lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240612145424.61890aa3@jacob-builder>
Date: Wed, 12 Jun 2024 14:54:24 -0700
From: Jacob Pan <jacob.jun.pan@...ux.intel.com>
To: "H. Peter Anvin" <hpa@...or.com>
Cc: X86 Kernel <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>, Thomas
 Gleixner <tglx@...utronix.de>, Dave Hansen <dave.hansen@...el.com>, Ingo
 Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
 linux-perf-users@...r.kernel.org, Peter Zijlstra <peterz@...radead.org>,
 Andi Kleen <andi.kleen@...el.com>, Xin Li <xin3.li@...el.com>,
 jacob.jun.pan@...ux.intel.com
Subject: Re: [PATCH v2 4/6] x86/irq: Process nmi sources in NMI handler

Hi H.,

On Tue, 11 Jun 2024 11:41:07 -0700, "H. Peter Anvin" <hpa@...or.com> wrote:

> On 6/11/24 09:54, Jacob Pan wrote:
> > +
> > +	source_bitmask = fred_event_data(regs);
> > +	if (!source_bitmask) {
> > +		pr_warn_ratelimited("NMI without source information!
> > Disable source reporting.\n");
> > +		setup_clear_cpu_cap(X86_FEATURE_NMI_SOURCE);
> > +		return 0;
> > +	}  
> 
> Is setup_clear_cpu_cap() even meaningful here?
Right, alternative patching doesn't work here. Let me use a separate flag.

> 
> > +
> > +	/*
> > +	 * Per NMI source specification, there is no guarantee that a
> > valid
> > +	 * NMI vector is always delivered, even when the source
> > specified
> > +	 * one. It is software's responsibility to check all available
> > NMI
> > +	 * sources when bit 0 is set in the NMI source bitmap. i.e. we
> > have
> > +	 * to call every handler as if we have no NMI source.
> > +	 * On the other hand, if we do get non-zero vectors, we know
> > exactly
> > +	 * what the sources are. So we only call the handlers with the
> > bit set.
> > +	 */
> > +	if (source_bitmask & BIT(NMI_SOURCE_VEC_UNKNOWN)) {
> > +		pr_warn_ratelimited("NMI received with unknown
> > source\n");
> > +		return 0;
> > +	}
> > +  
> 
> You can still dispatch the known NMI handlers early before doing the 
> polling.

True, my thinking was based on two conditions:
1. unknown NMI source is a rare/unlikely case
2. when unknown source does get set, it is due to deep CPU idle where
performance optimization is not productive.

So I think any optimization to the unlikely case should not add cost to the
common case. Tracking early/direct dispatched handler adds cost to the
common case. Below is my attempt, there must be a better way.

static int nmi_handle_src(unsigned int type, struct pt_regs *regs, unsigned long *handled_mask)
{
	static bool nmi_source_disabled = false;
	bool has_unknown_src = false;
	unsigned long source_bitmask;
	struct nmiaction *a;
	int handled = 0;
	int vec = 1;

	if (!cpu_feature_enabled(X86_FEATURE_NMI_SOURCE) ||
	    type != NMI_LOCAL || nmi_source_disabled)
		return 0;

	source_bitmask = fred_event_data(regs);
	if (!source_bitmask) {
		pr_warn("NMI received without source information! Disable source reporting.\n");
		nmi_source_disabled = true;
		return 0;
	}

	/*
	 * Per NMI source specification, there is no guarantee that a valid
	 * NMI vector is always delivered, even when the source specified
	 * one. It is software's responsibility to check all available NMI
	 * sources when bit 0 is set in the NMI source bitmap. i.e. we have
	 * to call every handler as if we have no NMI source.
	 * On the other hand, if we do get non-zero vectors, we know exactly
	 * what the sources are. So we only call the handlers with the bit set.
	 */
	if (source_bitmask & BIT(NMI_SOURCE_VEC_UNKNOWN)) {
		pr_warn_ratelimited("NMI received with unknown source\n");
		has_unknown_src = true;
	}

	rcu_read_lock();
	/* Bit 0 is for unknown NMI sources, skip it. */
	for_each_set_bit_from(vec, &source_bitmask, NR_NMI_SOURCE_VECTORS) {
		a = rcu_dereference(nmiaction_src_table[vec]);
		if (!a) {
			pr_warn_ratelimited("NMI received %d no handler", vec);
			continue;
		}
		handled += do_handle_nmi(a, regs, type);
		/*
		 * Needs polling if unknown source bit is set, handled_mask is
		 * used to tell the polling code which NMIs can be skipped.
		 */
		if (has_unknown_src)
			*handled_mask |= BIT(vec);
	}
	rcu_read_unlock();

	return handled;
}

static int nmi_handle(unsigned int type, struct pt_regs *regs)
{
	struct nmi_desc *desc = nmi_to_desc(type);
	unsigned long handled_mask = 0;
	struct nmiaction *a;
	int handled=0;

	/*
	 * Check if the NMI source handling is complete, otherwise polling is
	 * still required. handled_mask is non-zero if NMI source handling is
	 * partial due to unknown NMI sources.
	 */
	handled = nmi_handle_src(type, regs, &handled_mask);
	if (handled && !handled_mask)
		return handled;

	rcu_read_lock();
	/*
	 * NMIs are edge-triggered, which means if you have enough
	 * of them concurrently, you can lose some because only one
	 * can be latched at any given time.  Walk the whole list
	 * to handle those situations.
	 */
	list_for_each_entry_rcu(a, &desc->head, list) {
		/* Skip NMIs handled earlier with source info */
		if (BIT(a->source_vec) & handled_mask)
			continue;
		handled += do_handle_nmi(a, regs, type);
	}
	rcu_read_unlock();

	/* return total number of NMI events handled */
	return handled;
}
NOKPROBE_SYMBOL(nmi_handle);


> > +	rcu_read_lock();
> > +	/* Bit 0 is for unknown NMI sources, skip it. */
> > +	for_each_set_bit_from(vec, &source_bitmask,
> > NR_NMI_SOURCE_VECTORS) {
> > +		a = rcu_dereference(nmiaction_src_table[vec]);
> > +		if (!a) {
> > +			pr_warn_ratelimited("NMI received %d no
> > handler", vec);
> > +			continue;
> > +		}
> > +		handled += do_handle_nmi(a, regs, type);
> > +	}
> > +	rcu_read_unlock();
> > +	return handled;
> > +}
> > +  
> 
> That would mean that you would also need to return a bitmask of which 
> source vectors need to be handled with polling.

Should it be the bitmask to be skipped by polling? see handled_mask in
the code above.



Thanks,

Jacob

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