[PATCH v3 0/5] Add TDX Guest Support (Debug support)

[PATCH v3 0/5] Add TDX Guest Support (Debug support)

[Kuppuswamy Sathyanarayanan]

Hi All,

Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious
hosts and some physical attacks.

Following patches adds tracepoint support for TDX Guest TDCALL requests
and #VE exceptions. It also includes helper function to detect TD-DEBUG
mode which will be used by patches in other TDX series to add TD-DEBUG
mode specific features support.

This series is the continuation of the following TDX guest related patches.

[set 1, v5] - https://lore.kernel.org/patchwork/project/lkml/list/?series=510805
[set 2, v4] - https://lore.kernel.org/patchwork/project/lkml/list/?series=510814
[set 3, v4] - https://lore.kernel.org/patchwork/project/lkml/list/?series=510816
[set 4, v4] - https://lore.kernel.org/patchwork/project/lkml/list/?series=510836

Also please note that this series alone is not necessarily fully
functional. You need to apply all the above 4 patch series to get 
a fully functional TDX guest.

Changes since v2:
 * Added taint flag support for TDX overrides.
 * Moved patch titled "x86/tdx: Add tdg_debug_enabled() interface" to
   the patch series which actually uses it.
 * Added support to override protected guest flags.

Changes since v1:
 * Rebased on top of v5.14-rc1.

Andi Kleen (2):
  Add taint flag for TDX overrides
  x86/tdx: Add option to override prot values

Kuppuswamy Sathyanarayanan (2):
  x86/tdx: Add TDCALL tracepoint
  x86/tdx: Expose TDX Guest #VE count in /proc/interrupts

Sean Christopherson (1):
  x86/tdx: Add #VE tracepoint

 .../admin-guide/kernel-parameters.txt         |   8 +
 Documentation/admin-guide/tainted-kernels.rst |   7 +-
 arch/x86/include/asm/hardirq.h                |   3 +
 arch/x86/include/asm/tdx.h                    |   2 +
 arch/x86/include/asm/trace/tdx.h              | 158 ++++++++++++++++++
 arch/x86/kernel/irq.c                         |   6 +
 arch/x86/kernel/tdx.c                         |  88 ++++++++--
 arch/x86/kernel/traps.c                       |   2 +
 include/linux/panic.h                         |   3 +-
 kernel/panic.c                                |   1 +
 10 files changed, 263 insertions(+), 15 deletions(-)
 create mode 100644 arch/x86/include/asm/trace/tdx.h

-- 
2.25.1

[PATCH v3 1/5] x86/tdx: Add #VE tracepoint

[Kuppuswamy Sathyanarayanan]

From: Sean Christopherson <sean.j.christopherson@intel.com>

Add tracepoint for tracing TDX guest #VE exceptions. It will dump
RIP, exit reason, exit qual, GPA, instruction length and instruction
info for each #VE exception occurred.

Also, make trace points RCU idle safe to avoid warnings when RCU
debugging is enabled.

Reviewed-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---

Changes since v2:
 * Modified tdg_virtualization_exception() to dump cx,ax,dx
   register contents.

 arch/x86/include/asm/trace/tdx.h | 59 ++++++++++++++++++++++++++++++++
 arch/x86/kernel/tdx.c            |  7 ++++
 2 files changed, 66 insertions(+)
 create mode 100644 arch/x86/include/asm/trace/tdx.h

