From: Sean Christopherson <seanjc@google.com>
To: "Nikunj A. Dadhania" <nikunj@amd.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Thomas Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>,
Borislav Petkov <bp@alien8.de>,
Vaishali Thakkar <vaishali.thakkar@suse.com>,
Kai Huang <kai.huang@intel.com>,
David.Kaplan@amd.com
Subject: Re: [PATCH v11 8/8] KVM: SVM: Enable Secure TSC for SNP guests
Date: Wed, 20 Aug 2025 06:01:40 -0700 [thread overview]
Message-ID: <aKXHNDiKys9y8Xdw@google.com> (raw)
In-Reply-To: <c3e638e9-631f-47af-b0d2-06cea949ec1e@amd.com>
On Wed, Aug 20, 2025, Nikunj A. Dadhania wrote:
>
>
> On 8/20/2025 5:18 AM, Sean Christopherson wrote:
> > From: Nikunj A Dadhania <nikunj@amd.com>
> >
> > @@ -2195,6 +2206,12 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
> >
> > start.gctx_paddr = __psp_pa(sev->snp_context);
> > start.policy = params.policy;
> > +
> > + if (snp_is_secure_tsc_enabled(kvm)) {
> > + WARN_ON_ONCE(!kvm->arch.default_tsc_khz);
>
> Any particular reason to drop the the following change:
>
> + if (WARN_ON(!kvm->arch.default_tsc_khz)) {
> + rc = -EINVAL;
> + goto e_free_context;
> + }
Based on this conversation[*], both Kai and I expected KVM to let firmware deal
with the should-be-impossible situation.
On Tue, Jul 8, 2025 at 9:15 PM Nikunj A. Dadhania <nikunj@amd.com> wrote:
> On 7/8/2025 8:04 PM, Sean Christopherson wrote:
> > On Tue, Jul 08, 2025, Kai Huang wrote:
> >>>> Even some bug results in the default_tsc_khz being 0, will the
> >>>> SNP_LAUNCH_START command catch this and return error?
> >>>
> >>> No, that is an invalid configuration, desired_tsc_khz is set to 0 when
> >>> SecureTSC is disabled. If SecureTSC is enabled, desired_tsc_khz should
> >>> have correct value.
> >>
> >> So it's an invalid configuration that when Secure TSC is enabled and
> >> desired_tsc_khz is 0. Assuming the SNP_LAUNCH_START will return an error
> >> if such configuration is used, wouldn't it be simpler if you remove the
> >> above check and depend on the SNP_LAUNCH_START command to catch the
> >> invalid configuration?
> >
> > Support for secure TSC should depend on tsc_khz being non-zero. That way it'll
> > be impossible for arch.default_tsc_khz to be zero at runtime. Then KVM can WARN
> > on arch.default_tsc_khz being zero during SNP_LAUNCH_START.
>
> Sure.
https://lore.kernel.org/all/c327df02-c2eb-41e7-9402-5a16aa211265@amd.com
>
> As this is an unsupported configuration as per the SEV SNP Firmware ABI Specification:
Right, but what happens if KVM manages to pass in '0' for the frequency? Does
SNP_LAUNCH_START fail? If so, bailing from KVM doesn't seem to add any value.
>
> 8.16 SNP_LAUNCH_START
>
> DESIRED_TSC_FREQ
> Hypervisor-desired mean TSC frequency in KHz of the guest. This field has no
> effect if guests do not enable Secure TSC in the VMSA. The hypervisor should
> set this field to 0h if it *does not support Secure TSC* for this guest.
>
> > + start.desired_tsc_khz = kvm->arch.default_tsc_khz;
> > + }
> > +
> Regards,Nikunj
next prev parent reply other threads:[~2025-08-20 13:01 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-19 23:48 [PATCH v11 0/8] KVM: SVM: Enable Secure TSC for SEV-SNP Sean Christopherson
2025-08-19 23:48 ` [PATCH v11 1/8] KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it Sean Christopherson
2025-08-19 23:48 ` [PATCH v11 2/8] KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests Sean Christopherson
2025-08-19 23:48 ` [PATCH v11 3/8] x86/cpufeatures: Add SNP Secure TSC Sean Christopherson
2025-08-19 23:48 ` [PATCH v11 4/8] KVM: SVM: Move SEV-ES VMSA allocation to a dedicated sev_vcpu_create() helper Sean Christopherson
2025-08-20 9:00 ` Nikunj A. Dadhania
2025-08-19 23:48 ` [PATCH v11 5/8] KVM: SEV: Move init of SNP guest state into sev_init_vmcb() Sean Christopherson
2025-08-20 9:21 ` Nikunj A. Dadhania
2025-08-19 23:48 ` [PATCH v11 6/8] KVM: SEV: Set RESET GHCB MSR value during sev_es_init_vmcb() Sean Christopherson
2025-08-20 9:32 ` Nikunj A. Dadhania
2025-08-19 23:48 ` [PATCH v11 7/8] KVM: SEV: Fold sev_es_vcpu_reset() into sev_vcpu_create() Sean Christopherson
2025-08-20 9:33 ` Nikunj A. Dadhania
2025-08-19 23:48 ` [PATCH v11 8/8] KVM: SVM: Enable Secure TSC for SNP guests Sean Christopherson
2025-08-20 4:53 ` Nikunj A. Dadhania
2025-08-20 13:01 ` Sean Christopherson [this message]
2025-08-20 13:11 ` Nikunj A. Dadhania
2025-08-20 8:48 ` [PATCH v11 0/8] KVM: SVM: Enable Secure TSC for SEV-SNP Nikunj A. Dadhania
2025-08-20 11:25 ` Huang, Kai
2025-08-20 11:30 ` Nikunj A. Dadhania
2025-08-20 15:10 ` Sean Christopherson
2025-08-21 21:35 ` Sean Christopherson
2025-08-25 5:37 ` Nikunj A. Dadhania
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aKXHNDiKys9y8Xdw@google.com \
--to=seanjc@google.com \
--cc=David.Kaplan@amd.com \
--cc=bp@alien8.de \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=thomas.lendacky@amd.com \
--cc=vaishali.thakkar@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.