From: Kai Huang <kai.huang@intel.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: linux-mm@kvack.org, seanjc@google.com, pbonzini@redhat.com,
dave.hansen@intel.com, dan.j.williams@intel.com,
rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com,
reinette.chatre@intel.com, len.brown@intel.com,
tony.luck@intel.com, peterz@infradead.org, ak@linux.intel.com,
isaku.yamahata@intel.com, chao.gao@intel.com,
sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com,
sagis@google.com, imammedo@redhat.com, kai.huang@intel.com
Subject: [PATCH v6 03/21] x86/virt/tdx: Disable TDX if X2APIC is not enabled
Date: Thu, 27 Oct 2022 12:16:02 +1300 [thread overview]
Message-ID: <1e2e7a498a5459d5427d18819010901dc46ea748.1666824663.git.kai.huang@intel.com> (raw)
In-Reply-To: <cover.1666824663.git.kai.huang@intel.com>
The MMIO/xAPIC interface has some problems, most notably the APIC LEAK
[1]. This bug allows an attacker to use the APIC MMIO interface to
extract data from the SGX enclave.
TDX is not immune from this either. Early check X2APIC and disable TDX
if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC.
More info:
https://lore.kernel.org/lkml/d6ffb489-7024-ff74-bd2f-d1e06573bb82@intel.com/
https://lore.kernel.org/lkml/ba80b303-31bf-d44a-b05d-5c0f83038798@intel.com/
[1]: https://aepicleak.com/aepicleak.pdf
Signed-off-by: Kai Huang <kai.huang@intel.com>
---
arch/x86/Kconfig | 1 +
arch/x86/virt/vmx/tdx/tdx.c | 11 +++++++++++
2 files changed, 12 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b9bd5d994ba7..f6f5e4f7a760 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1960,6 +1960,7 @@ config INTEL_TDX_HOST
depends on CPU_SUP_INTEL
depends on X86_64
depends on KVM_INTEL
+ depends on X86_X2APIC
help
Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
host and certain physical attacks. This option enables necessary TDX
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 982d9c453b6b..8d943bdc8335 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -12,6 +12,7 @@
#include <linux/printk.h>
#include <asm/msr-index.h>
#include <asm/msr.h>
+#include <asm/apic.h>
#include <asm/tdx.h>
#include "tdx.h"
@@ -81,6 +82,16 @@ static int __init tdx_init(void)
goto no_tdx;
}
+ /*
+ * TDX requires X2APIC being enabled to prevent potential data
+ * leak via APIC MMIO registers. Just disable TDX if not using
+ * X2APIC.
+ */
+ if (!x2apic_enabled()) {
+ pr_info("Disable TDX as X2APIC is not enabled.\n");
+ goto no_tdx;
+ }
+
return 0;
no_tdx:
clear_tdx();
--
2.37.3
next prev parent reply other threads:[~2022-10-26 23:17 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-26 23:15 [PATCH v6 00/21] TDX host kernel support Kai Huang
2022-10-26 23:16 ` [PATCH v6 01/21] x86/tdx: Use enum to define page level of TDX supported page sizes Kai Huang
2022-10-27 7:08 ` Xiaoyao Li
2022-10-27 8:42 ` Huang, Kai
2022-10-27 13:51 ` Kirill A. Shutemov
2022-10-28 0:47 ` Huang, Kai
2022-10-27 22:28 ` Isaku Yamahata
2022-10-27 15:27 ` Dave Hansen
2022-10-28 0:10 ` Huang, Kai
2022-10-26 23:16 ` [PATCH v6 02/21] x86/virt/tdx: Detect TDX during kernel boot Kai Huang
2022-10-26 23:16 ` Kai Huang [this message]
2022-10-26 23:16 ` [PATCH v6 04/21] x86/virt/tdx: Use all boot-time system memory as TDX memory Kai Huang
2022-10-26 23:16 ` [PATCH v6 05/21] x86/virt/tdx: Add skeleton to initialize TDX on demand Kai Huang
2022-10-26 23:16 ` [PATCH v6 06/21] x86/virt/tdx: Implement functions to make SEAMCALL Kai Huang
2022-10-26 23:16 ` [PATCH v6 07/21] x86/virt/tdx: Shut down TDX module in case of error Kai Huang
2022-10-26 23:16 ` [PATCH v6 08/21] x86/virt/tdx: Do TDX module global initialization Kai Huang
2022-10-26 23:16 ` [PATCH v6 09/21] x86/virt/tdx: Do logical-cpu scope TDX module initialization Kai Huang
2022-10-26 23:16 ` [PATCH v6 10/21] x86/virt/tdx: Get information about TDX module and TDX-capable memory Kai Huang
2022-10-26 23:16 ` [PATCH v6 11/21] x86/virt/tdx: Sanity check all TDX memory ranges are convertible memory Kai Huang
2022-10-26 23:16 ` [PATCH v6 12/21] x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions Kai Huang
2022-10-27 15:31 ` Andi Kleen
2022-10-28 2:21 ` Huang, Kai
2022-11-03 8:55 ` Huang, Kai
2022-11-03 15:05 ` Dave Hansen
2022-11-03 22:07 ` Huang, Kai
2022-10-26 23:16 ` [PATCH v6 13/21] x86/virt/tdx: Create " Kai Huang
2022-10-26 23:16 ` [PATCH v6 14/21] x86/virt/tdx: Allocate and set up PAMTs for TDMRs Kai Huang
2022-10-26 23:16 ` [PATCH v6 15/21] x86/virt/tdx: Set up reserved areas for all TDMRs Kai Huang
2022-10-26 23:16 ` [PATCH v6 16/21] x86/virt/tdx: Reserve TDX module global KeyID Kai Huang
2022-10-27 12:40 ` Andi Kleen
2022-10-28 1:24 ` Huang, Kai
2022-10-26 23:16 ` [PATCH v6 17/21] x86/virt/tdx: Configure TDX module with TDMRs and " Kai Huang
2022-10-26 23:16 ` [PATCH v6 18/21] x86/virt/tdx: Configure global KeyID on all packages Kai Huang
2022-10-27 12:35 ` Andi Kleen
2022-10-28 1:07 ` Huang, Kai
2022-10-26 23:16 ` [PATCH v6 19/21] x86/virt/tdx: Initialize all TDMRs Kai Huang
2022-10-27 12:30 ` Andi Kleen
2022-10-28 1:08 ` Huang, Kai
2022-10-26 23:16 ` [PATCH v6 20/21] x86/virt/tdx: Flush cache in kexec() when TDX is enabled Kai Huang
2022-10-26 23:16 ` [PATCH v6 21/21] Documentation/x86: Add documentation for TDX host support Kai Huang
2022-10-27 12:38 ` Andi Kleen
2022-10-28 2:31 ` Huang, Kai
2022-10-28 12:52 ` Bagas Sanjaya
2022-10-28 14:16 ` Dave Hansen
2022-10-26 23:26 ` [PATCH v6 00/21] TDX host kernel support Dave Hansen
2022-10-26 23:51 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1e2e7a498a5459d5427d18819010901dc46ea748.1666824663.git.kai.huang@intel.com \
--to=kai.huang@intel.com \
--cc=ak@linux.intel.com \
--cc=bagasdotme@gmail.com \
--cc=chao.gao@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=imammedo@redhat.com \
--cc=isaku.yamahata@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=reinette.chatre@intel.com \
--cc=sagis@google.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox