From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0444BC47099 for ; Thu, 3 Jun 2021 00:41:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B7767613EA for ; Thu, 3 Jun 2021 00:41:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229884AbhFCAni (ORCPT ); Wed, 2 Jun 2021 20:43:38 -0400 Received: from mga04.intel.com ([192.55.52.120]:20968 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229695AbhFCAna (ORCPT ); Wed, 2 Jun 2021 20:43:30 -0400 IronPort-SDR: txf5wyCbueocTYi+M56bZkxI5GmN/gYb2+P3CN9SIC67VRe1OQTWrAgsIPbBX/C07T84ZLzQvG WjLbmZk10frw== X-IronPort-AV: E=McAfee;i="6200,9189,10003"; a="202075165" X-IronPort-AV: E=Sophos;i="5.83,244,1616482800"; d="scan'208";a="202075165" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jun 2021 17:41:46 -0700 IronPort-SDR: OxJF8Ua9Z2imFUH0gyNrbWEtQF8Rbg7NaK2nDBwa/a6xvvPOWkUG7ZB1eAmyF4p5G4d7331NtZ 1EnieV4InCBQ== X-IronPort-AV: E=Sophos;i="5.83,244,1616482800"; d="scan'208";a="549686678" Received: from tassilo.jf.intel.com ([10.54.74.11]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jun 2021 17:41:44 -0700 From: Andi Kleen To: mst@redhat.com Cc: jasowang@redhat.com, virtualization@lists.linux-foundation.org, hch@lst.de, m.szyprowski@samsung.com, robin.murphy@arm.com, iommu@lists.linux-foundation.org, x86@kernel.org, sathyanarayanan.kuppuswamy@linux.intel.com, jpoimboe@redhat.com, linux-kernel@vger.kernel.org, Andi Kleen Subject: [PATCH v1 4/8] x86/tdx: Add arch_has_restricted_memory_access for TDX Date: Wed, 2 Jun 2021 17:41:29 -0700 Message-Id: <20210603004133.4079390-5-ak@linux.intel.com> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20210603004133.4079390-1-ak@linux.intel.com> References: <20210603004133.4079390-1-ak@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In virtio the host decides whether the guest uses the DMA API or not using the strangely named VIRTIO_F_ACCESS_PLATFORM bit (which really indicates whether the DMA API is used or not) For hardened virtio on TDX we want to enforce that that swiotlb is always used, which requires using the DMA API. While IO wouldn't really work without the swiotlb, it might be possible that an attacker forces swiotlbless IO to manipulate memory in the guest. So we want to force the DMA API (which then forces swiotlb), but without relying on the host. There is already an arch_has_restricted_memory_acces hook for this, which is currently used only by s390. Enable the config option for the hook for x86 and enable it for TDX. Signed-off-by: Andi Kleen --- arch/x86/Kconfig | 1 + arch/x86/mm/mem_encrypt_common.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 1531a0f905ed..3d804fce31b9 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -884,6 +884,7 @@ config INTEL_TDX_GUEST select X86_X2APIC select SECURITY_LOCKDOWN_LSM select X86_MEM_ENCRYPT_COMMON + select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS help Provide support for running in a trusted domain on Intel processors equipped with Trusted Domain eXtenstions. TDX is a new Intel diff --git a/arch/x86/mm/mem_encrypt_common.c b/arch/x86/mm/mem_encrypt_common.c index 24c9117547b4..2244d1f033ab 100644 --- a/arch/x86/mm/mem_encrypt_common.c +++ b/arch/x86/mm/mem_encrypt_common.c @@ -9,6 +9,7 @@ #include #include +#include #include /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */ @@ -37,3 +38,9 @@ void __init mem_encrypt_init(void) amd_mem_encrypt_init(); } +int arch_has_restricted_virtio_memory_access(void) +{ + return is_tdx_guest(); +} +EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access); + -- 2.25.4 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75627C47097 for ; Thu, 3 Jun 2021 02:10:53 +0000 (UTC) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 32F86613EB for ; Thu, 3 Jun 2021 02:10:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 32F86613EB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=iommu-bounces@lists.linux-foundation.org Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id C4F4060B23; Thu, 3 Jun 2021 02:10:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umfss0xXiT1I; Thu, 3 Jun 2021 02:10:51 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTP id 2A72860B1F; Thu, 