From: Sean Christopherson <seanjc@google.com>
To: "Nikunj A. Dadhania" <nikunj@amd.com>
Cc: pbonzini@redhat.com, kvm@vger.kernel.org,
thomas.lendacky@amd.com, santosh.shukla@amd.com, bp@alien8.de,
isaku.yamahata@intel.com, vaishali.thakkar@suse.com,
kai.huang@intel.com
Subject: Re: [PATCH v8 2/2] KVM: SVM: Enable Secure TSC for SNP guests
Date: Wed, 9 Jul 2025 06:02:04 -0700 [thread overview]
Message-ID: <aG5oTKtWWqhwoFlI@google.com> (raw)
In-Reply-To: <63f08c9e-b228-4282-bd08-454ccdf53ecf@amd.com>
On Wed, Jul 09, 2025, Nikunj A. Dadhania wrote:
> On 7/8/2025 8:07 PM, Sean Christopherson wrote:
> > On Mon, Jul 07, 2025, Nikunj A Dadhania wrote:
> >> Introduce the read-only MSR GUEST_TSC_FREQ (0xc0010134) that returns
> >> guest's effective frequency in MHZ when Secure TSC is enabled for SNP
> >> guests. Disable interception of this MSR when Secure TSC is enabled. Note
> >> that GUEST_TSC_FREQ MSR is accessible only to the guest and not from the
> >> hypervisor context.
> >
> > ...
> >
> >> @@ -4487,6 +4512,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
> >>
> >> /* Can't intercept XSETBV, HV can't modify XCR0 directly */
> >> svm_clr_intercept(svm, INTERCEPT_XSETBV);
> >> +
> >> + if (snp_secure_tsc_enabled(svm->vcpu.kvm))
> >> + svm_disable_intercept_for_msr(&svm->vcpu, MSR_AMD64_GUEST_TSC_FREQ, MSR_TYPE_RW);
> >
> > KVM shouldn't be disabling write interception for a read-only MSR.
>
> Few of things to consider here:
> 1) GUEST_TSC_FREQ is a *guest only* MSR and what is the point in KVM intercepting writes
> to that MSR.
Because there's zero point in not intercepting writes, and KVM shouldn't do
things for no reason as doing so tends to confuse readers. E.g. I reacted to
this because I didn't read the changelog first, and was surprised that the guest
could adjust its TSC frequency (which it obviously can't, but that's what the
code implies to me).
> The guest vCPU handles it appropriately when interception is disabled.
>
> 2) Guest does not expect GUEST_TSC_FREQ MSR to be intercepted(read or write), guest
> will terminate if GUEST_TSC_FREQ MSR is intercepted by the hypervisor:
But it's read-only, the guest shouldn't be writing. If the vCPU handles #GPs
appropriately, then it should have no problem handling #VCs on bad writes.
> 38cc6495cdec x86/sev: Prevent GUEST_TSC_FREQ MSR interception for Secure TSC enabled guests
That's a guest bug, it shouldn't be complaining about the host intercepting writes.
next prev parent reply other threads:[~2025-07-09 13:02 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-07 10:10 [PATCH v8 0/2] Enable Secure TSC for SEV-SNP Nikunj A Dadhania
2025-07-07 10:10 ` [PATCH v8 1/2] x86/cpufeatures: Add SNP Secure TSC Nikunj A Dadhania
2025-07-07 10:10 ` [PATCH v8 2/2] KVM: SVM: Enable Secure TSC for SNP guests Nikunj A Dadhania
2025-07-07 13:34 ` Tom Lendacky
2025-07-08 2:21 ` Huang, Kai
2025-07-08 6:45 ` Nikunj A. Dadhania
2025-07-08 10:48 ` Huang, Kai
2025-07-08 14:34 ` Sean Christopherson
2025-07-08 22:42 ` Huang, Kai
2025-07-09 4:14 ` Nikunj A. Dadhania
2025-07-08 7:16 ` Xiaoyao Li
2025-07-08 10:53 ` Huang, Kai
2025-07-08 14:42 ` Sean Christopherson
2025-07-08 22:56 ` Huang, Kai
2025-07-08 23:08 ` Sean Christopherson
2025-07-09 5:54 ` Huang, Kai
2025-07-08 14:37 ` Sean Christopherson
2025-07-09 4:12 ` Nikunj A. Dadhania
2025-07-09 13:02 ` Sean Christopherson [this message]
2025-07-10 10:59 ` Nikunj A Dadhania
2025-07-10 13:20 ` Sean Christopherson
2025-07-10 15:04 ` Nikunj A. Dadhania
2025-07-10 23:30 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aG5oTKtWWqhwoFlI@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=santosh.shukla@amd.com \
--cc=thomas.lendacky@amd.com \
--cc=vaishali.thakkar@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.