[PATCH v3 0/4] x86/bus_lock: Enable bus lock detection

From: Fenghua Yu
Date: Fri Nov 20 2020 - 21:36:55 EST


A bus lock [1] is acquired through either split locked access to
writeback (WB) memory or any locked access to non-WB memory. This is
typically >1000 cycles slower than an atomic operation within
a cache line. It also disrupts performance on other cores.

Although split lock can be detected by #AC trap, the trap is triggered
before the instruction acquires bus lock. This makes it difficult to
mitigate bus lock (e.g. throttle the user application).

Some CPUs have ability to notify the kernel by an #DB trap after a user
instruction acquires a bus lock and is executed. This allows the kernel
to enforce user application throttling or mitigations.

#DB for bus lock detect fixes issues in #AC for split lock detect:
1) It's architectural ... just need to look at one CPUID bit to know it
exists
2) The IA32_DEBUGCTL MSR, which reports bus lock in #DB, is per-thread.
So each process or guest can have different behavior.
3) It has support for VMM/guests (new VMEXIT codes, etc).
4) It detects not only split locks but also bus locks from non-WB.

Hardware only generates #DB for bus lock detect when CPL>0 to avoid
nested #DB from multiple bus locks while the first #DB is being handled.

Use the existing kernel command line option "split_lock_detect=" to handle
#DB for bus lock:

split_lock_detect=
#AC for split lock #DB for bus lock

off Do nothing Do nothing

warn Kernel OOPs Warn once per task and
Warn once per task and and continues to run.
disable future checking When both features are
supported, warn in #DB

fatal Kernel OOPs Send SIGBUS to user.
Send SIGBUS to user When both features are
supported, split lock
triggers #AC and bus lock
from non-WB triggers #DB.

ratelimit:N Do nothing Limit bus lock rate to
N per second in the
current non-root user.

Default split_lock_detect is "warn".

[1] Intel Instruction Set Extension Chapter 8: https://software.intel.com/sites/default/files/managed/c5/15/architecture-instruction-set-extensions-programming-reference.pdf

Change Log:
v3:
- Enable Bus Lock Detection when fatal to handle bus lock from non-WB
(PeterZ).
- Add Acked-by: PeterZ in patch 2.

v2:
- Send SIGBUS in fatal case for bus lock #DB (PeterZ).

v1:
- Check bus lock bit by its positive polarity (Xiaoyao).
- Fix a few wording issues in the documentation (Randy).
[RFC v3 can be found at: https://lore.kernel.org/patchwork/cover/1329943/]

RFC v3:
- Remove DR6_RESERVED change (PeterZ).
- Simplify the documentation (Randy).

RFC v2:
- Architecture changed based on feedback from Thomas and PeterZ. #DB is
no longer generated for bus lock in ring0.
- Split the one single patch into four patches.
[RFC v1 can be found at: https://lore.kernel.org/lkml/1595021700-68460-1-git-send-email-fenghua.yu@xxxxxxxxx/]

Fenghua Yu (4):
x86/cpufeatures: Enumerate #DB for bus lock detection
x86/bus_lock: Handle warn and fatal in #DB for bus lock
x86/bus_lock: Set rate limit for bus lock
Documentation/admin-guide: Change doc for split_lock_detect parameter

.../admin-guide/kernel-parameters.txt | 31 +++-
arch/x86/include/asm/cpu.h | 9 +-
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/include/uapi/asm/debugreg.h | 1 +
arch/x86/kernel/cpu/common.c | 2 +-
arch/x86/kernel/cpu/intel.c | 155 +++++++++++++++---
arch/x86/kernel/traps.c | 7 +
include/linux/sched/user.h | 4 +-
kernel/user.c | 7 +
10 files changed, 186 insertions(+), 32 deletions(-)

--
2.29.2