[SRU][N:linux-intel][PATCH 1/1] UBUNTU: SAUCE: KVM: TDX: Register TDX host key IDs to cgroup misc controller

Thibault Ferrante thibault.ferrante at canonical.com
Wed Apr 2 19:57:02 UTC 2025 

From: Zhiming Hu <zhiming.hu at intel.com>

BugLink: https://bugs.launchpad.net/bugs/2104946

TDX host key IDs (HKID) are limit resources in a machine, and the misc
cgroup lets the machine owner track their usage and limits the possibility
of abusing them outside the owner's control.

The cgroup v2 miscellaneous subsystem was introduced to control the
resource of AMD SEV & SEV-ES ASIDs.  Likewise introduce HKIDs as a misc
resource.

Signed-off-by: Zhiming Hu <zhiming.hu at intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata at intel.com>
Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
Link: https://lore.kernel.org/all/20250220170604.2279312-31-pbonzini@redhat.com/
[thibf: reworked to be compatible with 6.8]
Signed-off-by: Thibault Ferrante <thibault.ferrante at canonical.com>
---
 arch/x86/include/asm/tdx.h  |  2 ++
 arch/x86/kvm/vmx/tdx.c      | 15 +++++++++++++++
 arch/x86/kvm/vmx/tdx.h      |  1 +
 arch/x86/virt/vmx/tdx/tdx.c |  6 ++++++
 include/linux/misc_cgroup.h |  4 ++++
 kernel/cgroup/misc.c        |  5 +++++
 6 files changed, 33 insertions(+)

diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index db740b5f8bf5..ca057e1285d1 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -123,6 +123,7 @@ int tdx_enable(void);
 const char *tdx_dump_mce_info(struct mce *m);
 void tdx_reset_memory(void);
 
+u32 tdx_get_nr_guest_keyids(void);
 struct notifier_block;
 
 int tdx_register_memory_reset_notifier(struct notifier_block *nb);
@@ -153,6 +154,7 @@ int tdx_sys_metadata_field_read(u64 field_id, u64 *data);
 static inline void tdx_init(void) { }
 static inline int tdx_cpu_enable(void) { return -ENODEV; }
 static inline int tdx_enable(void)  { return -ENODEV; }
+static u32 tdx_get_nr_guest_keyids(void) { return 0; }
 static inline const char *tdx_dump_mce_info(struct mce *m) { return NULL; }
 static inline void tdx_reset_memory(void) { }
 
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 85700fb90665..80d3f5bb8481 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -3,6 +3,7 @@
 #include <linux/mmu_context.h>
 
 #include <asm/fpu/xcr.h>
+#include <linux/misc_cgroup.h>
 #include <asm/tdx.h>
 
 #include "capabilities.h"
@@ -190,6 +191,9 @@ static inline void tdx_hkid_free(struct kvm_tdx *kvm_tdx)
 	tdx_guest_keyid_free(kvm_tdx->hkid);
 	kvm_tdx->hkid = -1;
 	atomic_dec(&nr_configured_hkid);
+	misc_cg_uncharge(MISC_CG_RES_TDX, kvm_tdx->misc_cg, 1);
+	put_misc_cg(kvm_tdx->misc_cg);
+	kvm_tdx->misc_cg = NULL;
 }
 
 static inline bool is_hkid_assigned(struct kvm_tdx *kvm_tdx)
@@ -2532,6 +2536,11 @@ static int __tdx_td_init(struct kvm *kvm, struct td_params *td_params,
 	if (ret < 0)
 		return ret;
 	kvm_tdx->hkid = ret;
+	kvm_tdx->misc_cg = get_current_misc_cg();
+	ret = misc_cg_try_charge(MISC_CG_RES_TDX, kvm_tdx->misc_cg, 1);
+	if (ret)
+		goto free_hkid;
+
 	atomic_inc(&nr_configured_hkid);
 
 	va = __get_free_page(GFP_KERNEL_ACCOUNT);
@@ -3432,6 +3441,11 @@ int __init tdx_hardware_setup(struct kvm_x86_ops *x86_ops)
 	x86_ops->zap_private_spte = tdx_sept_zap_private_spte;
 	x86_ops->unzap_private_spte = tdx_sept_unzap_private_spte;
 
+        if (misc_cg_set_capacity(MISC_CG_RES_TDX, tdx_get_nr_guest_keyids())) {
+                r = -EINVAL;
+                goto out;
+        }
+
 	return 0;
 
 out:
@@ -3443,6 +3457,7 @@ int __init tdx_hardware_setup(struct kvm_x86_ops *x86_ops)
 
 void tdx_hardware_unsetup(void)
 {
+	misc_cg_set_capacity(MISC_CG_RES_TDX, 0);
 	kfree(tdx_info);
 	kfree(tdx_mng_key_config_lock);
 }
diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h
index af3a2b8afee8..6080037de78e 100644
--- a/arch/x86/kvm/vmx/tdx.h
+++ b/arch/x86/kvm/vmx/tdx.h
@@ -10,6 +10,7 @@
 
 struct kvm_tdx {
 	struct kvm kvm;
+	struct misc_cg *misc_cg;
 
 	unsigned long tdr_pa;
 	unsigned long *tdcs_pa;
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 65127858c885..4d18a4211566 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -1733,3 +1733,9 @@ void tdx_reset_memory(void)
 	 */
 	tdmrs_reset_pamt_all(&tdx_tdmr_list);
 }
+
+u32 tdx_get_nr_guest_keyids(void)
+{
+       return tdx_nr_guest_keyids;
+}
+EXPORT_SYMBOL_GPL(tdx_get_nr_guest_keyids);
diff --git a/include/linux/misc_cgroup.h b/include/linux/misc_cgroup.h
index e799b1f8d05b..a3b30934f39b 100644
--- a/include/linux/misc_cgroup.h
+++ b/include/linux/misc_cgroup.h
@@ -17,6 +17,10 @@ enum misc_res_type {
 	MISC_CG_RES_SEV,
 	/* AMD SEV-ES ASIDs resource */
 	MISC_CG_RES_SEV_ES,
+#endif
+#ifdef CONFIG_INTEL_TDX_HOST
+       /* Intel TDX HKIDs resource */
+       MISC_CG_RES_TDX,
 #endif
 	MISC_CG_RES_TYPES
 };
diff --git a/kernel/cgroup/misc.c b/kernel/cgroup/misc.c
index 79a3717a5803..2752c904da73 100644
--- a/kernel/cgroup/misc.c
+++ b/kernel/cgroup/misc.c
@@ -24,6 +24,11 @@ static const char *const misc_res_name[] = {
 	/* AMD SEV-ES ASIDs resource */
 	"sev_es",
 #endif
+#ifdef CONFIG_INTEL_TDX_HOST
+       /* Intel TDX HKIDs resource */
+       "tdx",
+#endif
+
 };
 
 /* Root misc cgroup */
-- 
2.48.1

More information about the kernel-team mailing list