diff options
author | Fenghua Yu <fenghua.yu@intel.com> | 2021-04-19 21:49:58 +0000 |
---|---|---|
committer | Thomas Gleixner <tglx@linutronix.de> | 2021-05-18 16:39:31 +0200 |
commit | d28397eaf4c27947a1ffc720d42e8b3a33ae1e2a (patch) | |
tree | 727399224d8d8099506d9de93d4498b299eb7bbd /Documentation/x86 | |
parent | 9d839c280b64817345c2fa462c0027a9bd742361 (diff) |
Documentation/x86: Add ratelimit in buslock.rst
ratelimit is a new command line option for bus lock handling. Add proper
documentation.
[ tglx: Massaged documentation ]
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Link: https://lore.kernel.org/r/20210419214958.4035512-5-fenghua.yu@intel.com
Diffstat (limited to 'Documentation/x86')
-rw-r--r-- | Documentation/x86/buslock.rst | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/Documentation/x86/buslock.rst b/Documentation/x86/buslock.rst index 159ff6ba830e..7c051e714943 100644 --- a/Documentation/x86/buslock.rst +++ b/Documentation/x86/buslock.rst @@ -63,6 +63,11 @@ parameter "split_lock_detect". Here is a summary of different options: | |When both features are | | | |supported, fatal in #AC | | +------------------+----------------------------+-----------------------+ +|ratelimit:N |Do nothing |Limit bus lock rate to | +|(0 < N <= 1000) | |N bus locks per second | +| | |system wide and warn on| +| | |bus locks. | ++------------------+----------------------------+-----------------------+ Usages ====== @@ -102,3 +107,20 @@ fatal ----- In this case, the bus lock is not tolerated and the process is killed. + +ratelimit +--------- + +A system wide bus lock rate limit N is specified where 0 < N <= 1000. This +allows a bus lock rate up to N bus locks per second. When the bus lock rate +is exceeded then any task which is caught via the buslock #DB exception is +throttled by enforced sleeps until the rate goes under the limit again. + +This is an effective mitigation in cases where a minimal impact can be +tolerated, but an eventual Denial of Service attack has to be prevented. It +allows to identify the offending processes and analyze whether they are +malicious or just badly written. + +Selecting a rate limit of 1000 allows the bus to be locked for up to about +seven million cycles each second (assuming 7000 cycles for each bus +lock). On a 2 GHz processor that would be about 0.35% system slowdown. |