diff --git a/arch/x86/include/asm/trace/tdx.h b/arch/x86/include/asm/trace/tdx.h
new file mode 100644
index 000000000000..46bae44e12e5
--- /dev/null
+++ b/arch/x86/include/asm/trace/tdx.h
@@ -0,0 +1,59 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#if !defined(_TRACE_TDX_H) || defined(TRACE_HEADER_MULTI_READ)
+#define _TRACE_TDX_H
+
+#include <linux/tracepoint.h>
+
+#include <uapi/asm/vmx.h>
+
+#undef TRACE_SYSTEM
+#define TRACE_SYSTEM tdx
+
+#ifdef CONFIG_INTEL_TDX_GUEST
+
+TRACE_EVENT(tdg_virtualization_exception,
+	    TP_PROTO(u64 rip, u32 exit_reason, u64 exit_qual,
+		     u64 gpa, u32 instr_len, u32 instr_info,
+		     u64 cx, u64 ax, u64 dx),
+	    TP_ARGS(rip, exit_reason, exit_qual, gpa, instr_len,
+		    instr_info, cx, ax, dx),
+	    TP_STRUCT__entry(
+			     __field(u64, rip)
+			     __field(u64, exit_qual)
+			     __field(u64, gpa)
+			     __field(u32, exit_reason)
+			     __field(u32, instr_len)
+			     __field(u32, instr_info)
+			     __field(u64, cx)
+			     __field(u64, ax)
+			     __field(u64, dx)
+			     ),
+	    TP_fast_assign(
+			   __entry->rip = rip;
+			   __entry->exit_qual = exit_qual;
+			   __entry->gpa = gpa;
+			   __entry->exit_reason = exit_reason;
+			   __entry->instr_len = instr_len;
+			   __entry->instr_info = instr_info;
+			   __entry->cx = cx;
+			   __entry->ax = ax;
+			   __entry->dx = dx;
+			   ),
+	    TP_printk("reason %s rip 0x%016llx len %u info 0x%08x qual 0x%016llx gpa 0x%016llx cx %llx ax %llx dx %llx",
+		      __print_symbolic(__entry->exit_reason, VMX_EXIT_REASONS),
+		      __entry->rip, __entry->instr_len, __entry->instr_info,
+		      __entry->exit_qual, __entry->gpa,
+		      __entry->cx, __entry->ax, __entry->dx
+		      )
+	    );
+
+#endif // CONFIG_INTEL_TDX_GUEST
+
+#undef TRACE_INCLUDE_PATH
+#define TRACE_INCLUDE_PATH asm/trace/
+#undef TRACE_INCLUDE_FILE
+#define TRACE_INCLUDE_FILE tdx
+#endif /* _TRACE_TDX_H */
+
+/* This part must be outside protection */
+#include <trace/define_trace.h>
diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c
index 1cf2443edb90..4b41baa56958 100644
--- a/arch/x86/kernel/tdx.c
+++ b/arch/x86/kernel/tdx.c
@@ -15,6 +15,9 @@
 #include <linux/sched/signal.h> /* force_sig_fault() */
 #include <linux/swiotlb.h>
 
+#define CREATE_TRACE_POINTS
+#include <asm/trace/tdx.h>
+
 /* TDX Module call Leaf IDs */
 #define TDINFO				1
 #define TDGETVEINFO			3
@@ -407,6 +410,10 @@ int tdg_handle_virtualization_exception(struct pt_regs *regs,
 	unsigned long val;
 	int ret = 0;
 
+	trace_tdg_virtualization_exception_rcuidle(regs->ip, ve->exit_reason,
+		ve->exit_qual, ve->gpa, ve->instr_len, ve->instr_info,
+		regs->cx, regs->ax, regs->dx);
+
 	switch (ve->exit_reason) {
 	case EXIT_REASON_HLT:
 		tdg_halt();
-- 
2.25.1

[PATCH v3 2/5] x86/tdx: Add TDCALL tracepoint

[Kuppuswamy Sathyanarayanan]

Add TDCALL tracepoint in __tdx_module_call() and
__tdx_hypercall() helper functions. These two helper functions
are core calls for triggering the "TDCALL" instruction. Having
a trace point for each TDCALL is useful for debugging and
performance analysis, as well as testing.

For __tdx_module_call(), it will dump info about TDCALL leaf
ID (RAX) and input parameters (RCX, RDX, R8, R9) in entry path
and TDCALL return status (RAX) and output parameters (RCX, RDX,
R8, R9, R10, R11) in exit path.

For __tdx_hypercall(), it will dump info about TDG.VP.VMCALL sub
ID (R11), and input parameters (R12-R15) in entry path and
TDG.VP.VMCALL return status (R10) and output parameters (R11-R15)
in exit path.

Also, make trace points RCU idle safe to avoid warnings when RCU
debugging is enabled.

