From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 187EBC433FE
	for <linux-mm@archiver.kernel.org>; Mon, 21 Nov 2022 22:00:24 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 89FEF6B0071; Mon, 21 Nov 2022 17:00:23 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 84EFF6B0073; Mon, 21 Nov 2022 17:00:23 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 716F28E0001; Mon, 21 Nov 2022 17:00:23 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 5F6136B0071
	for <linux-mm@kvack.org>; Mon, 21 Nov 2022 17:00:23 -0500 (EST)
Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 0A2DF80626
	for <linux-mm@kvack.org>; Mon, 21 Nov 2022 22:00:23 +0000 (UTC)
X-FDA: 80158818726.19.7487BE2
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
	by imf18.hostedemail.com (Postfix) with ESMTP id 3E51F1C0018
	for <linux-mm@kvack.org>; Mon, 21 Nov 2022 22:00:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1669068021; x=1700604021;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=+ma0WakvZrX/QeghPHE60d1tluXLn7n6TDwbT58Zem4=;
  b=i3qIMkJdIhQErC5FLGg8t/FDSb1draHojogQZAJMYsbzjcTK/pPaGVur
   wtI41RIz6/nvrEI/nu2ATN01LZDSvxlsNE9jHWlDxoBgf9BkUgj01Iudc
   pTGgk290bmKMSUaIhEFGJVL+ZJF9kWVHFdu+7lQOGnmAXaCJHilnTUatg
   CGH3h1/TYCqX69iLSBRbHAsWvMgLugnhVv1X0HL4vUlfpMCeT1kKFUCYT
   RYq4h1/65uMKZA+Sg4SJt0vdRMVAvQpM0lNPUgaSnRkU9iIP88FKV60xz
   FqFmV1eWrVXHfBEuaOHMTSx+0t7SXD0SmJnxGwOiyQN8QVyyOZ+mmLo3B
   g==;
X-IronPort-AV: E=McAfee;i="6500,9779,10538"; a="313700274"
X-IronPort-AV: E=Sophos;i="5.96,182,1665471600"; 
   d="scan'208";a="313700274"
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2022 14:00:19 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10538"; a="886277273"
X-IronPort-AV: E=Sophos;i="5.96,182,1665471600"; 
   d="scan'208";a="886277273"
Received: from dylanhol-mobl.amr.corp.intel.com (HELO [10.212.242.103]) ([10.212.242.103])
  by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2022 14:00:16 -0800
Message-ID: <cb64427e-31a2-eac0-a7f6-546571ac2724@linux.intel.com>
Date: Mon, 21 Nov 2022 14:00:14 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Firefox/102.0 Thunderbird/102.4.2
Subject: Re: [PATCH v7 03/20] x86/virt/tdx: Disable TDX if X2APIC is not
 enabled
Content-Language: en-US
To: "Huang, Kai" <kai.huang@intel.com>,
 "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
 "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: "Hansen, Dave" <dave.hansen@intel.com>, "Luck, Tony"
 <tony.luck@intel.com>, "bagasdotme@gmail.com" <bagasdotme@gmail.com>,
 "ak@linux.intel.com" <ak@linux.intel.com>,
 "Wysocki, Rafael J" <rafael.j.wysocki@intel.com>,
 "kirill.shutemov@linux.intel.com" <kirill.shutemov@linux.intel.com>,
 "Christopherson,, Sean" <seanjc@google.com>,
 "Chatre, Reinette" <reinette.chatre@intel.com>,
 "pbonzini@redhat.com" <pbonzini@redhat.com>,
 "linux-mm@kvack.org" <linux-mm@kvack.org>,
 "Yamahata, Isaku" <isaku.yamahata@intel.com>,
 "peterz@infradead.org" <peterz@infradead.org>,
 "Shahar, Sagi" <sagis@google.com>, "imammedo@redhat.com"
 <imammedo@redhat.com>, "Gao, Chao" <chao.gao@intel.com>,
 "Brown, Len" <len.brown@intel.com>, "Huang, Ying" <ying.huang@intel.com>,
 "Williams, Dan J" <dan.j.williams@intel.com>
References: <cover.1668988357.git.kai.huang@intel.com>
 <c5f484c1a87ee052597fd5f539cf021f158755b9.1668988357.git.kai.huang@intel.com>
 <62c67ed3-e4d1-082f-800a-b0837c9432a9@linux.intel.com>
 <31cb1df3cf21889fb33a7c675aa1bf5fa2078cad.camel@intel.com>
From: Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com>
In-Reply-To: <31cb1df3cf21889fb33a7c675aa1bf5fa2078cad.camel@intel.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1669068021; a=rsa-sha256;
	cv=none;
	b=MysTOhwghmO5T1ce3ZEab1msmbmWh2ghJG1mj7YmVrRyWw+eoUIZNdUyvBe/hOUtt5WK2E
	T49ZpyZBdbrDvDDaetx7bzegyoWUavuoIziLg3DpDfNyLPtp2x1R1n61EYCqOcL0vr+TpS
	l2+uc9AaOGVupTWuzhubJpHsqXienSM=
ARC-Authentication-Results: i=1;
	imf18.hostedemail.com;
	dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=i3qIMkJd;
	spf=none (imf18.hostedemail.com: domain of sathyanarayanan.kuppuswamy@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=sathyanarayanan.kuppuswamy@linux.intel.com;
	dmarc=fail reason="No valid SPF" header.from=intel.com (policy=none)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1669068021;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=JvBbrJsG/05t2k1v3pcj/TY3qVXVaPPBcSSJUvRYeyQ=;
	b=Z8OuY267IhsQXOAiz2xUz6Kl7eFCQxIwQRssJllnmXnV1a5+MQSyyr/I5KGm+Et9tlX9Qt
	kwMl4+Bc/o4O/3ReqbpZfSN9cEgzrRGup2btolLG1encevRQuhoqScN5ol8u8FxEcCFxvs
	BN0ojSpyCjJuf7gn2p5p2z8zG9kbueI=
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 3E51F1C0018
Authentication-Results: imf18.hostedemail.com;
	dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=i3qIMkJd;
	spf=none (imf18.hostedemail.com: domain of sathyanarayanan.kuppuswamy@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=sathyanarayanan.kuppuswamy@linux.intel.com;
	dmarc=fail reason="No valid SPF" header.from=intel.com (policy=none)
X-Rspam-User: 
X-Stat-Signature: n1hc6dijanbdccezz34ingr9r7qbijiu
X-HE-Tag: 1669068020-951930
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>



