From patchwork Wed Oct 26 23:16:02 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Huang, Kai" <kai.huang@intel.com>
X-Patchwork-Id: 13021351
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B70B8C433FE
	for <linux-mm@archiver.kernel.org>; Wed, 26 Oct 2022 23:17:14 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 502528E0006; Wed, 26 Oct 2022 19:17:14 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 48B968E0001; Wed, 26 Oct 2022 19:17:14 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 352DA8E0006; Wed, 26 Oct 2022 19:17:14 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com
 [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 273118E0001
	for <linux-mm@kvack.org>; Wed, 26 Oct 2022 19:17:14 -0400 (EDT)
Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay01.hostedemail.com (Postfix) with ESMTP id 046481C5FD7
	for <linux-mm@kvack.org>; Wed, 26 Oct 2022 23:17:13 +0000 (UTC)
X-FDA: 80064663588.05.B74565E
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
	by imf20.hostedemail.com (Postfix) with ESMTP id 65C041C0004
	for <linux-mm@kvack.org>; Wed, 26 Oct 2022 23:17:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1666826233; x=1698362233;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=gCs+bklvRvx+/oJnSDDhQ3+lEN01mwryoaDcV9wKDLo=;
  b=ncAlVYmFBro1W8NSD366TI/M/1WxMDdzXb4PhWnFbx6TX/W1FluwNI9E
   v7RF3bzZ26z9cD8PaQi4W97RHfojQZED+QMeHrqZYUxD1dGfI5ripnzxC
   gj2jHkEZUizjizYqlhN4V295LSsDODEFfv4+7YPkcUzFs2qRsLYs0y2/y
   DOyLPa9cPVHT3zqq5F9cQuGuri6mVjdTAROGryW3KlTZC4ckwzzJP8+7t
   kticLOeASaUqVQ6nMNYkKu0MpCQ6r9pFn/UGDaBQnI3WIcWEzgmAbycHY
   1AH9Vi4hYdHFg5SKkoE59l7LUItXbjwcp6wyFqT7rragu+7LfYaVdPfvt
   A==;
X-IronPort-AV: E=McAfee;i="6500,9779,10512"; a="394400289"
X-IronPort-AV: E=Sophos;i="5.95,215,1661842800";
   d="scan'208";a="394400289"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Oct 2022 16:17:13 -0700
X-IronPort-AV: E=McAfee;i="6500,9779,10512"; a="737446235"
X-IronPort-AV: E=Sophos;i="5.95,215,1661842800";
   d="scan'208";a="737446235"
Received: from fordon1x-mobl.amr.corp.intel.com (HELO
 khuang2-desk.gar.corp.intel.com) ([10.212.24.177])
  by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Oct 2022 16:17:09 -0700
From: Kai Huang <kai.huang@intel.com>
To: linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org
Cc: linux-mm@kvack.org,
	seanjc@google.com,
	pbonzini@redhat.com,
	dave.hansen@intel.com,
	dan.j.williams@intel.com,
	rafael.j.wysocki@intel.com,
	kirill.shutemov@linux.intel.com,
	reinette.chatre@intel.com,
	len.brown@intel.com,
	tony.luck@intel.com,
	peterz@infradead.org,
	ak@linux.intel.com,
	isaku.yamahata@intel.com,
	chao.gao@intel.com,
	sathyanarayanan.kuppuswamy@linux.intel.com,
	bagasdotme@gmail.com,
	sagis@google.com,
	imammedo@redhat.com,
	kai.huang@intel.com
Subject: [PATCH v6 03/21] x86/virt/tdx: Disable TDX if X2APIC is not enabled
Date: Thu, 27 Oct 2022 12:16:02 +1300
Message-Id: 
 <1e2e7a498a5459d5427d18819010901dc46ea748.1666824663.git.kai.huang@intel.com>
X-Mailer: git-send-email 2.37.3
In-Reply-To: <cover.1666824663.git.kai.huang@intel.com>
References: <cover.1666824663.git.kai.huang@intel.com>
MIME-Version: 1.0
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1666826233;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=kIsohgkis+ovAlrfn2j5eVDNM7FQLqFhBEuNvzMbp7Y=;
	b=ZR35u5EJuKUS1gWQzt1nJLvrXWwhpCCPrjOb3K0d2ROh6+5yDE4jTqhAudjd7U3lrFuh3v
	Zik2EyEtLBzb/dNxfPraBca57tZMIosuaqdWFm49fN9/1otZhKoa25i4edxkGkPVT55Ms0
	t1JdIGTUu1J2gLuZ3pmZF8LUaO+x4ys=
ARC-Authentication-Results: i=1;
	imf20.hostedemail.com;
	dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel
 header.b=ncAlVYmF;
	spf=pass (imf20.hostedemail.com: domain of kai.huang@intel.com designates
 192.55.52.43 as permitted sender) smtp.mailfrom=kai.huang@intel.com;
	dmarc=pass (policy=none) header.from=intel.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1666826233; a=rsa-sha256;
	cv=none;
	b=nyRt56aquBHmzVRw+M6EFHG9HzctNwuXjeZiC8Ubzer+jVO6rWUHdDlFV2r906GjFvI/yD
	Et5DTb9GbzyUIKadF9uhbuaUnV5eSk1FiMqK2/C5jCQ4UkYdoD4Lp75hYwHWUkdiUZT5P/
	1BtS1mK5Y0Lz6d7DUIA7PJI2H4SDyh8=
X-Rspamd-Queue-Id: 65C041C0004
Authentication-Results: imf20.hostedemail.com;
	dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel
 header.b=ncAlVYmF;
	spf=pass (imf20.hostedemail.com: domain of kai.huang@intel.com designates
 192.55.52.43 as permitted sender) smtp.mailfrom=kai.huang@intel.com;
	dmarc=pass (policy=none) header.from=intel.com
X-Rspam-User: 
X-Rspamd-Server: rspam10
X-Stat-Signature: zs7fy33nt48tscp7t3c5j56b13u8gn9m
X-HE-Tag: 1666826233-821271
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

