| Message ID | c5f484c1a87ee052597fd5f539cf021f158755b9.1668988357.git.kai.huang@intel.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1322548wrr;
Sun, 20 Nov 2022 16:28:48 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf6KNl5LZ7o1ItZt/n8krhBenTmde+bCqOZKhYoVchrTHKupafum3XdfrxwgM7qs7YvPqk9+
X-Received: by 2002:a17:902:ca04:b0:17f:7f7e:70c7 with SMTP id
w4-20020a170902ca0400b0017f7f7e70c7mr9584101pld.107.1668990527991;
Sun, 20 Nov 2022 16:28:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668990527; cv=none;
d=google.com; s=arc-20160816;
b=M1RQlXAL70nd67YOQVy4OAwvFUM/YYp6HNkbbKgJIueKVrYI8M0gAv3LSfBkq9KJyb
XTbOcFOOU34Jz2AK3V0eX82vXSGhD1XbY4DK9JbfQb6euk8NyTsDGvYT6+8VFVmmVdN8
xH6JyUVbHx2R5WYtAR8QZQIahRY3NTyb9YLQtFDkqJx8J9iprMyYmJXRz1Fc0C5o+hKg
d+RCHDSqbmiYFpJqQO8IrinCHxLS28Wr5mem8Rg6JICsOaPLiSoEezVBpBcfei+O6jmv
/IzyEzeX9iVGo5gbKeLGX7/q2THJdhnuYvEzCUinaC8r1+9SFdrdbJKKMGCNKueQXbIk
XPXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=SQSQYIALcr7+N3KRl94Q53ldCN/jVs1SV6NgFtqbx8s=;
b=jMxXAFRDJt2xbiPK4zdfrzVXKieSg+SIw4hZeNekipmCjDZpieOAiPrfWLYI0OxAFr
h7BVTxahHxR8yyGo1xQSgMPj+Mbo9/cJ0DvL8hY6FduCyozK0RM5V4lloqxn6aIG1F8a
aAZTUgWAFRM+c2rtEI7RBjk2s33JWZD+BprAOForOtPbYQvNH1WJMICkNUzCE5WZ8v0U
+J8vrP7zX2zBekvOOCzgoVxeWgbqDr5BF0QzpFRifM/VYu9wH8HJ+rntWF1BgUL+gKZg
+3q/Zc1JtLuW7mRvpBTuWB4lZ1uBGwbEUAOmJAL0OcHmBMHFo7U9FG3V9ci3yKXmbjb/
g1VQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=hOxGimbe;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
g24-20020a633758000000b0044034efb2aesi2548008pgn.869.2022.11.20.16.28.35;
Sun, 20 Nov 2022 16:28:47 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=hOxGimbe;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229960AbiKUA1t (ORCPT <rfc822;leviz.kernel.dev@gmail.com>
+ 99 others); Sun, 20 Nov 2022 19:27:49 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57672 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229924AbiKUA1T (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Sun, 20 Nov 2022 19:27:19 -0500
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 782212D1EE;
Sun, 20 Nov 2022 16:27:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1668990430; x=1700526430;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=t7sPVkm/3UzeLP7VuUIOn/LR0Yeq7hatZzy8/VrnZkk=;
b=hOxGimbe+IYDLQhr3uwKE5IFxlMBAttn9lWKxIlxaWliRhP2NxShVRvG
gUUrmpMEsCy5fYVzeyrIh7ld9JrHQUCOAZDqfr1TtUviWAk73oWdj/JRd
8mr/iWYeNYlTd25FBXC3Ea3E/ZLtcEISYZnCRB7NtLzAoQaHLQ8YgwyuC
8ZjIQCaCj7CC9g08BBQZvjZfVV91p+JRmH8gOhRUEJUa+Anmt2+qG7O+4
ga/rHeXKuQMWD9hLgNWB0vzoJSyzKJ2xaHO4hHGBJrUrBT9Bdwh74Q1vf
vlCnert/OlAyogkM2hPDV1uEKrVrkz88mEgeeoC4G+FbGFyh/vTQJftmo
w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10537"; a="399732287"
X-IronPort-AV: E=Sophos;i="5.96,180,1665471600";
d="scan'208";a="399732287"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
20 Nov 2022 16:27:08 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10537"; a="729825206"
X-IronPort-AV: E=Sophos;i="5.96,180,1665471600";
d="scan'208";a="729825206"
Received: from tomnavar-mobl.amr.corp.intel.com (HELO
khuang2-desk.gar.corp.intel.com) ([10.209.176.15])
by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
20 Nov 2022 16:27:04 -0800
From: Kai Huang <kai.huang@intel.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: linux-mm@kvack.org, seanjc@google.com, pbonzini@redhat.com,
dave.hansen@intel.com, dan.j.williams@intel.com,
rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com,
