Re: [PATCH] x86/apic: Don't disable x2APIC if locked

[Daniel Sneddon]

On 8/10/22 16:09, Dave Hansen wrote:
> On 8/10/22 16:03, Daniel Sneddon wrote:
>> On 8/10/22 15:06, Thomas Gleixner wrote:
>>> So this affects already deployed systems and we have to
>>>
>>>   - backport the x2apic lock changes
>>>
>>>   - provide proper diagnostics
>>>
>>>   - make SGX and TDX depend on X2APIC support
>> I'll add the comments Dave mentioned earlier, and will make SGX and TDX depend
>> on X2APIC since that makes sense regardless of what hw ends up with this change.
>>  Unless we want to get rid of CONFIG_X86_X2APIC like Dave mentioned?
> 
> The TDX guest support in the kernel isn't _actually_ related to this*.
> It's the host-side support that matters and that isn't merged yet.  I've
> cc'd Kai so he doesn't forget to do this.
> 
> I agree on the SGX side, though.
> 
> * TDX guest support already has this dependency, but it's for unrelated
>   reasons:
> 
> config INTEL_TDX_GUEST
>         bool "Intel TDX (Trust Domain Extensions) - Guest Support"
>         depends on X86_64 && CPU_SUP_INTEL
>         depends on X86_X2APIC
So I got some more input.  SPR and newer will lock the APIC.  Older products
will get a ucode update, but that ucode update won't include the APIC lock.  So,
on non-SPR parts do we still want to make SGX depend on X2APIC?