3 Jun 2021 02:10:51 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2577CC002E; Thu, 3 Jun 2021 02:10:50 +0000 (UTC) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 60860C0024; Thu, 3 Jun 2021 00:41:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 21A1383D39; Thu, 3 Jun 2021 00:41:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JlooF6lkhNck; Thu, 3 Jun 2021 00:41:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by smtp1.osuosl.org (Postfix) with ESMTPS id 7134C83D3B; Thu, 3 Jun 2021 00:41:46 +0000 (UTC) IronPort-SDR: BAeFle3Ftll4h7qrDymujqRN2+rzv4Tgj/iWgNEOos6M6hyk7QyCXWrDA/APr3H4WxtPXlqY+J FYd4/KVtjkEQ== X-IronPort-AV: E=McAfee;i="6200,9189,10003"; a="191281570" X-IronPort-AV: E=Sophos;i="5.83,244,1616482800"; d="scan'208";a="191281570" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jun 2021 17:41:44 -0700 IronPort-SDR: OxJF8Ua9Z2imFUH0gyNrbWEtQF8Rbg7NaK2nDBwa/a6xvvPOWkUG7ZB1eAmyF4p5G4d7331NtZ 1EnieV4InCBQ== X-IronPort-AV: E=Sophos;i="5.83,244,1616482800"; d="scan'208";a="549686678" Received: from tassilo.jf.intel.com ([10.54.74.11]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jun 2021 17:41:44 -0700 From: Andi Kleen To: mst@redhat.com Subject: [PATCH v1 4/8] x86/tdx: Add arch_has_restricted_memory_access for TDX Date: Wed, 2 Jun 2021 17:41:29 -0700 Message-Id: <20210603004133.4079390-5-ak@linux.intel.com> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20210603004133.4079390-1-ak@linux.intel.com> References: <20210603004133.4079390-1-ak@linux.intel.com> MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 03 Jun 2021 02:10:48 +0000 Cc: Andi Kleen , jasowang@redhat.com, x86@kernel.org, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, iommu@lists.linux-foundation.org, jpoimboe@redhat.com, robin.murphy@arm.com, hch@lst.de X-BeenThere: iommu@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Development issues for Linux IOMMU support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: iommu-bounces@lists.linux-foundation.org Sender: "iommu" In virtio the host decides whether the guest uses the DMA API or not using the strangely named VIRTIO_F_ACCESS_PLATFORM bit (which really indicates whether the DMA API is used or not) For hardened virtio on TDX we want to enforce that that swiotlb is always used, which requires using the DMA API. While IO wouldn't really work without the swiotlb, it might be possible that an attacker forces swiotlbless IO to manipulate memory in the guest. So we want to force the DMA API (which then forces swiotlb), but without relying on the host. There is already an arch_has_restricted_memory_acces hook for this, which is currently used only by s390. Enable the config option for the hook for x86 and enable it for TDX. Signed-off-by: Andi Kleen --- arch/x86/Kconfig | 1 + arch/x86/mm/mem_encrypt_common.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 1531a0f905ed..3d804fce31b9 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -884,6 +884,7 @@ config INTEL_TDX_GUEST select X86_X2APIC select SECURITY_LOCKDOWN_LSM select X86_MEM_ENCRYPT_COMMON + select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS help Provide support for running in a trusted domain on Intel processors equipped with Trusted Domain eXtenstions. TDX is a new Intel diff --git a/arch/x86/mm/mem_encrypt_common.c b/arch/x86/mm/mem_encrypt_common.c index 24c9117547b4..2244d1f033ab 100644 --- a/arch/x86/mm/mem_encrypt_common.c +++ b/arch/x86/mm/mem_encrypt_common.c @@ -9,6 +9,7 @@ #include #include +#include #include /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */ @@ -37,3 +38,9 @@ void __init mem_encrypt_init(void) amd_mem_encrypt_init(); } +int arch_has_restricted_virtio_memory_access(void) +{ + return is_tdx_guest(); +} +EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access); + -- 2.25.4 _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FD92C4709A for ; Thu, 3 Jun 2021 00:41:56 +0000 (UTC) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C9E5961361 for ; Thu, 3 Jun 2021 00:41:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C9E5961361 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=virtualization-bounces@lists.linux-foundation.org Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 