ying.huang@intel.com, reinette.chatre@intel.com,
len.brown@intel.com, tony.luck@intel.com, peterz@infradead.org,
ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com,
sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com,
sagis@google.com, imammedo@redhat.com, kai.huang@intel.com
Subject: [PATCH v7 03/20] x86/virt/tdx: Disable TDX if X2APIC is not enabled
Date: Mon, 21 Nov 2022 13:26:25 +1300
Message-Id:
<c5f484c1a87ee052597fd5f539cf021f158755b9.1668988357.git.kai.huang@intel.com>
X-Mailer: git-send-email 2.38.1
In-Reply-To: <cover.1668988357.git.kai.huang@intel.com>
References: <cover.1668988357.git.kai.huang@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1750063411563004003?=
X-GMAIL-MSGID: =?utf-8?q?1750063411563004003?=
|
| Series |
TDX host kernel support
|
|
Commit Message
Kai Huang
Nov. 21, 2022, 12:26 a.m. UTC
The MMIO/xAPIC interface has some problems, most notably the APIC LEAK
[1]. This bug allows an attacker to use the APIC MMIO interface to
extract data from the SGX enclave.
TDX is not immune from this either. Early check X2APIC and disable TDX
if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC.
[1]: https://aepicleak.com/aepicleak.pdf
Link: https://lore.kernel.org/lkml/d6ffb489-7024-ff74-bd2f-d1e06573bb82@intel.com/
Link: https://lore.kernel.org/lkml/ba80b303-31bf-d44a-b05d-5c0f83038798@intel.com/
Signed-off-by: Kai Huang <kai.huang@intel.com>
---
v6 -> v7:
- Changed to use "Link" for the two lore links to get rid of checkpatch
warning.
---
arch/x86/Kconfig | 1 +
arch/x86/virt/vmx/tdx/tdx.c | 11 +++++++++++
2 files changed, 12 insertions(+)
Comments
On 11/20/22 4:26 PM, Kai Huang wrote: > The MMIO/xAPIC interface has some problems, most notably the APIC LEAK "some problems" looks more generic. May be we can be specific here. Like it has security issues? > [1]. This bug allows an attacker to use the APIC MMIO interface to > extract data from the SGX enclave. > > TDX is not immune from this either. Early check X2APIC and disable TDX > if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC. > > [1]: https://aepicleak.com/aepicleak.pdf > > Link: https://lore.kernel.org/lkml/d6ffb489-7024-ff74-bd2f-d1e06573bb82@intel.com/ > Link: https://lore.kernel.org/lkml/ba80b303-31bf-d44a-b05d-5c0f83038798@intel.com/ > Signed-off-by: Kai Huang <kai.huang@intel.com> > --- > > v6 -> v7: > - Changed to use "Link" for the two lore links to get rid of checkpatch > warning. > > --- > arch/x86/Kconfig | 1 + > arch/x86/virt/vmx/tdx/tdx.c | 11 +++++++++++ > 2 files changed, 12 insertions(+) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index cced4ef3bfb2..dd333b46fafb 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -1958,6 +1958,7 @@ config INTEL_TDX_HOST > depends on CPU_SUP_INTEL > depends on X86_64 > depends on KVM_INTEL > + depends on X86_X2APIC > help > Intel Trust Domain Extensions (TDX) protects guest VMs from malicious > host and certain physical attacks. This option enables necessary TDX > diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c > index 982d9c453b6b..8d943bdc8335 100644 > --- a/arch/x86/virt/vmx/tdx/tdx.c > +++ b/arch/x86/virt/vmx/tdx/tdx.c > @@ -12,6 +12,7 @@ > #include <linux/printk.h> > #include <asm/msr-index.h> > #include <asm/msr.h> > +#include <asm/apic.h> > #include <asm/tdx.h> > #include "tdx.h" > > @@ -81,6 +82,16 @@ static int __init tdx_init(void) > goto no_tdx; > } > > + /* > + * TDX requires X2APIC being enabled to prevent potential data > + * leak via APIC MMIO registers. Just disable TDX if not using > + * X2APIC. Remove the double space. > + */ > + if (!x2apic_enabled()) { > + pr_info("Disable TDX as X2APIC is not enabled.\n"); pr_warn()? > + goto no_tdx; > + } > + > return 0; > no_tdx: > clear_tdx();