On 11/21/22 1:44 AM, Huang, Kai wrote:
> On Sun, 2022-11-20 at 19:51 -0800, Sathyanarayanan Kuppuswamy wrote:
>>
>> On 11/20/22 4:26 PM, Kai Huang wrote:
>>> The MMIO/xAPIC interface has some problems, most notably the APIC LEAK
>>
>> "some problems" looks more generic. May be we can be specific here. Like
>> it has security issues?
> 
> It was quoted from below upstream commit id (I only kept the one that I quoted
> to save space):

Ok.

> 
> commit b8d1d163604bd1e600b062fb00de5dc42baa355f (tag: x86_apic_for_v6.1_rc1,
> tip/x86/apic)
> Author: Daniel Sneddon <daniel.sneddon@linux.intel.com>
> Date:   Tue Aug 16 16:19:42 2022 -0700
> 
>     x86/apic: Don't disable x2APIC if locked
>     
>     ....
>     
>     The MMIO/xAPIC interface has some problems, most notably the APIC LEAK
>     [1].  This bug allows an attacker to use the APIC MMIO interface to
>     extract data from the SGX enclave.
>     
>     ....
>     
>     [1]: https://aepicleak.com/aepicleak.pdf
>     
>     Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
>     Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
>     Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
>     Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
>     Link:
> https://lkml.kernel.org/r/20220816231943.1152579-1-daniel.sneddon@linux.intel.com
> 
> 
>>
>>> [1].  This bug allows an attacker to use the APIC MMIO interface to
>>> extract data from the SGX enclave.
>>>
>>> TDX is not immune from this either.  Early check X2APIC and disable TDX
>>> if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC.
>>>
>>> [1]: https://aepicleak.com/aepicleak.pdf
>>>
>>> Link: https://lore.kernel.org/lkml/d6ffb489-7024-ff74-bd2f-d1e06573bb82@intel.com/
>>> Link: https://lore.kernel.org/lkml/ba80b303-31bf-d44a-b05d-5c0f83038798@intel.com/
>>> Signed-off-by: Kai Huang <kai.huang@intel.com>
>>> ---
>>>
>>> v6 -> v7:
>>>  - Changed to use "Link" for the two lore links to get rid of checkpatch
>>>    warning.
>>>
>>> ---
>>>  arch/x86/Kconfig            |  1 +
>>>  arch/x86/virt/vmx/tdx/tdx.c | 11 +++++++++++
>>>  2 files changed, 12 insertions(+)
>>>
>>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
>>> index cced4ef3bfb2..dd333b46fafb 100644
>>> --- a/arch/x86/Kconfig
>>> +++ b/arch/x86/Kconfig
>>> @@ -1958,6 +1958,7 @@ config INTEL_TDX_HOST
>>>  	depends on CPU_SUP_INTEL
>>>  	depends on X86_64
>>>  	depends on KVM_INTEL
>>> +	depends on X86_X2APIC
>>>  	help
>>>  	  Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
>>>  	  host and certain physical attacks.  This option enables necessary TDX
>>> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
>>> index 982d9c453b6b..8d943bdc8335 100644
>>> --- a/arch/x86/virt/vmx/tdx/tdx.c
>>> +++ b/arch/x86/virt/vmx/tdx/tdx.c
>>> @@ -12,6 +12,7 @@
>>>  #include <linux/printk.h>
>>>  #include <asm/msr-index.h>
>>>  #include <asm/msr.h>
>>> +#include <asm/apic.h>
>>>  #include <asm/tdx.h>
>>>  #include "tdx.h"
>>>  
>>> @@ -81,6 +82,16 @@ static int __init tdx_init(void)
>>>  		goto no_tdx;
>>>  	}
>>>  
>>> +	/*
>>> +	 * TDX requires X2APIC being enabled to prevent potential data
>>> +	 * leak via APIC MMIO registers.  Just disable TDX if not using
>>> +	 * X2APIC.
>>
>> Remove the double space.
> 
> Sorry which "double space"?

Before Just disable. It looked like double space. Is it not?

> 
>>
>>> +	 */
>>> +	if (!x2apic_enabled()) {
>>> +		pr_info("Disable TDX as X2APIC is not enabled.\n");
>>
>> pr_warn()?
> 
> Why?

Since it is a failure case, I thought pr_warn would be better. It is up
to you.

> 

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer