Re: [PATCH v2] x86/split_lock: Handle unexpected split lock as fatal

Next message: Tian, Kevin: "RE: [PATCH v2 0/5] iommu/vt-d: Ensure memory ordering in context &amp; root entry updates"
Previous message: Ming Lei: "Re: [RFC v2 01/11] file: add callback for pre-mapping dmabuf"
In reply to: Xiaoyao Li: "Re: [PATCH v2] x86/split_lock: Handle unexpected split lock as fatal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xiaoyao Li

Date: Wed Jan 07 2026 - 21:20:03 EST

On 1/8/2026 12:06 AM, Dave Hansen wrote:

On 1/7/26 07:24, Edgecombe, Rick P wrote:

If #AC occurs on split lock without X86_FEATURE_SPLIT_LOCK_DETECT,
that sounds more like a naughty hypervisor or buggy CPU that deserves
a BUG_ON() rather than a situation where the kernel wants to move
merrily along.

Can you clarify your feelings on BUG_ON()'s? I was under the impression
that new ones were basically banned, and we should WARN() here to try
to keep running.

Unless we could claim that continuing would destroy something or other
situation a user would never want.

I'm conflicted about BUG_ON() here. It's a pretty nasty thing to be
sending exceptions that the kernel doesn't expect. x86 exception
handling is "fun" and has lots of sharp edges. There are absolutely
windows where the kernel can not recover from exceptions if they happen
in there. The real questions is why the kernel should even try to
recover if it's faced with a borderline malicious hypervisor or CPU so
buggy it's throwing unexpected exceptions.

On the other hand, in practice, this particular code path is from
userspace and a BUG_ON() is an instant DoS.

Balancing all that, a WARN_ON_ONCE() with panic_on_warn=1 is probably
the best course of action here.

Given that WARN_ON_ONCE() is 100% triggerable in TDX guest with a default host (CONFIG_X86_BUS_LOCK_DETECT=y && sld_state != sld_off) , is it OK to add it?

But I still want to hear more about why the enumeration is broken and
can't be fixed.

please see my reply to your original ask.