From: Sean Christopherson <seanjc@google.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Nikunj A Dadhania <nikunj@amd.com>,
linux-kernel@vger.kernel.org, bp@alien8.de, x86@kernel.org,
tglx@linutronix.de, mingo@redhat.com,
dave.hansen@linux.intel.com, santosh.shukla@amd.com
Subject: Re: [PATCH v2] x86/sev: Improve handling of writes to intercepted TSC MSRs
Date: Wed, 16 Jul 2025 07:07:50 -0700 [thread overview]
Message-ID: <aHeyNvzvbgrWAob5@google.com> (raw)
In-Reply-To: <229325e8-a461-6e5c-0d32-1c36086b62f7@amd.com>
On Wed, Jul 16, 2025, Tom Lendacky wrote:
> On 7/16/25 00:53, Nikunj A Dadhania wrote:
> > From: Sean Christopherson <seanjc@google.com>
> >
> > Currently, when a Secure TSC enabled SNP guest attempts to write to the
> > intercepted GUEST_TSC_FREQ MSR (a read-only MSR), the guest kernel response
> > incorrectly implies a VMM configuration error, when in fact it is the usual
> > VMM configuration to intercept writes to read-only MSRs, unless explicitly
> > documented.
> >
> > Modify the intercepted TSC MSR #VC handling:
> > * Write to GUEST_TSC_FREQ will generate a #GP instead of terminating the
> > guest
> > * Write to MSR_IA32_TSC will generate a #GP instead of silently ignoring it
> >
> > Add a WARN_ONCE to log the incident, as well-behaved SNP guest kernels
> > should never attempt to write to these MSRs.
> >
> > However, continue to terminate the guest when reading from intercepted
> > GUEST_TSC_FREQ MSR with Secure TSC enabled, as intercepted reads indicate
> > an improper VMM configuration for Secure TSC enabled SNP guests.
> >
> > Signed-off-by: Sean Christopherson <seanjc@google.com>
Feel free to drop me as author and just give me a Reported-by or Suggested-by.
At this point, I ain't doing a whole lot of anything for this patch :-)
> > + if (WARN_ON_ONCE(write)) {
>
> Do we want to capture individual WARNs for each MSR? I guess I'm ok with
> a single WARN for either MSR, but just asking the question.
Or don't WARN at all. If the caller is doing a bare wrmsrq(), then the kernel
will WARN in ex_handler_msr(). If the caller is doing wrmsrq_safe(), do we care
that they're being deliberately weird?
next prev parent reply other threads:[~2025-07-16 14:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-16 5:53 [PATCH v2] x86/sev: Improve handling of writes to intercepted TSC MSRs Nikunj A Dadhania
2025-07-16 13:09 ` Tom Lendacky
2025-07-16 13:59 ` Nikunj A Dadhania
2025-07-16 14:07 ` Sean Christopherson [this message]
2025-07-18 3:42 ` Nikunj A Dadhania
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aHeyNvzvbgrWAob5@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=santosh.shukla@amd.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.