mitigated. The bus locks are warned so that the system
+administrator can found the malicious users and processes.
+
+Selecting a rate limit of 1000 would allow the bus to be locked for
+up to about seven million cycles each second (assuming 7000 cycles for
+each bus lock). On a 2 GHz processor that would be about 0.35% system
+impact.
--
2.31.1
next prev parent reply other threads:[~2021-04-19 21:50 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-19 21:49 [PATCH 0/4] x86/bus_lock: Set rate limit for bus lock Fenghua Yu
2021-04-19 21:49 ` [PATCH 1/4] Documentation/x86: Add buslock.rst Fenghua Yu
2021-05-18 14:39 ` Thomas Gleixner
2021-05-18 14:44 ` [tip: x86/splitlock] " tip-bot2 for Fenghua Yu
2021-08-18 1:59 ` Xiaoyao Li
2021-08-18 15:36 ` Fenghua Yu
2021-08-19 3:36 ` Xiaoyao Li
2021-04-19 21:49 ` [PATCH 2/4] x86/bus_lock: Set rate limit for bus lock Fenghua Yu
2021-05-18 14:44 ` [tip: x86/splitlock] " tip-bot2 for Fenghua Yu
2021-04-19 21:49 ` [PATCH 3/4] Documentation/admin-guide: Change doc for bus lock ratelimit Fenghua Yu
2021-05-18 14:44 ` [tip: x86/splitlock] Documentation/admin-guide: Add " tip-bot2 for Fenghua Yu
2021-04-19 21:49 ` Fenghua Yu [this message]
2021-05-18 14:44 ` [tip: x86/splitlock] Documentation/x86: Add ratelimit in buslock.rst tip-bot2 for Fenghua Yu
2021-05-17 18:46 ` [PATCH 0/4] x86/bus_lock: Set rate limit for bus lock Fenghua Yu
2021-05-17 19:01 ` Thomas Gleixner
2021-05-17 19:05 ` Fenghua Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210419214958.4035512-5-fenghua.yu@intel.com \
--to=fenghua.yu@intel.com \
--cc=bp@alien8.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=rdunlap@infradead.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).