linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Thomas Gleixner <tglx@linutronix.de>
To: Daniel Sneddon <daniel.sneddon@linux.intel.com>,
	Dave Hansen <dave.hansen@intel.com>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org, "Shutemov, Kirill" <kirill.shutemov@intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
	linux-kernel@vger.kernel.org, "Gomez Iglesias,
	Antonio" <antonio.gomez.iglesias@intel.com>,
	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Subject: Re: [PATCH] x86/apic: Don't disable x2APIC if locked
Date: Thu, 11 Aug 2022 00:06:10 +0200	[thread overview]
Message-ID: <87r11nu52l.ffs@tglx> (raw)
In-Reply-To: <341ea6e9-d8f3-ee7a-6794-67408abbf047@linux.intel.com>

On Wed, Aug 10 2022 at 12:40, Daniel Sneddon wrote:
> On 8/10/22 11:52, Dave Hansen wrote:
>> On 8/10/22 11:30, Daniel Sneddon wrote:
>>>> If it's going to be on one server CPU that's coming out in ten years,
>>>> then we can hold off.
>>> SPR will certainly be sooner than 10 years, and with distros running on LTS
>>> kernels, it is probably worth backporting.  Since this isn't a bug fix (not a sw
>>> bug anyway), is this something I can just CC stable or is there a better way to
>>> say "Yes, this is a new feature, BUT, you really want it anyway"?
>> 
>> It it going to be *forced* on those SPR system?  In other words, is it a
>> little BIOS switch that users can flip?  Is there any non-kernel
>> workaround if a user hits this, or is the entire burden of this going to
>> be foisted on the kernel?
> It won't be forced, BUT, certain features won't be available if the APIC isn't
> locked.  According to the documentation SGX and TDX won't be available if you
> don't lock the APIC.  So, yes, you don't have to fix it in the kernel, but you
> may lose access to features if you don't.
>> 
>> The worst case scenario would be if a user has managed to compile a
>> CONFIG_X86_X2APIC=n kernel and is happily running along until they get a
>> microcode update, reboot and can't boot any more.
> That _shouldn't_ happen as it is only on new hardware, so a ucode update
> _shouldn't_ cause a crash.

Only on new hardware? The lock mechanism has to be available on _all_
affected systems which support SGX. See

 https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/intel-sgx-software-and-tcb-recovery-guidance.html

That means at some point in the future the locked x2APIC will be a
prerequisite for attestating a SGX enclave independent of SPR.

So this affects already deployed systems and we have to

  - backport the x2apic lock changes

  - provide proper diagnostics

  - make SGX and TDX depend on X2APIC support

There is not much we can do about an older kernel which fails to boot or
explodes once a BIOS update locks down X2APIC.

Thanks,

        tglx


  parent reply	other threads:[~2022-08-10 22:06 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-09 23:40 [PATCH] x86/apic: Don't disable x2APIC if locked Daniel Sneddon
2022-08-10 18:01 ` Dave Hansen
2022-08-10 18:30   ` Daniel Sneddon
2022-08-10 18:52     ` Dave Hansen
2022-08-10 19:40       ` Daniel Sneddon
2022-08-10 19:59         ` Dave Hansen
2022-08-10 20:06           ` Daniel Sneddon
2022-08-10 20:29             ` Daniel Sneddon
2022-08-10 21:57               ` Dave Hansen
2022-08-10 22:06         ` Thomas Gleixner [this message]
2022-08-10 22:56           ` Daniel Sneddon
2022-08-10 23:03           ` Daniel Sneddon
2022-08-10 23:09             ` Dave Hansen
2022-08-10 23:38               ` Daniel Sneddon
2022-08-10 23:44                 ` Dave Hansen
2022-08-11  0:01                   ` Daniel Sneddon
2022-08-11  0:38                     ` Thomas Gleixner
2022-08-11  0:59                       ` Daniel Sneddon
2022-08-11 10:08                         ` Huang, Kai
2022-08-11  0:17                 ` Thomas Gleixner
2022-08-11  0:40                   ` Daniel Sneddon
2022-08-11  8:29               ` Huang, Kai

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87r11nu52l.ffs@tglx \
    --to=tglx@linutronix.de \
    --cc=antonio.gomez.iglesias@intel.com \
    --cc=bp@alien8.de \
    --cc=daniel.sneddon@linux.intel.com \
    --cc=dave.hansen@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=kirill.shutemov@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=pawan.kumar.gupta@linux.intel.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).