Reviewed-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---

Changes since v2:
 * Added dummy out pointer for callers of _trace_tdx_hypercall() and
   _trace_tdx_modulecall() which does not pass explicit output pointers.

 arch/x86/include/asm/trace/tdx.h | 99 ++++++++++++++++++++++++++++++++
 arch/x86/kernel/tdx.c            | 66 ++++++++++++++++-----
 2 files changed, 152 insertions(+), 13 deletions(-)

diff --git a/arch/x86/include/asm/trace/tdx.h b/arch/x86/include/asm/trace/tdx.h
index 46bae44e12e5..e71b48e61fb1 100644
--- a/arch/x86/include/asm/trace/tdx.h
+++ b/arch/x86/include/asm/trace/tdx.h
@@ -47,6 +47,105 @@ TRACE_EVENT(tdg_virtualization_exception,
 		      )
 	    );
 
+TRACE_EVENT(tdx_module_call_enter,
+	    TP_PROTO(u64 id, u64 rcx, u64 rdx, u64 r8, u64 r9),
+	    TP_ARGS(id, rcx, rdx, r8, r9),
+	    TP_STRUCT__entry(
+		__field(u64, id)
+		__field(u64, rcx)
+		__field(u64, rdx)
+		__field(u64, r8)
+		__field(u64, r9)
+		),
+	    TP_fast_assign(
+		__entry->id  = id;
+		__entry->rcx = rcx;
+		__entry->rdx = rdx;
+		__entry->r8  = r8;
+		__entry->r9  = r9;
+		),
+	    TP_printk("id %lld rcx 0x%016llx rdx 0x%016llx r8 0x%016llx r9 0x%016llx",
+		      __entry->id, __entry->rcx, __entry->rdx,
+		      __entry->r8, __entry->r9
+		      )
+	    );
+
+TRACE_EVENT(tdx_module_call_exit,
+	    TP_PROTO(u64 rax, u64 rcx, u64 rdx, u64 r8, u64 r9,
+		     u64 r10, u64 r11),
+	    TP_ARGS(rax, rcx, rdx, r8, r9, r10, r11),
+	    TP_STRUCT__entry(
+		__field(u64, rax)
+		__field(u64, rcx)
+		__field(u64, rdx)
+		__field(u64, r8)
+		__field(u64, r9)
+		__field(u64, r10)
+		__field(u64, r11)
+		),
+	    TP_fast_assign(
+		__entry->rax = rax;
+		__entry->rcx = rcx;
+		__entry->rdx = rdx;
+		__entry->r8  = r8;
+		__entry->r9  = r9;
+		__entry->r10 = r10;
+		__entry->r11 = r11;
+		),
+	    TP_printk("ret %lld rcx 0x%016llx rdx 0x%016llx r8 0x%016llx r9 0x%016llx r10 0x%016llx r11 0x%016llx",
+		      __entry->rax, __entry->rcx, __entry->rdx,
+		      __entry->r8, __entry->r9, __entry->r10, __entry->r11
+		      )
+	    );
+
+TRACE_EVENT(tdx_hypercall_enter,
+	    TP_PROTO(u64 id, u64 r12, u64 r13, u64 r14, u64 r15),
+	    TP_ARGS(id, r12, r13, r14, r15),
+	    TP_STRUCT__entry(
+		__field(u64, id)
+		__field(u64, r12)
+		__field(u64, r13)
+		__field(u64, r14)
+		__field(u64, r15)
+		),
+	    TP_fast_assign(
+		__entry->id  = id;
+		__entry->r12 = r12;
+		__entry->r13 = r13;
+		__entry->r14 = r14;
+		__entry->r15 = r15;
+		),
+	    TP_printk("subfn %lld r12 0x%016llx r13 0x%016llx r14 0x%016llx r15 0x%016llx",
+		      __entry->id, __entry->r12, __entry->r13,
+		      __entry->r14, __entry->r15
+		      )
+	    );
+
+TRACE_EVENT(tdx_hypercall_exit,
+	    TP_PROTO(u64 r10, u64 r11, u64 r12, u64 r13, u64 r14, u64 r15),
+	    TP_ARGS(r10, r11, r12, r13, r14, r15),
+	    TP_STRUCT__entry(
+		__field(u64, r10)
+		__field(u64, r11)
+		__field(u64, r12)
+		__field(u64, r13)
+		__field(u64, r14)
+		__field(u64, r15)
+		),
+	    TP_fast_assign(
+		__entry->r10 = r10;
+		__entry->r11 = r11;
+		__entry->r12 = r12;
+		__entry->r13 = r13;
+		__entry->r14 = r14;
+		__entry->r15 = r15;
+		),
+	    TP_printk("ret %lld r11 0x%016llx r12 0x%016llx r13 0x%016llx r14 0x%016llx r15 0x%016llx",
+		      __entry->r10, __entry->r11, __entry->r12,
+		      __entry->r13, __entry->r14, __entry->r15
+		      )
+	    );
+
 #endif // CONFIG_INTEL_TDX_GUEST
 
