lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Aug 2022 12:59:18 -0700
From:   Dave Hansen <dave.hansen@...el.com>
To:     Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        "Shutemov, Kirill" <kirill.shutemov@...el.com>
Cc:     "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
        "Gomez Iglesias, Antonio" <antonio.gomez.iglesias@...el.com>,
        Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Subject: Re: [PATCH] x86/apic: Don't disable x2APIC if locked

On 8/10/22 12:40, Daniel Sneddon wrote:
>> It it going to be *forced* on those SPR system?  In other words, is it a
>> little BIOS switch that users can flip?  Is there any non-kernel
>> workaround if a user hits this, or is the entire burden of this going to
>> be foisted on the kernel?
> It won't be forced, BUT, certain features won't be available if the APIC isn't
> locked.  According to the documentation SGX and TDX won't be available if you
> don't lock the APIC.  So, yes, you don't have to fix it in the kernel, but you
> may lose access to features if you don't.

Let's get some of this in the changelog and _possibly_ Documentation/ so
that users know we're depending on the BIOS to play nice.  Let's put
ourselves in the place of our users for a moment at least and try to
figure out how we play our part to help get them from seeing "can't
disable x2apic mode" or whatever to them flipping knobs in the BIOS.

I also dearly hope that Intel has told BIOS writers that the onus is on
them *and* those nice BIOS folks listen to Intel. :)

In any case, I don't think backports are warranted here at the moment.
We can always do it in the future if the need arises.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