On Sun, 2022-11-20 at 19:51 -0800, Sathyanarayanan Kuppuswamy wrote: > > On 11/20/22 4:26 PM, Kai Huang wrote: > > The MMIO/xAPIC interface has some problems, most notably the APIC LEAK > > "some problems" looks more generic. May be we can be specific here. Like > it has security issues? It was quoted from below upstream commit id (I only kept the one that I quoted to save space): commit b8d1d163604bd1e600b062fb00de5dc42baa355f (tag: x86_apic_for_v6.1_rc1, tip/x86/apic) Author: Daniel Sneddon <daniel.sneddon@linux.intel.com> Date: Tue Aug 16 16:19:42 2022 -0700 x86/apic: Don't disable x2APIC if locked .... The MMIO/xAPIC interface has some problems, most notably the APIC LEAK [1]. This bug allows an attacker to use the APIC MMIO interface to extract data from the SGX enclave. .... [1]: https://aepicleak.com/aepicleak.pdf Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Dave Hansen <dave.hansen@linux.intel.com> Tested-by: Neelima Krishnan <neelima.krishnan@intel.com> Link: https://lkml.kernel.org/r/20220816231943.1152579-1-daniel.sneddon@linux.intel.com > > > [1]. This bug allows an attacker to use the APIC MMIO interface to > > extract data from the SGX enclave. > > > > TDX is not immune from this either. Early check X2APIC and disable TDX > > if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC. > > > > [1]: https://aepicleak.com/aepicleak.pdf > > > > Link: https://lore.kernel.org/lkml/d6ffb489-7024-ff74-bd2f-d1e06573bb82@intel.com/ > > Link: https://lore.kernel.org/lkml/ba80b303-31bf-d44a-b05d-5c0f83038798@intel.com/ > > Signed-off-by: Kai Huang <kai.huang@intel.com> > > --- > > > > v6 -> v7: > > - Changed to use "Link" for the two lore links to get rid of checkpatch > > warning. > > > > --- > > arch/x86/Kconfig | 1 + > > arch/x86/virt/vmx/tdx/tdx.c | 11 +++++++++++ > > 2 files changed, 12 insertions(+) > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > index cced4ef3bfb2..dd333b46fafb 100644 > > --- a/arch/x86/Kconfig > > +++ b/arch/x86/Kconfig > > @@ -1958,6 +1958,7 @@ config INTEL_TDX_HOST > > depends on CPU_SUP_INTEL > > depends on X86_64 > > depends on KVM_INTEL > > + depends on X86_X2APIC > > help > > Intel Trust Domain Extensions (TDX) protects guest VMs from malicious > > host and certain physical attacks. This option enables necessary TDX > > diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c > > index 982d9c453b6b..8d943bdc8335 100644 > > --- a/arch/x86/virt/vmx/tdx/tdx.c > > +++ b/arch/x86/virt/vmx/tdx/tdx.c > > @@ -12,6 +12,7 @@ > > #include <linux/printk.h> > > #include <asm/msr-index.h> > > #include <asm/msr.h> > > +#include <asm/apic.h> > > #include <asm/tdx.h> > > #include "tdx.h" > > > > @@ -81,6 +82,16 @@ static int __init tdx_init(void) > > goto no_tdx; > > } > > > > + /* > > + * TDX requires X2APIC being enabled to prevent potential data > > + * leak via APIC MMIO registers. Just disable TDX if not using > > + * X2APIC. > > Remove the double space. Sorry which "double space"? > > > + */ > > + if (!x2apic_enabled()) { > > + pr_info("Disable TDX as X2APIC is not enabled.\n"); > > pr_warn()? Why?