 #undef TRACE_INCLUDE_PATH
diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c
index 4b41baa56958..644e90dfa587 100644
--- a/arch/x86/kernel/tdx.c
+++ b/arch/x86/kernel/tdx.c
@@ -64,6 +64,39 @@ static inline u64 _tdx_hypercall(u64 fn, u64 r12, u64 r13, u64 r14,
 	return out->r10;
 }
 
+/* Traced version of _tdx_hypercall() */
+static u64 _trace_tdx_hypercall(u64 fn, u64 r12, u64 r13, u64 r14, u64 r15,
+				struct tdx_hypercall_output *out)
+{
+	u64 err;
+	struct tdx_hypercall_output dummy_out = {};
+
+	trace_tdx_hypercall_enter_rcuidle(fn, r12, r13, r14, r15);
+	err = _tdx_hypercall(fn, r12, r13, r14, r15, out);
+	if (!out)
+		out = &dummy_out;
+	trace_tdx_hypercall_exit_rcuidle(err, out->r11, out->r12, out->r13,
+					 out->r14, out->r15);
+
+	return err;
+}
+
+static u64 __trace_tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9,
+				   struct tdx_module_output *out)
+{
+	u64 err;
+	struct tdx_module_output dummy_out = {};
+
+	trace_tdx_module_call_enter_rcuidle(fn, rcx, rdx, r8, r9);
+	err = __tdx_module_call(fn, rcx, rdx, r8, r9, out);
+	if (!out)
+		out = &dummy_out;
+	trace_tdx_module_call_exit_rcuidle(err, out->rcx, out->rdx, out->r8,
+					   out->r9, out->r10, out->r11);
+
+	return err;
+}
+
 static inline bool cpuid_has_tdx_guest(void)
 {
 	u32 eax, sig[3];
@@ -101,7 +134,7 @@ static void tdg_get_info(void)
 	u64 ret;
 	struct tdx_module_output out = {0};
 
-	ret = __tdx_module_call(TDINFO, 0, 0, 0, 0, &out);
+	ret = __trace_tdx_module_call(TDINFO, 0, 0, 0, 0, &out);
 
 	BUG_ON(ret);
 
@@ -116,7 +149,7 @@ static void tdg_accept_page(phys_addr_t gpa)
 {
 	u64 ret;
 
-	ret = __tdx_module_call(TDACCEPTPAGE, gpa, 0, 0, 0, NULL);
+	ret = __trace_tdx_module_call(TDACCEPTPAGE, gpa, 0, 0, 0, NULL);
 
 	BUG_ON(ret && TDCALL_RETURN_CODE(ret) != TDX_PAGE_ALREADY_ACCEPTED);
 }
@@ -157,7 +190,8 @@ static __cpuidle void tdg_halt(void)
 {
 	u64 ret;
 
-	ret = _tdx_hypercall(EXIT_REASON_HLT, irqs_disabled(), 0, 0, 0, NULL);
+	ret = _trace_tdx_hypercall(EXIT_REASON_HLT, irqs_disabled(),
+				   0, 0, 0, NULL);
 
 	/* It should never fail */
 	BUG_ON(ret);
@@ -174,7 +208,7 @@ static __cpuidle void tdg_safe_halt(void)
 	local_irq_enable();
 
 	/* IRQ is enabled, So set R12 as 0 */
-	ret = _tdx_hypercall(EXIT_REASON_HLT, 0, 0, 0, 1, NULL);
+	ret = _trace_tdx_hypercall(EXIT_REASON_HLT, 0, 0, 0, 1, NULL);
 
 	/* It should never fail */
 	BUG_ON(ret);
@@ -209,7 +243,7 @@ static u64 tdg_read_msr_safe(unsigned int msr, int *err)
 
