From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 67148246BB2 for ; Thu, 8 Jan 2026 02:20:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767838806; cv=none; b=MUee8Ceb85K6h+LhCyLunAhNwbJFEhnzAaedrf7F/Y/5PHwNcbL+Ez4CQtT2Oyy8nrGfXbxedIJlPjbxcslnxsTjj/jOa02mlfZSSxu3aN4m6S6SXU265myfv1FrAaRsKEH1eGylEe3JNdSzPGrI9kdQSObJpsy55HJG3uecY5w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767838806; c=relaxed/simple; bh=zhXybLdyKentJnx/rnqDcaB4757DptClqkfkMRfNDK4=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=Au4ZrSuoftMhb+Z841PwmELqAVhgyFh94CpfHTgCp4HLICUMAAasOy2gzxctoHhJkD0tVO2KMH3pCoLU0GGOr5uAKVIl79l1qQBLL5ksYcwPrwmOck9txIZqgHPW6IzIxNOmJzL7vTJrz7GhNaAMM0zsW93Dif8CMNSVdWhaSlw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=l8sWV8C5; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="l8sWV8C5" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1767838806; x=1799374806; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=zhXybLdyKentJnx/rnqDcaB4757DptClqkfkMRfNDK4=; b=l8sWV8C5fmIryOIytvdJrFZojksrfEes4lVOdj48d7G1NY0R6Ab8PRh+ xr3vUQGs6NtQILh2byQ9LCfLGwEyt+xHM1bkxJCStEXC5AeKWTgjKEWuU stXwGETLk+5ULU5BWvJ3+shbPvUybMLxBCRLh5BepX8WtJH3vHJQlfZtR kSzFx3iuoJOqpYG08qnDAHyPTC94AZYO8QxuUKjKVKRJZPL5S7P6jReGl DeaFjrUMCYTc6GpyMJKqFaAU3RMtAjBltorGpOAjCIX4RJavXyGKhAwoI P/YT/+tQTDl0JomgGgAZWqTl6Yz0ninAK9eqRpLxCiJCgtBXMhWch7Jb4 g==; X-CSE-ConnectionGUID: uOo1RbWIQzSFosctVVHCsg== X-CSE-MsgGUID: gt5J7qYqT6CK2zUtv6sBjg== X-IronPort-AV: E=McAfee;i="6800,10657,11664"; a="69373932" X-IronPort-AV: E=Sophos;i="6.21,209,1763452800"; d="scan'208";a="69373932" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Jan 2026 18:20:03 -0800 X-CSE-ConnectionGUID: QQ+Q5t3HRy2F259lpa8NNQ== X-CSE-MsgGUID: GPpQNm3yR8u0EhCUnz59Xg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,209,1763452800"; d="scan'208";a="202979594" Received: from xiaoyaol-hp-g830.ccr.corp.intel.com (HELO [10.124.240.173]) ([10.124.240.173]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Jan 2026 18:19:59 -0800 Message-ID: Date: Thu, 8 Jan 2026 10:19:57 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2] x86/split_lock: Handle unexpected split lock as fatal To: Dave Hansen , "Edgecombe, Rick P" , "tglx@linutronix.de" , "mingo@redhat.com" , "x86@kernel.org" , "dave.hansen@linux.intel.com" , "bp@alien8.de" Cc: "hpa@zytor.com" , "Chatre, Reinette" , "kas@kernel.org" , "linux-kernel@vger.kernel.org" , "Qiang, Chenyi" , "Peng, Chao P" References: <20260107134955.3293885-1-xiaoyao.li@intel.com> <9fbbe3bc-0912-42af-b5c0-abda89e0b621@intel.com> <07cf71d75b25d8be00eac554244d2a2e15845fd5.camel@intel.com> Content-Language: en-US From: Xiaoyao Li In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 1/8/2026 12:06 AM, Dave Hansen wrote: > On 1/7/26 07:24, Edgecombe, Rick P wrote: >>> If #AC occurs on split lock without X86_FEATURE_SPLIT_LOCK_DETECT, >>> that sounds more like a naughty hypervisor or buggy CPU that deserves >>> a BUG_ON() rather than a situation where the kernel wants to move >>> merrily along. >> Can you clarify your feelings on BUG_ON()'s? I was under the impression >> that new ones were basically banned, and we should WARN() here to try >> to keep running. >> >> Unless we could claim that continuing would destroy something or other >> situation a user would never want. > > I'm conflicted about BUG_ON() here. It's a pretty nasty thing to be > sending exceptions that the kernel doesn't expect. x86 exception > handling is "fun" and has lots of sharp edges. There are absolutely > windows where the kernel can not recover from exceptions if they happen > in there. The real questions is why the kernel should even try to > recover if it's faced with a borderline malicious hypervisor or CPU so > buggy it's throwing unexpected exceptions. > > On the other hand, in practice, this particular code path is from > userspace and a BUG_ON() is an instant DoS. > > Balancing all that, a WARN_ON_ONCE() with panic_on_warn=1 is probably > the best course of action here. Given that WARN_ON_ONCE() is 100% triggerable in TDX guest with a default host (CONFIG_X86_BUS_LOCK_DETECT=y && sld_state != sld_off) , is it OK to add it? > But I still want to hear more about why the enumeration is broken and > can't be fixed. please see my reply to your original ask.