| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Jul 2023 16:45:49 -0400
From: Waiman Long <longman@...hat.com>
To: Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Jacob Pan <jacob.jun.pan@...ux.intel.com>,
Len Brown <lenb@...nel.org>, Jonathan Corbet <corbet@....net>,
"Rafael J . Wysocki" <rafael.j.wysocki@...el.com>
Cc: linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
x86@...nel.org, linux-pm@...r.kernel.org,
Robin Jarry <rjarry@...hat.com>, Joe Mario <jmario@...hat.com>,
Randy Dunlap <rdunlap@...radead.org>
Subject: Re: [PATCH v5 4/4] intel_idle: Add ibrs_off module parameter to force
disable IBRS
On 7/10/23 15:48, Waiman Long wrote:
> Commit bf5835bcdb96 ("intel_idle: Disable IBRS during long idle")
> disables IBRS when the cstate is 6 or lower. However, there are
> some use cases where a customer may want to use max_cstate=1 to
> lower latency. Such use cases will suffer from the performance
> degradation caused by the enabling of IBRS in the sibling idle thread.
> Add a "ibrs_off" module parameter to force disable IBRS and the
> CPUIDLE_FLAG_IRQ_ENABLE flag if set.
>
> In the case of a Skylake server with max_cstate=1, this new ibrs_off
> option will likely increase the IRQ response latency as IRQ will now
> be disabled.
>
> When running SPECjbb2015 with cstates set to C1 on a Skylake system.
>
> First test when the kernel is booted with: "intel_idle.ibrs_off"
> max-jOPS = 117828, critical-jOPS = 66047
>
> Then retest when the kernel is booted without the "intel_idle.ibrs_off"
> added.
> max-jOPS = 116408, critical-jOPS = 58958
>
> That means booting with "intel_idle.ibrs_off" improves performance by:
> max-jOPS: 1.2%, which could be considered noise range.
> critical-jOPS: 12%, which is definitely a solid improvement.
>
> The admin-guide/pm/intel_idle.rst file is updated to add a description
> about the new "ibrs_off" module parameter.
>
> Signed-off-by: Waiman Long <longman@...hat.com>
> Acked-by: Rafael J. Wysocki <rafael.j.wysocki@...el.com>
> ---
> Documentation/admin-guide/pm/intel_idle.rst | 17 ++++++++++++++++-
> drivers/idle/intel_idle.c | 11 ++++++++++-
> 2 files changed, 26 insertions(+), 2 deletions(-)
Ping! Is there further suggested changes for this patch series or is it
good enough to be merged?
Thanks,
Longman
>
> diff --git a/Documentation/admin-guide/pm/intel_idle.rst b/Documentation/admin-guide/pm/intel_idle.rst
> index b799a43da62e..39bd6ecce7de 100644
> --- a/Documentation/admin-guide/pm/intel_idle.rst
> +++ b/Documentation/admin-guide/pm/intel_idle.rst
> @@ -170,7 +170,7 @@ and ``idle=nomwait``. If any of them is present in the kernel command line, the
> ``MWAIT`` instruction is not allowed to be used, so the initialization of
> ``intel_idle`` will fail.
>
> -Apart from that there are four module parameters recognized by ``intel_idle``
> +Apart from that there are five module parameters recognized by ``intel_idle``
> itself that can be set via the kernel command line (they cannot be updated via
> sysfs, so that is the only way to change their values).
>
> @@ -216,6 +216,21 @@ are ignored).
> The idle states disabled this way can be enabled (on a per-CPU basis) from user
> space via ``sysfs``.
>
> +The ``ibrs_off`` module parameter is a boolean flag (defaults to
> +false). If set, it is used to control if IBRS (Indirect Branch Restricted
> +Speculation) should be turned off when the CPU enters an idle state.
> +This flag does not affect CPUs that use Enhanced IBRS which can remain
> +on with little performance impact.
> +
> +For some CPUs, IBRS will be selected as mitigation for Spectre v2 and Retbleed
> +security vulnerabilities by default. Leaving the IBRS mode on while idling may
> +have a performance impact on its sibling CPU. The IBRS mode will be turned off
> +by default when the CPU enters into a deep idle state, but not in some
> +shallower ones. Setting the ``ibrs_off`` module parameter will force the IBRS
> +mode to off when the CPU is in any one of the available idle states. This may
> +help performance of a sibling CPU at the expense of a slightly higher wakeup
> +latency for the idle CPU.
> +
>
> .. _intel-idle-core-and-package-idle-states:
>
> diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c
> index c9479f089037..e1b826344682 100644
> --- a/drivers/idle/intel_idle.c
> +++ b/drivers/idle/intel_idle.c
> @@ -69,6 +69,7 @@ static int max_cstate = CPUIDLE_STATE_MAX - 1;
> static unsigned int disabled_states_mask __read_mostly;
> static unsigned int preferred_states_mask __read_mostly;
> static bool force_irq_on __read_mostly;
> +static bool ibrs_off __read_mostly;
>
> static struct cpuidle_device __percpu *intel_idle_cpuidle_devices;
>
> @@ -1919,11 +1920,13 @@ static void state_update_enter_method(struct cpuidle_state *state, int cstate)
> }
>
> if (cpu_feature_enabled(X86_FEATURE_KERNEL_IBRS) &&
> - state->flags & CPUIDLE_FLAG_IBRS) {
> + ((state->flags & CPUIDLE_FLAG_IBRS) || ibrs_off)) {
> /*
> * IBRS mitigation requires that C-states are entered
> * with interrupts disabled.
> */
> + if (ibrs_off && (state->flags & CPUIDLE_FLAG_IRQ_ENABLE))
> + state->flags &= ~CPUIDLE_FLAG_IRQ_ENABLE;
> WARN_ON_ONCE(state->flags & CPUIDLE_FLAG_IRQ_ENABLE);
> state->enter = intel_idle_ibrs;
> return;
> @@ -2346,3 +2349,9 @@ MODULE_PARM_DESC(preferred_cstates, "Mask of preferred idle states");
> * 'CPUIDLE_FLAG_INIT_XSTATE' and 'CPUIDLE_FLAG_IBRS' flags.
> */
> module_param(force_irq_on, bool, 0444);
> +/*
> + * Force the disabling of IBRS when X86_FEATURE_KERNEL_IBRS is on and
> + * CPUIDLE_FLAG_IRQ_ENABLE isn't set.
> + */
> +module_param(ibrs_off, bool, 0444);
> +MODULE_PARM_DESC(ibrs_off, "Disable IBRS when idle");
Powered by blists - more mailing lists