 	WARN_ON_ONCE(tdg_is_context_switched_msr(msr));
 
-	ret = _tdx_hypercall(EXIT_REASON_MSR_READ, msr, 0, 0, 0, &out);
+	ret = _trace_tdx_hypercall(EXIT_REASON_MSR_READ, msr, 0, 0, 0, &out);
 
 	*err = ret ? -EIO : 0;
 
@@ -223,8 +257,8 @@ static int tdg_write_msr_safe(unsigned int msr, unsigned int low,
 
 	WARN_ON_ONCE(tdg_is_context_switched_msr(msr));
 
-	ret = _tdx_hypercall(EXIT_REASON_MSR_WRITE, msr, (u64)high << 32 | low,
-			     0, 0, NULL);
+	ret = _trace_tdx_hypercall(EXIT_REASON_MSR_WRITE, msr,
+				   (u64)high << 32 | low, 0, 0, NULL);
 
 	return ret ? -EIO : 0;
 }
@@ -234,7 +268,8 @@ static void tdg_handle_cpuid(struct pt_regs *regs)
 	u64 ret;
 	struct tdx_hypercall_output out = {0};
 
-	ret = _tdx_hypercall(EXIT_REASON_CPUID, regs->ax, regs->cx, 0, 0, &out);
+	ret = _trace_tdx_hypercall(EXIT_REASON_CPUID, regs->ax,
+				   regs->cx, 0, 0, &out);
 
 	WARN_ON(ret);
 
@@ -264,11 +299,16 @@ static void tdg_handle_io(struct pt_regs *regs, u32 exit_qual)
 	/* I/O strings ops are unrolled at build time. */
 	BUG_ON(string);
 
-	ret = _tdx_hypercall(EXIT_REASON_IO_INSTRUCTION, size, out, port,
-			     regs->ax, &outh);
 	if (!out) {
+		ret = _trace_tdx_hypercall(EXIT_REASON_IO_INSTRUCTION,
+					   size, out, port, regs->ax,
+					   &outh);
 		regs->ax &= ~mask;
 		regs->ax |= (ret ? UINT_MAX : outh.r11) & mask;
+	} else {
+		ret = _tdx_hypercall(EXIT_REASON_IO_INSTRUCTION,
+				     size, out, port, regs->ax,
+				     &outh);
 	}
 }
 
@@ -278,8 +318,8 @@ static unsigned long tdg_mmio(int size, bool write, unsigned long addr,
 	struct tdx_hypercall_output out = {0};
 	u64 err;
 
-	err = _tdx_hypercall(EXIT_REASON_EPT_VIOLATION, size, write,
-			     addr, *val, &out);
+	err = _trace_tdx_hypercall(EXIT_REASON_EPT_VIOLATION, size, write,
+				   addr, *val, &out);
 	*val = out.r11;
 	return err;
 }
@@ -392,7 +432,7 @@ unsigned long tdg_get_ve_info(struct ve_info *ve)
 	 * additional #VEs are permitted (but we don't expect them to
 	 * happen unless you panic).
 	 */
-	ret = __tdx_module_call(TDGETVEINFO, 0, 0, 0, 0, &out);
+	ret = __trace_tdx_module_call(TDGETVEINFO, 0, 0, 0, 0, &out);
 
 	ve->exit_reason = out.rcx;
 	ve->exit_qual   = out.rdx;
-- 
2.25.1

[PATCH v3 3/5] x86/tdx: Expose TDX Guest #VE count in /proc/interrupts

[Kuppuswamy Sathyanarayanan]

Add support to expose TD Guest Virtualization Exception (#VE) count
in /proc/interrupts. It is useful in performance analysis of TD Guest.

