From patchwork Mon Nov 21 00:26:25 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Huang, Kai" <kai.huang@intel.com>
X-Patchwork-Id: 13050204
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0CE98C433FE
	for <linux-mm@archiver.kernel.org>; Mon, 21 Nov 2022 00:27:10 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9F8D96B0078; Sun, 20 Nov 2022 19:27:09 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 9AA7F6B007B; Sun, 20 Nov 2022 19:27:09 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 898586B007D; Sun, 20 Nov 2022 19:27:09 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com
 [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 79A9E6B0078
	for <linux-mm@kvack.org>; Sun, 20 Nov 2022 19:27:09 -0500 (EST)
Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay01.hostedemail.com (Postfix) with ESMTP id 4F7771C2D51
	for <linux-mm@kvack.org>; Mon, 21 Nov 2022 00:27:09 +0000 (UTC)
X-FDA: 80155559778.25.ABDCEF7
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
	by imf22.hostedemail.com (Postfix) with ESMTP id BD1CEC0008
	for <linux-mm@kvack.org>; Mon, 21 Nov 2022 00:27:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1668990428; x=1700526428;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=t7sPVkm/3UzeLP7VuUIOn/LR0Yeq7hatZzy8/VrnZkk=;
  b=TCSpfn1A+HQJqV69AIxQcZTmQ5x0Vvsaaq7YmfcmZhmsuIh/7xAB+II/
   sk1lCy833jpMWJmAFhhWrutwk4aMsA4I/94sJkeoDt31NkekndQBw822R
   rk49XGt6x0ChK3CadrNdUSNuKBEIgmQAQ2aoxXbeNhYvYfeMZCrG6dB9m
   +tWE4NhGkrRMGU+wKpqU8xkQMlA4cIk9bsuSdZmP0nmwd/HUhkqguTdof
   eTJjFTbl07rdMZmJY51SYuOGa8CZV1WliFhWeOVpisgvuL3kMbKFjQWpy
   SdAvzF4DG38dkhM9G298ugyJoWvl3uKHTYEDEA5e4speUkE+KUcoBso62
   A==;
X-IronPort-AV: E=McAfee;i="6500,9779,10537"; a="296803675"
X-IronPort-AV: E=Sophos;i="5.96,180,1665471600";
   d="scan'208";a="296803675"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 20 Nov 2022 16:27:08 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10537"; a="729825206"
X-IronPort-AV: E=Sophos;i="5.96,180,1665471600";
   d="scan'208";a="729825206"
Received: from tomnavar-mobl.amr.corp.intel.com (HELO
 khuang2-desk.gar.corp.intel.com) ([10.209.176.15])
  by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 20 Nov 2022 16:27:04 -0800
From: Kai Huang <kai.huang@intel.com>
To: linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org
Cc: linux-mm@kvack.org,
	seanjc@google.com,
	pbonzini@redhat.com,
	dave.hansen@intel.com,
	dan.j.williams@intel.com,
	rafael.j.wysocki@intel.com,
	kirill.shutemov@linux.intel.com,
	ying.huang@intel.com,
	reinette.chatre@intel.com,
	len.brown@intel.com,
	tony.luck@intel.com,
	peterz@infradead.org,
	ak@linux.intel.com,
	isaku.yamahata@intel.com,
	chao.gao@intel.com,
	sathyanarayanan.kuppuswamy@linux.intel.com,
	bagasdotme@gmail.com,
	sagis@google.com,
	imammedo@redhat.com,
	kai.huang@intel.com
Subject: [PATCH v7 03/20] x86/virt/tdx: Disable TDX if X2APIC is not enabled
Date: Mon, 21 Nov 2022 13:26:25 +1300
Message-Id: 
 <c5f484c1a87ee052597fd5f539cf021f158755b9.1668988357.git.kai.huang@intel.com>
X-Mailer: git-send-email 2.38.1
In-Reply-To: <cover.1668988357.git.kai.huang@intel.com>
References: <cover.1668988357.git.kai.huang@intel.com>
MIME-Version: 1.0
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1668990429; a=rsa-sha256;
	cv=none;
	b=WOpFP8WMhJ1KsMZ4HNKCbQ39nCmJeGZVJQdOkqQN2DNeCOZ0shW/hV3oiHxah2TEiK/1hI
	WvqDdzUT8zafiECSJ1zKI5+p2b1T7St8J1CQcPmYTAUtdvkHXo94qR7WyoMsKb3XCHMdha
	4j30yhVEo5LsKjHNxogUhjgj4+055dc=
ARC-Authentication-Results: i=1;
	imf22.hostedemail.com;
	dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel
 header.b=TCSpfn1A;
	spf=pass (imf22.hostedemail.com: domain of kai.huang@intel.com designates
 134.134.136.126 as permitted sender) smtp.mailfrom=kai.huang@intel.com;
	dmarc=pass (policy=none) header.from=intel.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1668990429;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=SQSQYIALcr7+N3KRl94Q53ldCN/jVs1SV6NgFtqbx8s=;
	b=lFClNQVCMyTfGWMFsieymARd3noS1Q8zTSs2Z0wSRSMkOwJisSJEDnlzpx6VQKURXdnjRi
	cgYeqMvJw66JeBBf5HYVdGi6PmY6dNDe/3DZVUr+70xXH4ohF5hb9nuciMt0/LPe6qm8On
	o7TQDONFeGuX5cObwVs7zgB9lbOTGVE=
X-Rspam-User: 
X-Stat-Signature: o5bwyxdin7son19xw63y167upety68yj
X-Rspamd-Queue-Id: BD1CEC0008
Authentication-Results: imf22.hostedemail.com;
	dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel
 header.b=TCSpfn1A;
	spf=pass (imf22.hostedemail.com: domain of kai.huang@intel.com designates
 134.134.136.126 as permitted sender) smtp.mailfrom=kai.huang@intel.com;
	dmarc=pass (policy=none) header.from=intel.com
X-Rspamd-Server: rspam07
X-HE-Tag: 1668990428-617223
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

