Re: [PATCH] x86/apic: Don't disable x2APIC if locked

From: Thomas Gleixner
Date: Wed Aug 10 2022 - 18:06:18 EST

Next message: Michael Walle: "[PATCH v2 0/7] mtd: spi-nor: generic flash driver"
Previous message: Ruffalo Lavoisier: "[PATCH] mt76: connac: fix in comment"
In reply to: Dave Hansen: "Re: [PATCH] x86/apic: Don't disable x2APIC if locked"
Next in thread: Daniel Sneddon: "Re: [PATCH] x86/apic: Don't disable x2APIC if locked"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 10 2022 at 12:40, Daniel Sneddon wrote:
> On 8/10/22 11:52, Dave Hansen wrote:
>> On 8/10/22 11:30, Daniel Sneddon wrote:
>>>> If it's going to be on one server CPU that's coming out in ten years,
>>>> then we can hold off.
>>> SPR will certainly be sooner than 10 years, and with distros running on LTS
>>> kernels, it is probably worth backporting. Since this isn't a bug fix (not a sw
>>> bug anyway), is this something I can just CC stable or is there a better way to
>>> say "Yes, this is a new feature, BUT, you really want it anyway"?
>>
>> It it going to be *forced* on those SPR system? In other words, is it a
>> little BIOS switch that users can flip? Is there any non-kernel
>> workaround if a user hits this, or is the entire burden of this going to
>> be foisted on the kernel?
> It won't be forced, BUT, certain features won't be available if the APIC isn't
> locked. According to the documentation SGX and TDX won't be available if you
> don't lock the APIC. So, yes, you don't have to fix it in the kernel, but you
> may lose access to features if you don't.
>>
>> The worst case scenario would be if a user has managed to compile a
>> CONFIG_X86_X2APIC=n kernel and is happily running along until they get a
>> microcode update, reboot and can't boot any more.
> That _shouldn't_ happen as it is only on new hardware, so a ucode update
> _shouldn't_ cause a crash.

Only on new hardware? The lock mechanism has to be available on _all_
affected systems which support SGX. See

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/intel-sgx-software-and-tcb-recovery-guidance.html

That means at some point in the future the locked x2APIC will be a
prerequisite for attestating a SGX enclave independent of SPR.

So this affects already deployed systems and we have to

- backport the x2apic lock changes

- provide proper diagnostics

- make SGX and TDX depend on X2APIC support

There is not much we can do about an older kernel which fails to boot or
explodes once a BIOS update locks down X2APIC.

Thanks,

tglx

Next message: Michael Walle: "[PATCH v2 0/7] mtd: spi-nor: generic flash driver"
Previous message: Ruffalo Lavoisier: "[PATCH] mt76: connac: fix in comment"
In reply to: Dave Hansen: "Re: [PATCH] x86/apic: Don't disable x2APIC if locked"
Next in thread: Daniel Sneddon: "Re: [PATCH] x86/apic: Don't disable x2APIC if locked"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]