Reviewed-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---

Changes since v2:
 * None

 arch/x86/include/asm/hardirq.h | 3 +++
 arch/x86/kernel/irq.c          | 6 ++++++
 arch/x86/kernel/traps.c        | 2 ++
 3 files changed, 11 insertions(+)

diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h
index 275e7fd20310..07d79fa9c5c6 100644
--- a/arch/x86/include/asm/hardirq.h
+++ b/arch/x86/include/asm/hardirq.h
@@ -44,6 +44,9 @@ typedef struct {
 	unsigned int irq_hv_reenlightenment_count;
 	unsigned int hyperv_stimer0_count;
 #endif
+#if IS_ENABLED(CONFIG_INTEL_TDX_GUEST)
+	unsigned int tdg_ve_count;
+#endif
 } ____cacheline_aligned irq_cpustat_t;
 
 DECLARE_PER_CPU_SHARED_ALIGNED(irq_cpustat_t, irq_stat);
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
index e28f6a5d14f1..669869bd46ec 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -181,6 +181,12 @@ int arch_show_interrupts(struct seq_file *p, int prec)
 		seq_printf(p, "%10u ",
 			   irq_stats(j)->kvm_posted_intr_wakeup_ipis);
 	seq_puts(p, "  Posted-interrupt wakeup event\n");
+#endif
+#if IS_ENABLED(CONFIG_INTEL_TDX_GUEST)
+	seq_printf(p, "%*s: ", prec, "TGV");
+	for_each_online_cpu(j)
+		seq_printf(p, "%10u ", irq_stats(j)->tdg_ve_count);
+	seq_puts(p, "  TDX Guest VE event\n");
 #endif
 	return 0;
 }
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index be56f0281cb5..3673186876ec 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -1187,6 +1187,8 @@ DEFINE_IDTENTRY(exc_virtualization_exception)
 
 	RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU");
 
+	inc_irq_stat(tdg_ve_count);
+
 	/*
 	 * NMIs/Machine-checks/Interrupts will be in a disabled state
 	 * till TDGETVEINFO TDCALL is executed. This prevents #VE
-- 
2.25.1

[PATCH v3 4/5] Add taint flag for TDX overrides

[Kuppuswamy Sathyanarayanan]

From: Andi Kleen <ak@linux.intel.com>

Add a new taint flag TAINT_CONF_NO_LOCKDOWN that is set when
the default hardening against untrusted hosts in TDX is overridden
on the command line. The flag is set when the device or ACPI
filters are disabled.

The main use cases is for applications to detect that they
might run in a potentially insecure configuration through
/proc/sys/kernel/taint.

The setting is not intended for attestation, which should attest the
kernel command line anyways.

I picked 'Y' for the oops flag, although this type of taint is probably
not too useful for crashes, since there weren't any other good letters
left.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
 Documentation/admin-guide/tainted-kernels.rst | 7 ++++++-
 include/linux/panic.h                         | 3 ++-
 kernel/panic.c                                | 1 +
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst
index ceeed7b0798d..65c58092ec35 100644
--- a/Documentation/admin-guide/tainted-kernels.rst
+++ b/Documentation/admin-guide/tainted-kernels.rst
@@ -100,7 +100,8 @@ Bit  Log  Number  Reason that got the kernel tainted
  15  _/K   32768  kernel has been live patched
  16  _/X   65536  auxiliary taint, defined for and used by distros
  17  _/T  131072  kernel was built with the struct randomization plugin
-===  ===  ======  ========================================================
+ 18  _/Y  262144  confidential guest (like TDX guest) without full lockdown
+===  ===  ======  =========================================================
 
 Note: The character ``_`` is representing a blank in this table to make reading
 easier.
@@ -175,3 +176,7 @@ More detailed explanation for tainting
      produce extremely unusual kernel structure layouts (even performance
      pathological ones), which is important to know when debugging. Set at
      build time.
+
+ 18) ``Y`` Kernel is running as a confidential guest on a untrusted
+     hypervisor (e.g. TDX), but has disabled some lock down options that could
+     make the kernel attackable from the host.
diff --git a/include/linux/panic.h b/include/linux/panic.h
index f5844908a089..9ac10689a432 100644
--- a/include/linux/panic.h
+++ b/include/linux/panic.h
@@ -74,7 +74,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout)
 #define TAINT_LIVEPATCH			15
 #define TAINT_AUX			16
 #define TAINT_RANDSTRUCT		17
-#define TAINT_FLAGS_COUNT		18
+#define TAINT_CONF_NO_LOCKDOWN		18
+#define TAINT_FLAGS_COUNT		19
 #define TAINT_FLAGS_MAX			((1UL << TAINT_FLAGS_COUNT) - 1)
 
 struct taint_flag {
diff --git a/kernel/panic.c b/kernel/panic.c
index edad89660a2b..1557f864bec0 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -387,6 +387,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
 	[ TAINT_LIVEPATCH ]		= { 'K', ' ', true },
 	[ TAINT_AUX ]			= { 'X', ' ', true },
 	[ TAINT_RANDSTRUCT ]		= { 'T', ' ', true },
+	[ TAINT_CONF_NO_LOCKDOWN ]	= { 'Y', ' ', true },
 };
 