The MMIO/xAPIC interface has some problems, most notably the APIC LEAK
[1].  This bug allows an attacker to use the APIC MMIO interface to
extract data from the SGX enclave.

TDX is not immune from this either.  Early check X2APIC and disable TDX
if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC.

More info:

https://lore.kernel.org/lkml/d6ffb489-7024-ff74-bd2f-d1e06573bb82@intel.com/
https://lore.kernel.org/lkml/ba80b303-31bf-d44a-b05d-5c0f83038798@intel.com/

[1]: https://aepicleak.com/aepicleak.pdf

Signed-off-by: Kai Huang <kai.huang@intel.com>
---
 arch/x86/Kconfig            |  1 +
 arch/x86/virt/vmx/tdx/tdx.c | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b9bd5d994ba7..f6f5e4f7a760 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1960,6 +1960,7 @@ config INTEL_TDX_HOST
 	depends on CPU_SUP_INTEL
 	depends on X86_64
 	depends on KVM_INTEL
+	depends on X86_X2APIC
 	help
 	  Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
 	  host and certain physical attacks.  This option enables necessary TDX
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 982d9c453b6b..8d943bdc8335 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -12,6 +12,7 @@
 #include <linux/printk.h>
 #include <asm/msr-index.h>
 #include <asm/msr.h>
+#include <asm/apic.h>
 #include <asm/tdx.h>
 #include "tdx.h"
 
@@ -81,6 +82,16 @@ static int __init tdx_init(void)
 		goto no_tdx;
 	}
 
+	/*
+	 * TDX requires X2APIC being enabled to prevent potential data
+	 * leak via APIC MMIO registers.  Just disable TDX if not using
+	 * X2APIC.
+	 */
+	if (!x2apic_enabled()) {
+		pr_info("Disable TDX as X2APIC is not enabled.\n");
+		goto no_tdx;
+	}
+
 	return 0;
 no_tdx:
 	clear_tdx();