Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp5101859rwb;
        Mon, 21 Nov 2022 16:51:39 -0800 (PST)
X-Google-Smtp-Source: AA0mqf5hL1Ce9f/r6iz6ELIOXiKRuUczm+GRpMar0GGrB3WqP+tv8lurrqDMK/YlQ/AEIuQfEhDD
X-Received: by 2002:aa7:90c6:0:b0:573:ede1:a46b with SMTP id k6-20020aa790c6000000b00573ede1a46bmr1702370pfk.58.1669078299338;
        Mon, 21 Nov 2022 16:51:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669078299; cv=none;
        d=google.com; s=arc-20160816;
        b=tT12gUsMcj7FRbtVlIraGouhcdaZffxOT+WT0UUhL+grIjfUxEqahBjMQ7RN1hdTUA
         tZtDXVHKyaQhz3bsAp+ZOB9raEuoS1Z3RRE0GxQywlLrbo2VueHEQ8jn2cUi4om4AMvP
         b0mczvtP4HlJ6Gm3JL8X7OjlP0FB58fJ33cSiHffyQ/QCrpCSptROGxobhACbzgv98lf
         bzRLNbvBUArjiyZ3MnQ35BT/30bvths9UjDjQl5dg70w0SnLACqm3qfUZsoUqBNoe+ZW
         Te9LYPevIxZfLqhJwanLeYYhy7m30kkn2I6jYHoj9FGJytzJ6lkRyrxyszDuXXc+li3Q
         vM7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=6NgcnEdWVpMVpFNJphKSPqtM1NZ0GDraTUl2o9PylJg=;
        b=wNZDSEKrD8F/lAgilcXL9kwKkdX0beYPCC9GlJuNw/qNSBCi4yp6voS0b9pQlXZBrt
         yVLDhvHdCFmabQmcibQ+V6zT83/uC8IHM1/eaw+Nt7dsmkh/2tllfDaMo+hBqA2Fq+cI
         Je9TPuQAQmFMYwsroGsS/bVpCJ/ngTOzEmxcEX+b9Z74jpL29EJUMrIr2h6VsBT8V1b6
         7icqm/0BqAa1Yy33KiGSONOXq1TYtBniutTsXupxpRSjgAph0KGR2v8KXARBaRiYxfhp
         QmKhIu+hF2Ql7jeg6UMgMqyFfUh+NLfU/ByfJRhnJmtf0MIIr10OpYXKlJ3/BICX0Igk
         hkvw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b="iS/hwFUa";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id l6-20020a170902ec0600b0018659ff71d2si11645364pld.62.2022.11.21.16.51.25;
        Mon, 21 Nov 2022 16:51:39 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b="iS/hwFUa";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231959AbiKUXrS (ORCPT <rfc822;2bno13@gmail.com> + 91 others);
        Mon, 21 Nov 2022 18:47:18 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53692 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232109AbiKUXqo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 Nov 2022 18:46:44 -0500
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 48E7D13DD3;
        Mon, 21 Nov 2022 15:46:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1669074399; x=1700610399;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=ChUK9z0fO3txURJegQq1Ot4LtVL2rrlg1GScs2p04DM=;
  b=iS/hwFUaKLgyruDqKWzqHOdXSputqjWHzKeC6GpTTPpfoqupCYLMfiUn
   i0NV7PmYkMy1jDrJlk5wQsnoWOJHm9u8vWJ+DzwuOLiWWqieDyK8k5JUM
   yOqDrCFLOgxwb8aWYLn5Dex6qoMghI52OFQsIwdwiXWUHtmuL/1PLMIgh
   C9Rnn8dquzVX/MQlx+6X6/tKtq+jXrajCEFBbCKbQNuAr4yQcf56plsW5
   M2m3u1+lGfYy0omhStuR1c2gfxVG1jUKV+kQPNWMgsIYfk4kx/Qz/3HlD
   7Dg8my0MtgrkH4q440owC3tYMzvucNY16uyH51AtXIMQ2sQ1IfLnvmKdu
   Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10538"; a="293397329"
X-IronPort-AV: E=Sophos;i="5.96,182,1665471600"; 
   d="scan'208";a="293397329"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2022 15:46:38 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10538"; a="747109361"
X-IronPort-AV: E=Sophos;i="5.96,182,1665471600"; 
   d="scan'208";a="747109361"
Received: from ticela-or-327.amr.corp.intel.com (HELO [10.209.6.63]) ([10.209.6.63])
  by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2022 15:46:36 -0800
Message-ID: <87e17024-755d-e195-d9ea-ef62a4de6aa8@intel.com>
Date:   Mon, 21 Nov 2022 15:46:35 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Subject: Re: [PATCH v7 03/20] x86/virt/tdx: Disable TDX if X2APIC is not
 enabled
Content-Language: en-US
To:     Kai Huang <kai.huang@intel.com>, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org
Cc:     linux-mm@kvack.org, seanjc@google.com, pbonzini@redhat.com,
        dan.j.williams@intel.com, rafael.j.wysocki@intel.com,
        kirill.shutemov@linux.intel.com, ying.huang@intel.com,
        reinette.chatre@intel.com, len.brown@intel.com,
        tony.luck@intel.com, peterz@infradead.org, ak@linux.intel.com,
        isaku.yamahata@intel.com, chao.gao@intel.com,
        sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com,
        sagis@google.com, imammedo@redhat.com
References: <cover.1668988357.git.kai.huang@intel.com>
 <c5f484c1a87ee052597fd5f539cf021f158755b9.1668988357.git.kai.huang@intel.com>
From:   Dave Hansen <dave.hansen@intel.com>
In-Reply-To: <c5f484c1a87ee052597fd5f539cf021f158755b9.1668988357.git.kai.huang@intel.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,
        RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/20/22 16:26, Kai Huang wrote:
> The MMIO/xAPIC interface has some problems, most notably the APIC LEAK
> [1].  This bug allows an attacker to use the APIC MMIO interface to
> extract data from the SGX enclave.
> 
> TDX is not immune from this either.  Early check X2APIC and disable TDX
> if X2APIC is not enabled, and make INTEL_TDX_HOST depend on X86_X2APIC.

This makes no sense.

This is TDX host code.  TDX hosts are untrusted.  Zero of the TDX
security guarantees are provided by the host.

What is the benefit of disabling TDX from the host if x2APIC is not
enabled?  It can't be for security reasons since the host does not help
provide TDX security guarantees.  It also can't be for SGX because SGX
doesn't depend on the OS doing anything in order to be secure.

So, this boils down to the most fundamental of questions you need to
answer about every patch:

What does this code do?

What end-user-visible effect is there if this code is not present?