lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240628201839.673086-1-jacob.jun.pan@linux.intel.com>
Date: Fri, 28 Jun 2024 13:18:28 -0700
From: Jacob Pan <jacob.jun.pan@...ux.intel.com>
To: X86 Kernel <x86@...nel.org>,
	Sean Christopherson <seanjc@...gle.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Dave Hansen <dave.hansen@...el.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	"Ingo Molnar" <mingo@...hat.com>,
	"Borislav Petkov" <bp@...en8.de>,
	"Xin Li" <xin3.li@...el.com>,
	linux-perf-users@...r.kernel.org,
	Peter Zijlstra <peterz@...radead.org>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
	Tony Luck <tony.luck@...el.com>,
	Andy Lutomirski <luto@...nel.org>,
	acme@...nel.org,
	kan.liang@...ux.intel.com,
	Andi Kleen <andi.kleen@...el.com>,
	"Mehta, Sohil" <sohil.mehta@...el.com>,
	Jacob Pan <jacob.jun.pan@...ux.intel.com>
Subject: [PATCH v3 00/11] Add support for NMI source reporting

Hi Thomas and all,

Non-Maskable Interrupts (NMIs) are routed to the local Advanced Programmable
Interrupt Controller (APIC) using vector #2. Before the advent of the
Flexible Return and Event Delivery (FRED)[1], the vector information set by
the NMI initiator was disregarded or lost within the hardware, compelling
system software to poll every registered NMI handler to pinpoint the source
of the NMI[2]. This approach led to several issues:

1.	Inefficiency due to the CPU's time spent polling all handlers.
2.	Increased latency from the additional time taken to poll all handlers.
3.	The occurrence of unnecessary NMIs if they are triggered shortly
	after being processed by a different source.

To tackle these challenges, Intel introduced NMI source reporting as a part
of the FRED specification (detailed in Chapter 9). This CPU feature ensures
that while all NMI sources are still aggregated into NMI vector (#2) for
delivery, the source of the NMI is now conveyed through FRED event data
(a 16-bit bitmap on the stack). This allows for the selective dispatch
of the NMI source handler based on the bitmap, eliminating the need to
invoke all NMI source handlers indiscriminately.

In line with the hardware architecture, various interrupt sources can
generate NMIs by encoding an NMI delivery mode. However, this patchset
activates only the local NMI sources that are currently utilized by the
Linux kernel, which includes:

1.	Performance monitoring.
2.	Inter-Processor Interrupts (IPIs) for functions like CPU backtrace,
	machine check, Kernel GNU Debugger (KGDB), reboot, panic stop, and
	self-test.

Other NMI sources will continue to be handled as previously when the NMI
source is not utilized or remains unidentified.

Next steps:
1. KVM support
2. Optimization to reuse IDT NMI vector 2 as NMI source for "known" source.
Link:https://lore.kernel.org/lkml/746fecd5-4c79-42f9-919e-912ec415e73f@zytor.com/


[1] https://www.intel.com/content/www/us/en/content-details/779982/flexible-return-and-event-delivery-fred-specification.html
[2] https://lore.kernel.org/lkml/171011362209.2468526.15187874627966416701.tglx@xen13/


Thanks,

Jacob

---
V3:
	- Added KVM VMX patches to handle NMI exits (Sean)
	- Clean up in KVM for code reuse in PV IPI (patch 10 and 11)
	- Misc fixes based on reviews from HPA, Li Xin, and Sohil
	
Change logs are in individual patches.




Jacob Pan (9):
  x86/irq: Add enumeration of NMI source reporting CPU feature
  x86/irq: Define NMI source vectors
  x86/irq: Extend NMI handler registration interface to include source
  x86/irq: Factor out common NMI handling code
  x86/irq: Process nmi sources in NMI handler
  perf/x86: Enable NMI source reporting for perfmon
  x86/irq: Enable NMI source on IPIs delivered as NMI
  x86/irq: Move __prepare_ICR to x86 common header
  KVM: X86: Use common code for PV IPIs in linux guest

Zeng Guang (2):
  KVM: VMX: Expand FRED kvm entry with event data
  KVM: VMX: Handle NMI Source report in VM exit

 arch/x86/entry/entry_64_fred.S     |   2 +-
 arch/x86/events/amd/ibs.c          |   2 +-
 arch/x86/events/core.c             |   9 ++-
 arch/x86/events/intel/core.c       |   6 +-
 arch/x86/include/asm/apic.h        |  22 ++++++
 arch/x86/include/asm/cpufeatures.h |   1 +
 arch/x86/include/asm/fred.h        |   8 +-
 arch/x86/include/asm/irq_vectors.h |  38 ++++++++++
 arch/x86/include/asm/nmi.h         |   4 +-
 arch/x86/kernel/apic/hw_nmi.c      |   5 +-
 arch/x86/kernel/apic/ipi.c         |   4 +-
 arch/x86/kernel/apic/local.h       |  16 ----
 arch/x86/kernel/cpu/mce/inject.c   |   4 +-
 arch/x86/kernel/cpu/mshyperv.c     |   2 +-
 arch/x86/kernel/kgdb.c             |   6 +-
 arch/x86/kernel/kvm.c              |  10 +--
 arch/x86/kernel/nmi.c              | 117 ++++++++++++++++++++++++++---
 arch/x86/kernel/nmi_selftest.c     |   7 +-
 arch/x86/kernel/reboot.c           |   4 +-
 arch/x86/kernel/smp.c              |   4 +-
 arch/x86/kernel/traps.c            |   4 +-
 arch/x86/kvm/vmx/vmx.c             |  13 +++-
 arch/x86/platform/uv/uv_nmi.c      |   4 +-
 drivers/acpi/apei/ghes.c           |   2 +-
 drivers/char/ipmi/ipmi_watchdog.c  |   2 +-
 drivers/edac/igen6_edac.c          |   2 +-
 drivers/watchdog/hpwdt.c           |   6 +-
 27 files changed, 224 insertions(+), 80 deletions(-)

-- 
2.25.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