Re: [PATCH] KVM: SVM: fix trashing of MSR_TSC_AUX

[Borislav Petkov <bp@alien8.de>]

On Wed, Jul 06, 2016 at 03:43:16PM +0200, Paolo Bonzini wrote:
> I don't know what I was thinking when I wrote commit 46896c73c1a4 ("KVM:
> svm: add support for RDTSCP", 2015-11-12); I missed write_rdtscp_aux which
> obviously uses MSR_TSC_AUX.
> 
> Therefore we do need to save/restore MSR_TSC_AUX in svm_vcpu_run.
> 
> Cc: stable@vger.kernel.org
> Cc: Borislav Petkov <bp@alien8.de>
> Fixes: 46896c73c1a4 ("KVM: svm: add support for RDTSCP")
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Something's still missing. I have a small program which does RDTSCP in
the guest:

$ taskset -c 3 ./rdtscp
aux1: 0x0
aux2: 0x0
p1: 195514968442, p2: 195515255582, 287140

and the aux things which are %ecx, are 0 (should be 3 in that case).

It did work with my patch with the RDTSCP intercept:

$ taskset -c 3 ./rdtscp
aux1: 0x3
aux2: 0x3
p1: 157117003683, p2: 157119280794, 2277111

Btw, just for my own understanding: if we don't intercept RDTSCP, does
it get emulated? Where does the TSC value come from, qemu?

Here's the program.

---

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

typedef unsigned long long u64;

#define DECLARE_ARGS(val, low, high)    unsigned low, high
#define EAX_EDX_VAL(val, low, high)     ((low) | ((u64)(high) << 32))
#define EAX_EDX_ARGS(val, low, high)    "a" (low), "d" (high)
#define EAX_EDX_RET(val, low, high)     "=a" (low), "=d" (high)

static __always_inline unsigned long long rdtscp(unsigned int *aux)
{
	unsigned int lo, hi;

        asm volatile("rdtscp" : "=a" (lo), "=d" (hi), "=c" (*aux));

        return EAX_EDX_VAL(0, lo, hi);
}

int main()
{
	unsigned long long p1, p2;
	unsigned int aux;

	p1 = rdtscp(&aux);
	printf("aux1: 0x%x\n", aux);
	p2 = rdtscp(&aux);
	printf("aux2: 0x%x\n", aux);

	printf("p1: %llu, p2: %llu, %lld\n", p1, p2, p2 - p1);

	return 0;
}

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.