| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Mar 2024 12:46:07 +0200
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: tglx@...utronix.de,
mingo@...hat.com,
bp@...en8.de,
dave.hansen@...el.com
Cc: sathyanarayanan.kuppuswamy@...ux.intel.com,
hpa@...or.com,
seanjc@...gle.com,
elena.reshetova@...el.com,
rick.p.edgecombe@...el.com,
x86@...nel.org,
linux-kernel@...r.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: [PATCHv2 4/4] x86/tdx: Enable ENUM_TOPOLOGY
TDX 1.0 defines baseline behaviour of TDX guest platform. In TDX 1.0
generates a #VE when accessing topology-related CPUID leafs (0xB and
0x1F) and the X2APIC_APICID MSR. The kernel returns all zeros on CPUID
topology. Any complications will cause problems.
The ENUM_TOPOLOGY feature allows the VMM to provide topology
information to the guest. Enabling the feature eliminates
topology-related #VEs: the TDX module virtualizes accesses to
the CPUID leafs and the MSR.
Enable ENUM_TOPOLOGY if it is available.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
---
arch/x86/coco/tdx/tdx.c | 19 +++++++++++++++++++
arch/x86/include/asm/shared/tdx.h | 3 +++
2 files changed, 22 insertions(+)
diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 860bfdd5a11d..b2d969432a22 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -289,6 +289,25 @@ static void tdx_setup(u64 *cc_mask)
else
tdx_panic(msg);
}
+
+ /*
+ * TDX 1.0 generates a #VE when accessing topology-related CPUID leafs
+ * (0xB and 0x1F) and the X2APIC_APICID MSR. The kernel returns all
+ * zeros on CPUID #VEs. In practice, this means that the kernel can only
+ * boot with a plain topology. Any complications will cause problems.
+ *
+ * The ENUM_TOPOLOGY feature allows the VMM to provide topology
+ * information to the guest in a safe manner. Enabling the feature
+ * eliminates topology-related #VEs: the TDX module virtualizes
+ * accesses to the CPUID leafs and the MSR.
+ *
+ * Enable ENUM_TOPOLOGY if it is available.
+ */
+ if ((features & TDX_FEATURES0_ENUM_TOPOLOGY) &&
+ tdg_vm_rd(TDCS_TOPOLOGY_ENUM_CONFIGURED)) {
+ if (!tdcs_ctls_set(TD_CTLS_ENUM_TOPOLOGY))
+ pr_warn("Failed to enable ENUM_TOPOLOGY\n");
+ }
}
/*
diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h
index 29a61c72e4dd..2964c506b241 100644
--- a/arch/x86/include/asm/shared/tdx.h
+++ b/arch/x86/include/asm/shared/tdx.h
@@ -27,15 +27,18 @@
#define TDCS_CONFIG_FLAGS 0x1110000300000016
#define TDCS_TD_CTLS 0x1110000300000017
#define TDCS_NOTIFY_ENABLES 0x9100000000000010
+#define TDCS_TOPOLOGY_ENUM_CONFIGURED 0x9100000000000019
/* TDCS_TDX_FEATURES0 bits */
#define TDX_FEATURES0_PENDING_EPT_VIOLATION_V2 BIT_ULL(16)
+#define TDX_FEATURES0_ENUM_TOPOLOGY BIT_ULL(20)
/* TDCS_CONFIG_FLAGS bits */
#define TDCS_CONFIG_FLEXIBLE_PENDING_VE BIT_ULL(1)
/* TDCS_TD_CTLS bits */
#define TD_CTLS_PENDING_VE_DISABLE BIT_ULL(0)
+#define TD_CTLS_ENUM_TOPOLOGY BIT_ULL(1)
/* TDX hypercall Leaf IDs */
#define TDVMCALL_MAP_GPA 0x10001
--
2.43.0
Powered by blists - more mailing lists