The MMIO/xAPIC interface has some problems, most notably the APIC LEAK
[1].  This bug allows an attacker to use the APIC MMIO interface to
extract data from the SGX enclave.

TDX is not immune from this either.  Early check X2APIC and disable TDX
if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC.

[1]: https://aepicleak.com/aepicleak.pdf

Link: https://lore.kernel.org/lkml/d6ffb489-7024-ff74-bd2f-d1e06573bb82@intel.com/
Link: https://lore.kernel.org/lkml/ba80b303-31bf-d44a-b05d-5c0f83038798@intel.com/
Signed-off-by: Kai Huang <kai.huang@intel.com>
---

v6 -> v7:
 - Changed to use "Link" for the two lore links to get rid of checkpatch
   warning.

---
 arch/x86/Kconfig            |  1 +
 arch/x86/virt/vmx/tdx/tdx.c | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index cced4ef3bfb2..dd333b46fafb 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1958,6 +1958,7 @@ config INTEL_TDX_HOST
 	depends on CPU_SUP_INTEL
 	depends on X86_64
 	depends on KVM_INTEL
+	depends on X86_X2APIC
 	help
 	  Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
 	  host and certain physical attacks.  This option enables necessary TDX
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 982d9c453b6b..8d943bdc8335 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -12,6 +12,7 @@
 #include <linux/printk.h>
 #include <asm/msr-index.h>
 #include <asm/msr.h>
+#include <asm/apic.h>
 #include <asm/tdx.h>
 #include "tdx.h"
 
@@ -81,6 +82,16 @@ static int __init tdx_init(void)
 		goto no_tdx;
 	}
 
+	/*
+	 * TDX requires X2APIC being enabled to prevent potential data
+	 * leak via APIC MMIO registers.  Just disable TDX if not using
+	 * X2APIC.
+	 */
+	if (!x2apic_enabled()) {
+		pr_info("Disable TDX as X2APIC is not enabled.\n");
+		goto no_tdx;
+	}
+
 	return 0;
 no_tdx:
 	clear_tdx();