lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210419214958.4035512-5-fenghua.yu@intel.com>
Date:   Mon, 19 Apr 2021 21:49:58 +0000
From:   Fenghua Yu <fenghua.yu@...el.com>
To:     "Thomas Gleixner" <tglx@...utronix.de>,
        "Ingo Molnar" <mingo@...hat.com>, "Borislav Petkov" <bp@...en8.de>,
        "Peter Zijlstra" <peterz@...radead.org>,
        "Randy Dunlap" <rdunlap@...radead.org>,
        "Tony Luck" <tony.luck@...el.com>,
        "Xiaoyao Li " <xiaoyao.li@...el.com>,
        "Ravi V Shankar" <ravi.v.shankar@...el.com>
Cc:     "linux-kernel" <linux-kernel@...r.kernel.org>,
        "x86" <x86@...nel.org>, Fenghua Yu <fenghua.yu@...el.com>
Subject: [PATCH 4/4] Documentation/x86: Add ratelimit in buslock.rst

ratelimit is a new option in bus lock handling. Need to add it in
buslock.rst.

Signed-off-by: Fenghua Yu <fenghua.yu@...el.com>
Reviewed-by: Tony Luck <tony.luck@...el.com>
---
 Documentation/x86/buslock.rst | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/Documentation/x86/buslock.rst b/Documentation/x86/buslock.rst
index 4deaf8b82338..87ee5925cb5c 100644
--- a/Documentation/x86/buslock.rst
+++ b/Documentation/x86/buslock.rst
@@ -61,6 +61,11 @@ The kernel #AC and #DB handlers handle bus lock based on kernel parameter
 |		   |When both features are	|			|
 |		   |supported, fatal in #AC	|			|
 +------------------+----------------------------+-----------------------+
+|ratelimit:N	   |Do nothing			|Limit bus lock rate to	|
+|(0 < N <= 1000)   |				|N bus locks per second	|
+|		   |				|system wide and warn on|
+|		   |				|bus locks.		|
++------------------+----------------------------+-----------------------+
 
 Usages
 ======
@@ -108,3 +113,21 @@ fatal
 In this case, the bus lock is not tolerated and the process is killed.
 
 It is useful in hard real time system.
+
+ratelimit
+---------
+
+A system wide bus lock rate limit N is specified where 0 < N <= 1000.
+Less bus locks can be generated when N is smaller.
+
+This may find usage in throttling malicious processes in cloud. For
+example, a few malicious users may generate a lot of bus locks to launch
+Denial of Service (DoS) attack. By setting ratelimit, the system wide
+bus locks is rate limited by N bus locks per second and the DoS attack
+will be mitigated. The bus locks are warned so that the system
+administrator can found the malicious users and processes.
+
+Selecting a rate limit of 1000 would allow the bus to be locked for
+up to about seven million cycles each second (assuming 7000 cycles for
+each bus lock). On a 2 GHz processor that would be about 0.35% system
+impact.
-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