x86/tdx: Allow 32-bit emulation by default

jira VULN-772
cve CVE-2024-25744
commit-author Kirill A. Shutemov <[email protected]>
commit f4116bf

32-bit emulation was disabled on TDX to prevent a possible attack by
a VMM injecting an interrupt on vector 0x80.

Now that int80_emulation() has a check for external interrupts the
limitation can be lifted.

To distinguish software interrupts from external ones, int80_emulation()
checks the APIC ISR bit relevant to the 0x80 vector. For
software interrupts, this bit will be 0.

On TDX, the VAPIC state (including ISR) is protected and cannot be
manipulated by the VMM. The ISR bit is set by the microcode flow during
the handling of posted interrupts.

[ dhansen: more changelog tweaks ]

	Signed-off-by: Kirill A. Shutemov <[email protected]>
	Signed-off-by: Dave Hansen <[email protected]>
	Reviewed-by: Thomas Gleixner <[email protected]>
	Reviewed-by: Borislav Petkov (AMD) <[email protected]>
	Cc: <[email protected]> # v6.0+
(cherry picked from commit f4116bf)
	Signed-off-by: Marcin Wcisło <[email protected]>

Author: pvts-mat

arch/x86/coco/tdx/tdx.c

@@ -825,14 +825,5 @@ void __init tdx_early_init(void)
 	x86_platform.guest.enc_tlb_flush_required   = tdx_tlb_flush_required;
 	x86_platform.guest.enc_status_change_finish = tdx_enc_status_changed;
 
-	/*
-	 * The VMM is capable of injecting interrupt 0x80 and triggering the
-	 * compatibility syscall path.
-	 *
-	 * By default, the 32-bit emulation is disabled in order to ensure
-	 * the safety of the VM.
-	 */
-	ia32_disable();
-
 	pr_info("Guest detected\n");
 }