On 11/21/22 1:44 AM, Huang, Kai wrote: > On Sun, 2022-11-20 at 19:51 -0800, Sathyanarayanan Kuppuswamy wrote: >> >> On 11/20/22 4:26 PM, Kai Huang wrote: >>> The MMIO/xAPIC interface has some problems, most notably the APIC LEAK >> >> "some problems" looks more generic. May be we can be specific here. Like >> it has security issues? > > It was quoted from below upstream commit id (I only kept the one that I quoted > to save space): Ok. > > commit b8d1d163604bd1e600b062fb00de5dc42baa355f (tag: x86_apic_for_v6.1_rc1, > tip/x86/apic) > Author: Daniel Sneddon <daniel.sneddon@linux.intel.com> > Date: Tue Aug 16 16:19:42 2022 -0700 > > x86/apic: Don't disable x2APIC if locked > > .... > > The MMIO/xAPIC interface has some problems, most notably the APIC LEAK > [1]. This bug allows an attacker to use the APIC MMIO interface to > extract data from the SGX enclave. > > .... > > [1]: https://aepicleak.com/aepicleak.pdf > > Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> > Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> > Acked-by: Dave Hansen <dave.hansen@linux.intel.com> > Tested-by: Neelima Krishnan <neelima.krishnan@intel.com> > Link: > https://lkml.kernel.org/r/20220816231943.1152579-1-daniel.sneddon@linux.intel.com > > >> >>> [1]. This bug allows an attacker to use the APIC MMIO interface to >>> extract data from the SGX enclave. >>> >>> TDX is not immune from this either. Early check X2APIC and disable TDX >>> if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC. >>> >>> [1]: https://aepicleak.com/aepicleak.pdf >>> >>> Link: https://lore.kernel.org/lkml/d6ffb489-7024-ff74-bd2f-d1e06573bb82@intel.com/ >>> Link: https://lore.kernel.org/lkml/ba80b303-31bf-d44a-b05d-5c0f83038798@intel.com/ >>> Signed-off-by: Kai Huang <kai.huang@intel.com> >>> --- >>> >>> v6 -> v7: >>> - Changed to use "Link" for the two lore links to get rid of checkpatch >>> warning. >>> >>> --- >>> arch/x86/Kconfig | 1 + >>> arch/x86/virt/vmx/tdx/tdx.c | 11 +++++++++++ >>> 2 files changed, 12 insertions(+) >>> >>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >>> index cced4ef3bfb2..dd333b46fafb 100644 >>> --- a/arch/x86/Kconfig >>> +++ b/arch/x86/Kconfig >>> @@ -1958,6 +1958,7 @@ config INTEL_TDX_HOST >>> depends on CPU_SUP_INTEL >>> depends on X86_64 >>> depends on KVM_INTEL >>> + depends on X86_X2APIC >>> help >>> Intel Trust Domain Extensions (TDX) protects guest VMs from malicious >>> host and certain physical attacks. This option enables necessary TDX >>> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c >>> index 982d9c453b6b..8d943bdc8335 100644 >>> --- a/arch/x86/virt/vmx/tdx/tdx.c >>> +++ b/arch/x86/virt/vmx/tdx/tdx.c >>> @@ -12,6 +12,7 @@ >>> #include <linux/printk.h> >>> #include <asm/msr-index.h> >>> #include <asm/msr.h> >>> +#include <asm/apic.h> >>> #include <asm/tdx.h> >>> #include "tdx.h" >>> >>> @@ -81,6 +82,16 @@ static int __init tdx_init(void) >>> goto no_tdx; >>> } >>> >>> + /* >>> + * TDX requires X2APIC being enabled to prevent potential data >>> + * leak via APIC MMIO registers. Just disable TDX if not using >>> + * X2APIC. >> >> Remove the double space. > > Sorry which "double space"? Before Just disable. It looked like double space. Is it not? > >> >>> + */ >>> + if (!x2apic_enabled()) { >>> + pr_info("Disable TDX as X2APIC is not enabled.\n"); >> >> pr_warn()? > > Why? Since it is a failure case, I thought pr_warn would be better. It is up to you. >
On Mon, 2022-11-21 at 14:00 -0800, Sathyanarayanan Kuppuswamy wrote: > > > > > > > > + /* > > > > + * TDX requires X2APIC being enabled to prevent potential data > > > > + * leak via APIC MMIO registers. Just disable TDX if not using > > > > + * X2APIC. > > > > > > Remove the double space. > > > > Sorry which "double space"? > > Before Just disable. It looked like double space. Is it not? There are bunch of examples in the upstream kernel using "double space" both in changelog and comment.
On 11/20/22 16:26, Kai Huang wrote: > The MMIO/xAPIC interface has some problems, most notably the APIC LEAK > [1]. This bug allows an attacker to use the APIC MMIO interface to > extract data from the SGX enclave. > > TDX is not immune from this either. Early check X2APIC and disable TDX > if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC. This makes no sense. This is TDX host code. TDX hosts are untrusted. Zero of the TDX security guarantees are provided by the host. What is the benefit of disabling TDX from the host if x2APIC is not enabled? It can't be for security reasons since the host does not help provide TDX security guarantees. It also can't be for SGX because SGX doesn't depend on the OS doing anything in order to be secure. So, this boils down to the most fundamental of questions you need to answer about every patch: What does this code do? What end-user-visible effect is there if this code is not present?
