From: Thomas Gleixner <tglx@linutronix.de>
To: Daniel Sneddon <daniel.sneddon@linux.intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "Shutemov, Kirill" <kirill.shutemov@intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org, "Gomez Iglesias,
Antonio" <antonio.gomez.iglesias@intel.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Subject: Re: [PATCH] x86/apic: Don't disable x2APIC if locked
Date: Thu, 11 Aug 2022 00:06:10 +0200 [thread overview]
Message-ID: <87r11nu52l.ffs@tglx> (raw)
In-Reply-To: <341ea6e9-d8f3-ee7a-6794-67408abbf047@linux.intel.com>
On Wed, Aug 10 2022 at 12:40, Daniel Sneddon wrote:
> On 8/10/22 11:52, Dave Hansen wrote:
>> On 8/10/22 11:30, Daniel Sneddon wrote:
>>>> If it's going to be on one server CPU that's coming out in ten years,
>>>> then we can hold off.
>>> SPR will certainly be sooner than 10 years, and with distros running on LTS
>>> kernels, it is probably worth backporting. Since this isn't a bug fix (not a sw
>>> bug anyway), is this something I can just CC stable or is there a better way to
>>> say "Yes, this is a new feature, BUT, you really want it anyway"?
>>
>> It it going to be *forced* on those SPR system? In other words, is it a
>> little BIOS switch that users can flip? Is there any non-kernel
>> workaround if a user hits this, or is the entire burden of this going to
>> be foisted on the kernel?
> It won't be forced, BUT, certain features won't be available if the APIC isn't
> locked. According to the documentation SGX and TDX won't be available if you
> don't lock the APIC. So, yes, you don't have to fix it in the kernel, but you
> may lose access to features if you don't.
>>
>> The worst case scenario would be if a user has managed to compile a
>> CONFIG_X86_X2APIC=n kernel and is happily running along until they get a
>> microcode update, reboot and can't boot any more.
> That _shouldn't_ happen as it is only on new hardware, so a ucode update
> _shouldn't_ cause a crash.
Only on new hardware? The lock mechanism has to be available on _all_
affected systems which support SGX. See
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/intel-sgx-software-and-tcb-recovery-guidance.html
That means at some point in the future the locked x2APIC will be a
prerequisite for attestating a SGX enclave independent of SPR.
So this affects already deployed systems and we have to
- backport the x2apic lock changes
- provide proper diagnostics
- make SGX and TDX depend on X2APIC support
There is not much we can do about an older kernel which fails to boot or
explodes once a BIOS update locks down X2APIC.
Thanks,
tglx
next prev parent reply other threads:[~2022-08-10 22:06 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-09 23:40 [PATCH] x86/apic: Don't disable x2APIC if locked Daniel Sneddon
2022-08-10 18:01 ` Dave Hansen
2022-08-10 18:30 ` Daniel Sneddon
2022-08-10 18:52 ` Dave Hansen
2022-08-10 19:40 ` Daniel Sneddon
2022-08-10 19:59 ` Dave Hansen
2022-08-10 20:06 ` Daniel Sneddon
2022-08-10 20:29 ` Daniel Sneddon
2022-08-10 21:57 ` Dave Hansen
2022-08-10 22:06 ` Thomas Gleixner [this message]
2022-08-10 22:56 ` Daniel Sneddon
2022-08-10 23:03 ` Daniel Sneddon
2022-08-10 23:09 ` Dave Hansen
2022-08-10 23:38 ` Daniel Sneddon
2022-08-10 23:44 ` Dave Hansen
2022-08-11 0:01 ` Daniel Sneddon
2022-08-11 0:38 ` Thomas Gleixner
2022-08-11 0:59 ` Daniel Sneddon
2022-08-11 10:08 ` Huang, Kai
2022-08-11 0:17 ` Thomas Gleixner
2022-08-11 0:40 ` Daniel Sneddon
2022-08-11 8:29 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r11nu52l.ffs@tglx \
--to=tglx@linutronix.de \
--cc=antonio.gomez.iglesias@intel.com \
--cc=bp@alien8.de \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kirill.shutemov@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.