Re: [PATCH] x86/apic: Don't disable x2APIC if locked

From: Daniel Sneddon
Date: Wed Aug 10 2022 - 18:56:49 EST

Next message: Dmitry Torokhov: "Re: [PATCH] dt-bindings: input: ariel-pwrbutton: use spi-peripheral-props.yaml"
Previous message: Dave Chinner: "Re: [PATCH] fs/xfs: Use atomic64_try_cmpxchg in xlog_grant_{add,sub}_space"
In reply to: Thomas Gleixner: "Re: [PATCH] x86/apic: Don't disable x2APIC if locked"
Next in thread: Daniel Sneddon: "Re: [PATCH] x86/apic: Don't disable x2APIC if locked"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/10/22 15:06, Thomas Gleixner wrote:
> On Wed, Aug 10 2022 at 12:40, Daniel Sneddon wrote:
>> On 8/10/22 11:52, Dave Hansen wrote:
>>> On 8/10/22 11:30, Daniel Sneddon wrote:
>>>>> If it's going to be on one server CPU that's coming out in ten years,
>>>>> then we can hold off.
>>>> SPR will certainly be sooner than 10 years, and with distros running on LTS
>>>> kernels, it is probably worth backporting. Since this isn't a bug fix (not a sw
>>>> bug anyway), is this something I can just CC stable or is there a better way to
>>>> say "Yes, this is a new feature, BUT, you really want it anyway"?
>>>
>>> It it going to be *forced* on those SPR system? In other words, is it a
>>> little BIOS switch that users can flip? Is there any non-kernel
>>> workaround if a user hits this, or is the entire burden of this going to
>>> be foisted on the kernel?
>> It won't be forced, BUT, certain features won't be available if the APIC isn't
>> locked. According to the documentation SGX and TDX won't be available if you
>> don't lock the APIC. So, yes, you don't have to fix it in the kernel, but you
>> may lose access to features if you don't.
>>>
>>> The worst case scenario would be if a user has managed to compile a
>>> CONFIG_X86_X2APIC=n kernel and is happily running along until they get a
>>> microcode update, reboot and can't boot any more.
>> That _shouldn't_ happen as it is only on new hardware, so a ucode update
>> _shouldn't_ cause a crash.
>
> Only on new hardware? The lock mechanism has to be available on _all_
> affected systems which support SGX. See
>
> https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/intel-sgx-software-and-tcb-recovery-guidance.html

I asked the architect and security team that came up with that new MSR if it was
going to be backported via ucode updates and I was told no.

"Only SPR and newer. See the IA32_XAPIC_DISABLE_STATUS documentation at
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/cpuid-enumeration-and-architectural-msrs.html.";

So, it appears we have a war between which documentation do we believe!

I do have a few follow up questions I'm waiting on being answered to help
clarify all this.

Thanks,
Dan

Next message: Dmitry Torokhov: "Re: [PATCH] dt-bindings: input: ariel-pwrbutton: use spi-peripheral-props.yaml"
Previous message: Dave Chinner: "Re: [PATCH] fs/xfs: Use atomic64_try_cmpxchg in xlog_grant_{add,sub}_space"
In reply to: Thomas Gleixner: "Re: [PATCH] x86/apic: Don't disable x2APIC if locked"
Next in thread: Daniel Sneddon: "Re: [PATCH] x86/apic: Don't disable x2APIC if locked"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]