On Mon, 2022-11-21 at 15:46 -0800, Dave Hansen wrote: > On 11/20/22 16:26, Kai Huang wrote: > > The MMIO/xAPIC interface has some problems, most notably the APIC LEAK > > [1]. This bug allows an attacker to use the APIC MMIO interface to > > extract data from the SGX enclave. > > > > TDX is not immune from this either. Early check X2APIC and disable TDX > > if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC. > > This makes no sense. > > This is TDX host code. TDX hosts are untrusted. Zero of the TDX > security guarantees are provided by the host. > > What is the benefit of disabling TDX from the host if x2APIC is not > enabled? It can't be for security reasons since the host does not help > provide TDX security guarantees. It also can't be for SGX because SGX > doesn't depend on the OS doing anything in order to be secure. Agreed. Although in practice I think if we do some hardening in the kernel, it would raise some attack bar. > > So, this boils down to the most fundamental of questions you need to > answer about every patch: > > What does this code do? > > What end-user-visible effect is there if this code is not present? Considering TDX host cannot be trusted (i.e. can be attacked/modified), I agree the check isn't needed. I was following your suggestion in the patch which handles "x2apic locked" case: https://lore.kernel.org/lkml/ba80b303-31bf-d44a-b05d-5c0f83038798@intel.com/ I guess I misunderstood your point. Reading that discussion again, if I understand correctly, you just want to make INTEL_TDX_HOST depend on X86_X2APIC? How about still having a patch to make INTEL_TDX_HOST depend on X86_X2APIC but with something below in the changelog? " TDX capable platforms are locked to X2APIC mode and cannot fall back to the legacy xAPIC mode when TDX is enabled by the BIOS. It doesn't make sense to turn on INTEL_TDX_HOST while X86_X2APIC is not enabled. Make INTEL_TDX_HOST depend on X86_X2APIC. "
On 11/21/22 16:30, Huang, Kai wrote: > > How about still having a patch to make INTEL_TDX_HOST depend on X86_X2APIC but > with something below in the changelog? > > " > TDX capable platforms are locked to X2APIC mode and cannot fall back to the > legacy xAPIC mode when TDX is enabled by the BIOS. It doesn't make sense to > turn on INTEL_TDX_HOST while X86_X2APIC is not enabled. Make INTEL_TDX_HOST > depend on X86_X2APIC. That's fine and it makes logical sense as a dependency. TDX host support requires x2APIC. Period.
On Mon, 2022-11-21 at 16:44 -0800, Dave Hansen wrote: > On 11/21/22 16:30, Huang, Kai wrote: > > > > How about still having a patch to make INTEL_TDX_HOST depend on X86_X2APIC but > > with something below in the changelog? > > > > " > > TDX capable platforms are locked to X2APIC mode and cannot fall back to the > > legacy xAPIC mode when TDX is enabled by the BIOS. It doesn't make sense to > > turn on INTEL_TDX_HOST while X86_X2APIC is not enabled. Make INTEL_TDX_HOST > > depend on X86_X2APIC. > > That's fine and it makes logical sense as a dependency. TDX host > support requires x2APIC. Period. > Thanks. Perhaps I can reuse your second sentence in the changelog: " TDX capable platforms are locked to X2APIC mode and cannot fall back to the legacy xAPIC mode when TDX is enabled by the BIOS. TDX host support requires x2APIC. Make INTEL_TDX_HOST depend on X86_X2APIC. "
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index cced4ef3bfb2..dd333b46fafb 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1958,6 +1958,7 @@ config INTEL_TDX_HOST depends on CPU_SUP_INTEL depends on X86_64 depends on KVM_INTEL + depends on X86_X2APIC help Intel Trust Domain Extensions (TDX) protects guest VMs from malicious host and certain physical attacks. This option enables necessary TDX diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 982d9c453b6b..8d943bdc8335 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -12,6 +12,7 @@ #include <linux/printk.h> #include <asm/msr-index.h> #include <asm/msr.h> +#include <asm/apic.h> #include <asm/tdx.h> #include "tdx.h" @@ -81,6 +82,16 @@ static int __init tdx_init(void) goto no_tdx; } + /* + * TDX requires X2APIC being enabled to prevent potential data + * leak via APIC MMIO registers. Just disable TDX if not using + * X2APIC. + */ + if (!x2apic_enabled()) { + pr_info("Disable TDX as X2APIC is not enabled.\n"); + goto no_tdx; + } + return 0; no_tdx: clear_tdx();