 /**
-- 
2.25.1

[PATCH v3 5/5] x86/tdx: Add option to override prot values

[Kuppuswamy Sathyanarayanan]

From: Andi Kleen <ak@linux.intel.com>

The kernel internally uses prot_guest_has to configure various behavior
specific to confidential guests. Allow to clear a single value. This is
mainly useful for debugging and not very user friendly because the hex
values from the include file have to be used. But for debugging it's
good enough and it matches the existing clear_cpuid option.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
 Documentation/admin-guide/kernel-parameters.txt |  8 ++++++++
 arch/x86/include/asm/tdx.h                      |  2 ++
 arch/x86/kernel/tdx.c                           | 15 +++++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index ba390be62f89..10776a743e74 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5573,6 +5573,14 @@
 
 	tdfx=		[HW,DRM]
 
+	tdx_prot_clear=val
+			Clear a prot setting for TDX. See
+			include/linux/protected_guest.h for the allowed
+			values. Only a single value can be overridden.
+			Note that invalid values here may break the TDX kernel,
+			this is mainly for debugging. Clearing protections
+			may cause security holes.
+
 	test_suspend=	[SUSPEND][,N]
 			Specify "mem" (for Suspend-to-RAM) or "standby" (for
 			standby suspend) or "freeze" (for suspend type freeze)
diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index 665c8cf57d5b..dd5459ece9aa 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -67,6 +67,8 @@ enum tdx_map_type {
 
 #ifdef CONFIG_INTEL_TDX_GUEST
 
+extern unsigned int tdg_disable_prot;
+
 void __init tdx_early_init(void);
 
 bool tdx_prot_guest_has(unsigned long flag);
diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c
index 644e90dfa587..bfa168f3f09c 100644
--- a/arch/x86/kernel/tdx.c
+++ b/arch/x86/kernel/tdx.c
@@ -12,6 +12,7 @@
 #include <asm/vmx.h>
 #include <asm/insn.h>
 #include <asm/insn-eval.h>
+#include <asm/cmdline.h>
 #include <linux/sched/signal.h> /* force_sig_fault() */
 #include <linux/swiotlb.h>
 
@@ -41,6 +42,8 @@ static struct {
 	unsigned long attributes;
 } td_info __ro_after_init;
 
+unsigned int tdg_disable_prot = -1;
+
 /*
  * Wrapper for standard use of __tdx_hypercall with BUG_ON() check
  * for TDCALL error.
@@ -111,6 +114,9 @@ static inline bool cpuid_has_tdx_guest(void)
 
 bool tdx_prot_guest_has(unsigned long flag)
 {
+	if (flag == tdg_disable_prot)
+		return false;
+
 	switch (flag) {
 	case PATTR_GUEST_TDX:
 	case PATTR_GUEST_UNROLL_STRING_IO:
@@ -555,6 +561,8 @@ __init bool tdg_early_handle_ve(struct pt_regs *regs)
 
 void __init tdx_early_init(void)
 {
+	char prot_clear[30];
+
 	if (!cpuid_has_tdx_guest())
 		return;
 
@@ -572,5 +580,12 @@ void __init tdx_early_init(void)
 	cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "tdg:cpu_hotplug",
 			  NULL, tdg_cpu_offline_prepare);
 
+	if (cmdline_find_option(boot_command_line, "tdx_prot_clear",
+				prot_clear, sizeof(prot_clear))) {
+		if (kstrtouint(prot_clear, 0, &tdg_disable_prot))
+			pr_err("Unparsable tdx_prot_clear= option\n");
+		add_taint(TAINT_CONF_NO_LOCKDOWN, LOCKDEP_STILL_OK);
+	}
+
 	pr_info("Guest initialized\n");
 }
-- 
2.25.1