[tip: x86/splitlock] Documentation/x86: Add ratelimit in buslock.rst
From: tip-bot2 for Fenghua Yu
Date: Tue May 18 2021 - 10:44:45 EST
The following commit has been merged into the x86/splitlock branch of tip:
Commit-ID: d28397eaf4c27947a1ffc720d42e8b3a33ae1e2a
Gitweb: https://git.kernel.org/tip/d28397eaf4c27947a1ffc720d42e8b3a33ae1e2a
Author: Fenghua Yu <fenghua.yu@xxxxxxxxx>
AuthorDate: Mon, 19 Apr 2021 21:49:58
Committer: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
CommitterDate: Tue, 18 May 2021 16:39:31 +02:00
Documentation/x86: Add ratelimit in buslock.rst
ratelimit is a new command line option for bus lock handling. Add proper
documentation.
[ tglx: Massaged documentation ]
Signed-off-by: Fenghua Yu <fenghua.yu@xxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Reviewed-by: Tony Luck <tony.luck@xxxxxxxxx>
Link: https://lore.kernel.org/r/20210419214958.4035512-5-fenghua.yu@xxxxxxxxx
---
Documentation/x86/buslock.rst | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/Documentation/x86/buslock.rst b/Documentation/x86/buslock.rst
index 159ff6b..7c051e7 100644
--- a/Documentation/x86/buslock.rst
+++ b/Documentation/x86/buslock.rst
@@ -63,6 +63,11 @@ parameter "split_lock_detect". Here is a summary of different options:
| |When both features are | |
| |supported, fatal in #AC | |
+------------------+----------------------------+-----------------------+
+|ratelimit:N |Do nothing |Limit bus lock rate to |
+|(0 < N <= 1000) | |N bus locks per second |
+| | |system wide and warn on|
+| | |bus locks. |
++------------------+----------------------------+-----------------------+
Usages
======
@@ -102,3 +107,20 @@ fatal
-----
In this case, the bus lock is not tolerated and the process is killed.
+
+ratelimit
+---------
+
+A system wide bus lock rate limit N is specified where 0 < N <= 1000. This
+allows a bus lock rate up to N bus locks per second. When the bus lock rate
+is exceeded then any task which is caught via the buslock #DB exception is
+throttled by enforced sleeps until the rate goes under the limit again.
+
+This is an effective mitigation in cases where a minimal impact can be
+tolerated, but an eventual Denial of Service attack has to be prevented. It
+allows to identify the offending processes and analyze whether they are
+malicious or just badly written.
+
+Selecting a rate limit of 1000 allows the bus to be locked for up to about
+seven million cycles each second (assuming 7000 cycles for each bus
+lock). On a 2 GHz processor that would be about 0.35% system slowdown.