1 .. SPDX-License-Identifier: GPL-2.0
2
3 .. include:: <isonum.txt>
4
5 ===============================
6 Bus lock detection and handling
7 ===============================
8
9 :Copyright: |copy| 2021 Intel Corporation
10 :Authors: - Fenghua Yu <fenghua.yu@intel.com>
11 - Tony Luck <tony.luck@intel.com>
12
13 Problem
14 =======
15
16 A split lock is any atomic operation whose ope
17 Since the operand spans two cache lines and th
18 the system locks the bus while the CPU accesse
19
20 A bus lock is acquired through either split lo
21 memory or any locked access to non-WB memory.
22 cycles slower than an atomic operation within
23 performance on other cores and brings the whol
24
25 Detection
26 =========
27
28 Intel processors may support either or both of
29 mechanisms to detect split locks and bus locks
30
31 #AC exception for split lock detection
32 --------------------------------------
33
34 Beginning with the Tremont Atom CPU split lock
35 Alignment Check (#AC) exception when a split l
36
37 #DB exception for bus lock detection
38 ------------------------------------
39
40 Some CPUs have the ability to notify the kerne
41 instruction acquires a bus lock and is execute
42 terminate the application or to enforce thrott
43
44 Software handling
45 =================
46
47 The kernel #AC and #DB handlers handle bus loc
48 parameter "split_lock_detect". Here is a summa
49
50 +------------------+--------------------------
51 |split_lock_detect=|#AC for split lock
52 +------------------+--------------------------
53 |off |Do nothing
54 +------------------+--------------------------
55 |warn |Kernel OOPs
56 |(default) |Warn once per task, add a
57 | |delay, add synchronization
58 | |to prevent more than one
59 | |core from executing a
60 | |split lock in parallel.
61 | |sysctl split_lock_mitigate
62 | |can be used to avoid the
63 | |delay and synchronization
64 | |When both features are
65 | |supported, warn in #AC
66 +------------------+--------------------------
67 |fatal |Kernel OOPs
68 | |Send SIGBUS to user
69 | |When both features are
70 | |supported, fatal in #AC
71 +------------------+--------------------------
72 |ratelimit:N |Do nothing
73 |(0 < N <= 1000) |
74 | |
75 | |
76 +------------------+--------------------------
77
78 Usages
79 ======
80
81 Detecting and handling bus lock may find usage
82
83 It is critical for real time system designers
84 time systems. These systems run hard real time
85 "untrusted" user processes on other cores. The
86 to have any bus lock from the untrusted proces
87 performance. To date the designers have been u
88 solutions as they have no way to prevent the "
89 generating split lock and bus lock to block th
90 access memory during bus locking.
91
92 It's also useful for general computing to prev
93 applications from slowing down the overall sys
94 with bus lock.
95
96
97 Guidance
98 ========
99 off
100 ---
101
102 Disable checking for split lock and bus lock.
103 there are legacy applications that trigger the
104 that mitigation is not needed.
105
106 warn
107 ----
108
109 A warning is emitted when a bus lock is detect
110 the offending application. This is the default
111
112 fatal
113 -----
114
115 In this case, the bus lock is not tolerated an
116
117 ratelimit
118 ---------
119
120 A system wide bus lock rate limit N is specifi
121 allows a bus lock rate up to N bus locks per s
122 is exceeded then any task which is caught via
123 throttled by enforced sleeps until the rate go
124
125 This is an effective mitigation in cases where
126 tolerated, but an eventual Denial of Service a
127 allows to identify the offending processes and
128 malicious or just badly written.
129
130 Selecting a rate limit of 1000 allows the bus
131 seven million cycles each second (assuming 700
132 lock). On a 2 GHz processor that would be abou
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.