8B69960AF7; Thu, 3 Jun 2021 00:41:55 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0w58BZh-BwEU; Thu, 3 Jun 2021 00:41:54 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp3.osuosl.org (Postfix) with ESMTP id 286E660ADD; Thu, 3 Jun 2021 00:41:54 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E77AEC000E; Thu, 3 Jun 2021 00:41:53 +0000 (UTC) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 60860C0024; Thu, 3 Jun 2021 00:41:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 21A1383D39; Thu, 3 Jun 2021 00:41:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JlooF6lkhNck; Thu, 3 Jun 2021 00:41:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by smtp1.osuosl.org (Postfix) with ESMTPS id 7134C83D3B; Thu, 3 Jun 2021 00:41:46 +0000 (UTC) IronPort-SDR: BAeFle3Ftll4h7qrDymujqRN2+rzv4Tgj/iWgNEOos6M6hyk7QyCXWrDA/APr3H4WxtPXlqY+J FYd4/KVtjkEQ== X-IronPort-AV: E=McAfee;i="6200,9189,10003"; a="191281570" X-IronPort-AV: E=Sophos;i="5.83,244,1616482800"; d="scan'208";a="191281570" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jun 2021 17:41:44 -0700 IronPort-SDR: OxJF8Ua9Z2imFUH0gyNrbWEtQF8Rbg7NaK2nDBwa/a6xvvPOWkUG7ZB1eAmyF4p5G4d7331NtZ 1EnieV4InCBQ== X-IronPort-AV: E=Sophos;i="5.83,244,1616482800"; d="scan'208";a="549686678" Received: from tassilo.jf.intel.com ([10.54.74.11]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jun 2021 17:41:44 -0700 From: Andi Kleen To: mst@redhat.com Subject: [PATCH v1 4/8] x86/tdx: Add arch_has_restricted_memory_access for TDX Date: Wed, 2 Jun 2021 17:41:29 -0700 Message-Id: <20210603004133.4079390-5-ak@linux.intel.com> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20210603004133.4079390-1-ak@linux.intel.com> References: <20210603004133.4079390-1-ak@linux.intel.com> MIME-Version: 1.0 Cc: sathyanarayanan.kuppuswamy@linux.intel.com, Andi Kleen , x86@kernel.org, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, iommu@lists.linux-foundation.org, jpoimboe@redhat.com, robin.murphy@arm.com, hch@lst.de, m.szyprowski@samsung.com X-BeenThere: virtualization@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Linux virtualization List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: virtualization-bounces@lists.linux-foundation.org Sender: "Virtualization" In virtio the host decides whether the guest uses the DMA API or not using the strangely named VIRTIO_F_ACCESS_PLATFORM bit (which really indicates whether the DMA API is used or not) For hardened virtio on TDX we want to enforce that that swiotlb is always used, which requires using the DMA API. While IO wouldn't really work without the swiotlb, it might be possible that an attacker forces swiotlbless IO to manipulate memory in the guest. So we want to force the DMA API (which then forces swiotlb), but without relying on the host. There is already an arch_has_restricted_memory_acces hook for this, which is currently used only by s390. Enable the config option for the hook for x86 and enable it for TDX. Signed-off-by: Andi Kleen --- arch/x86/Kconfig | 1 + arch/x86/mm/mem_encrypt_common.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 1531a0f905ed..3d804fce31b9 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -884,6 +884,7 @@ config INTEL_TDX_GUEST select X86_X2APIC select SECURITY_LOCKDOWN_LSM select X86_MEM_ENCRYPT_COMMON + select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS help Provide support for running in a trusted domain on Intel processors equipped with Trusted Domain eXtenstions. TDX is a new Intel diff --git a/arch/x86/mm/mem_encrypt_common.c b/arch/x86/mm/mem_encrypt_common.c index 24c9117547b4..2244d1f033ab 100644 --- a/arch/x86/mm/mem_encrypt_common.c +++ b/arch/x86/mm/mem_encrypt_common.c @@ -9,6 +9,7 @@ #include #include +#include #include /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */ @@ -37,3 +38,9 @@ void __init mem_encrypt_init(void) amd_mem_encrypt_init(); } +int arch_has_restricted_virtio_memory_access(void) +{ + return is_tdx_guest(); +} +EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access); + -- 2.25.4 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization