lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 25 Oct 2022 10:46:22 +0700
From:   Bagas Sanjaya <bagasdotme@...il.com>
To:     "Guilherme G. Piccoli" <gpiccoli@...lia.com>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org, tglx@...utronix.de,
        mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com,
        hpa@...or.com, luto@...nel.org, corbet@....net,
        linux-doc@...r.kernel.org, kernel-dev@...lia.com,
        kernel@...ccoli.net, Fenghua Yu <fenghua.yu@...el.com>,
        Joshua Ashton <joshua@...ggi.es>,
        Melissa Wen <mwen@...lia.com>,
        Paul Gofman <pgofman@...eweavers.com>,
        Pavel Machek <pavel@...x.de>,
        Pierre-Loup Griffais <pgriffais@...vesoftware.com>,
        Tony Luck <tony.luck@...el.com>,
        Zebediah Figura <zfigura@...eweavers.com>,
        Andre Almeida <andrealmeid@...lia.com>
Subject: Re: [PATCH V3] x86/split_lock: Add sysctl to control the misery mode

On Mon, Oct 24, 2022 at 05:02:54PM -0300, Guilherme G. Piccoli wrote:
> +split_lock_mitigate (x86 only)
> +==============================
> +
> +On x86, each "split lock" imposes a system-wide performance penalty. On larger
> +systems, large numbers of split locks from unprivileged users can result in
> +denials of service to well-behaved and potentially more important users.
> +

DoS which harms legitimate users?

> +The kernel mitigates these bad users by detecting split locks and imposing
> +penalties: forcing them to wait and only allowing one core to execute split
> +locks at a time.
> +
> +These mitigations can make those bad applications unbearably slow. Setting
> +split_lock_mitigate=0 may restore some application performance, but will also
> +increase system exposure to denial of service attacks from split lock users.
> +
> += ===================================================================
> +0 Disable the mitigation mode - just warns the split lock on kernel log
> +  and exposes the system to denials of service from the split lockers.
> +1 Enable the mitigation mode (this is the default) - penalizes the split
> +  lockers with intentional performance degradation.
> += ===================================================================
> +
> +

The prose can be improved:

---- >8 ----

diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
index c2c64c1b706ff6..cdc5b75adb4633 100644
--- a/Documentation/admin-guide/sysctl/kernel.rst
+++ b/Documentation/admin-guide/sysctl/kernel.rst
@@ -1319,22 +1319,21 @@ split_lock_mitigate (x86 only)
 
 On x86, each "split lock" imposes a system-wide performance penalty. On larger
 systems, large numbers of split locks from unprivileged users can result in
-denials of service to well-behaved and potentially more important users.
+denials of service attack.
 
-The kernel mitigates these bad users by detecting split locks and imposing
+The kernel mitigates that condition by detecting split locks and imposing
 penalties: forcing them to wait and only allowing one core to execute split
 locks at a time.
 
-These mitigations can make those bad applications unbearably slow. Setting
-split_lock_mitigate=0 may restore some application performance, but will also
-increase system exposure to denial of service attacks from split lock users.
+These mitigations can make applications which rely on split locks unbearably
+slow. Setting split_lock_mitigate=0 may restore performance, but will also
+increase likelihood of DoS caused by split locks.
 
-= ===================================================================
-0 Disable the mitigation mode - just warns the split lock on kernel log
-  and exposes the system to denials of service from the split lockers.
-1 Enable the mitigation mode (this is the default) - penalizes the split
-  lockers with intentional performance degradation.
-= ===================================================================
+= ==================================================================
+0 Disable the mitigation - just warns the split lock on kernel log.
+1 Enable the mitigation (default) - penalizes the split lockers with
+  intentional performance degradation.
+= ==================================================================
 
 
 stack_erasing

Thanks.

-- 
An old man doll... just what I always wanted! - Clara

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