Re: Questions about TSC virtualization in KVM

[Sean Christopherson <seanjc@google.com>]

On Tue, Oct 24, 2023, Yifei Ma wrote:
> Hi KVM community,
> 
>    I am trying to figure out how TSC is virtualized in KVM-VMX world.
>    According to the kernel documentation, reading TSC register through MSR
>    can be trapped into KVM and VMX. I am trying to figure out the KVM code
>    handing this trap.

Key word "can".  KVM chooses not to intercept RDMSR to MSR_IA32_TSC because
hardware handles the necessary offset and scaling.  KVM does still emulate reads
in kvm_get_msr_common(), e.g. if KVM is forced to emulate a RDMSR, but that's a
very, very uncommon path.

Ditto for the RDTSC instruction, which isn't subject to MSR intercpetion bitmaps
and has a dedicated control.  KVM will emulate RDTSC if KVM is already emulating,
but otherwise the guest can execute RDTSC without triggering a VM-Exit.

Modern CPUs provide both a offset and a scaling factor for VMX guests, i.e. the
CPU itself virtualizes guest TSC.  See the RDMSR and RDTSC bullet points in the
"CHANGES TO INSTRUCTION BEHAVIOR IN VMX NON-ROOT OPERATION" section of the SDM
for details.

>    In order to understand it, I have run a kernel traced by GDB, and added
>    break points to the code I thought they may handle the MSR trap, e.g.,
>    kvm_get_msr, vmx_exec_control, etc. Then ran rdtsc from guest application,
>    however, it  didn’t trigger these breakpoints. I am a little lost in how
>    TSC is virtualized.
>
>    Two questions:
>    - does the TSC MRS instructions are emulated and trapped into KVM?

Nope, see above.

>    - if TSC is trapped, which code handles it?

Also see above :-)

> Any background about TSC virtualization and suggestions on tracing its
> virtualization are appreciated.