On Mon, Oct 24, 2022 at 05:02:54PM -0300, Guilherme G. Piccoli wrote: > +split_lock_mitigate (x86 only) > +============================== > + > +On x86, each "split lock" imposes a system-wide performance penalty. On larger > +systems, large numbers of split locks from unprivileged users can result in > +denials of service to well-behaved and potentially more important users. > + DoS which harms legitimate users? > +The kernel mitigates these bad users by detecting split locks and imposing > +penalties: forcing them to wait and only allowing one core to execute split > +locks at a time. > + > +These mitigations can make those bad applications unbearably slow. Setting > +split_lock_mitigate=0 may restore some application performance, but will also > +increase system exposure to denial of service attacks from split lock users. > + > += =================================================================== > +0 Disable the mitigation mode - just warns the split lock on kernel log > + and exposes the system to denials of service from the split lockers. > +1 Enable the mitigation mode (this is the default) - penalizes the split > + lockers with intentional performance degradation. > += =================================================================== > + > + The prose can be improved: ---- >8 ---- diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index c2c64c1b706ff6..cdc5b75adb4633 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -1319,22 +1319,21 @@ split_lock_mitigate (x86 only) On x86, each "split lock" imposes a system-wide performance penalty. On larger systems, large numbers of split locks from unprivileged users can result in -denials of service to well-behaved and potentially more important users. +denials of service attack. -The kernel mitigates these bad users by detecting split locks and imposing +The kernel mitigates that condition by detecting split locks and imposing penalties: forcing them to wait and only allowing one core to execute split locks at a time. -These mitigations can make those bad applications unbearably slow. Setting -split_lock_mitigate=0 may restore some application performance, but will also -increase system exposure to denial of service attacks from split lock users. +These mitigations can make applications which rely on split locks unbearably +slow. Setting split_lock_mitigate=0 may restore performance, but will also +increase likelihood of DoS caused by split locks. -= =================================================================== -0 Disable the mitigation mode - just warns the split lock on kernel log - and exposes the system to denials of service from the split lockers. -1 Enable the mitigation mode (this is the default) - penalizes the split - lockers with intentional performance degradation. -= =================================================================== += ================================================================== +0 Disable the mitigation - just warns the split lock on kernel log. +1 Enable the mitigation (default) - penalizes the split lockers with + intentional performance degradation. += ================================================================== stack_erasing Thanks. -- An old man doll... just what I always wanted! - Clara
Attachment:
signature.asc
Description: PGP signature
