From: Kiryl Shutsemau <kas@kernel.org>
To: Sean Christopherson <seanjc@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "K. Y. Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Long Li <longli@microsoft.com>,
Ajay Kaher <ajay.kaher@broadcom.com>,
Alexey Makhalov <alexey.makhalov@broadcom.com>,
Jan Kiszka <jan.kiszka@siemens.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Juergen Gross <jgross@suse.com>,
Daniel Lezcano <daniel.lezcano@kernel.org>,
John Stultz <jstultz@google.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Broadcom internal kernel review list
<bcm-kernel-feedback-list@broadcom.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Stephen Boyd <sboyd@kernel.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-coco@lists.linux.dev, linux-hyperv@vger.kernel.org,
virtualization@lists.linux.dev, xen-devel@lists.xenproject.org,
David Woodhouse <dwmw@amazon.co.uk>,
Tom Lendacky <thomas.lendacky@amd.com>,
Nikunj A Dadhania <nikunj@amd.com>,
David Woodhouse <dwmw2@infradead.org>,
Michael Kelley <mhklinux@outlook.com>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH v4 07/47] x86/tdx: Force TSC frequency with CPUID-based info provided by the TDX-Module
Date: Wed, 3 Jun 2026 11:02:19 +0100 [thread overview]
Message-ID: <ah_7jEMnqs80gXLG@thinkstation> (raw)
In-Reply-To: <20260529144435.704127-8-seanjc@google.com>
On Fri, May 29, 2026 at 07:43:54AM -0700, Sean Christopherson wrote:
> When running as a TDX guest, explicitly set the TSC frequency to a known
> value, using CPUID-based information, instead of potentially relying on a
> hypervisor-controlled PV routine. For TDX guests, CPUID.0x15 is always
> emulated by the TDX-Module, i.e. the information from CPUID is more
> trustworthy than the information provided by the hypervisor.
Right. EBX is configurable by TD_PARAMS.TSC_FREQUENCY at TD build. The
rest is fixed.
> To maintain backwards compatibility with TDX guest kernels that use native
> calibration, and because it's the least awful option, retain
> native_calibrate_tsc()'s stuffing of the local APIC bus period using the
> core crystal frequency. While it's entirely possible for the hypervisor
> to emulate the APIC timer at a different frequency than the core crystal
> frequency, the commonly accepted interpretation of Intel's SDM is that APIC
> timer runs at the core crystal frequency when that latter is enumerated via
> CPUID:
>
> The APIC timer frequency will be the processor’s bus clock or core
> crystal clock frequency (when TSC/core crystal clock ratio is enumerated
> in CPUID leaf 0x15).
>
> If the hypervisor is malicious and deliberately runs the APIC timer at the
> wrong frequency, nothing would stop the hypervisor from modifying the
> frequency at any time, i.e. attempting to manually calibrate the frequency
> out of paranoia would be futile.
Agreed.
> Deliberately leave CPU frequency calibration as is, since the TDX-Module
> doesn't provide any guarantees with respect to CPUID.0x16.
It is fixed to zeros. Sounds like a guarantee to me :P
> Signed-off-by: Sean Christopherson <seanjc@google.com>
Looks sane to me. Including your reasoning about tsc_early_khz= in reply
to Sashiko.
Reviewed-by: Kiryl Shutsemau (Meta) <kas@kernel.org>
--
Kiryl Shutsemau / Kirill A. Shutemov
next prev parent reply other threads:[~2026-06-03 10:02 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-29 14:43 [PATCH v4 00/47] x86: Try to wrangle PV clocks vs. TSC Sean Christopherson
2026-05-29 14:43 ` [PATCH v4 01/47] x86/tsc: Never re-calibrate TSC frequency if its exact timing is known Sean Christopherson
2026-05-30 3:07 ` Borislav Petkov
2026-06-01 21:46 ` [PATCH v4 1/47] " David Woodhouse
2026-06-05 12:33 ` [PATCH v4 01/47] " Thomas Gleixner
2026-06-05 18:04 ` Sean Christopherson
2026-06-05 19:51 ` Thomas Gleixner
2026-05-29 14:43 ` [PATCH v4 02/47] x86/tsc: Add a standalone helpers for getting TSC info from CPUID.0x15 Sean Christopherson
2026-06-02 3:49 ` Borislav Petkov
2026-06-05 12:37 ` Thomas Gleixner
2026-05-29 14:43 ` [PATCH v4 03/47] x86/sev: Mark TSC as reliable when configuring Secure TSC Sean Christopherson
2026-05-29 14:43 ` [PATCH v4 04/47] x86/sev: Don't override CPU frequency calibration for SNP's " Sean Christopherson
2026-05-29 15:44 ` sashiko-bot
2026-05-29 14:43 ` [PATCH v4 05/47] x86/sev: Move check for SNP Secure TSC support to tsc_early_init() Sean Christopherson
2026-05-29 14:43 ` [PATCH v4 06/47] x86/sev: Shove SNP's secure/trusted TSC frequency directly into "calibration" Sean Christopherson
2026-05-29 16:14 ` sashiko-bot
2026-05-29 16:23 ` Sean Christopherson
2026-05-29 14:43 ` [PATCH v4 07/47] x86/tdx: Force TSC frequency with CPUID-based info provided by the TDX-Module Sean Christopherson
2026-05-29 16:21 ` sashiko-bot
2026-05-29 16:59 ` Sean Christopherson
2026-06-03 10:02 ` Kiryl Shutsemau [this message]
2026-05-29 14:43 ` [PATCH v4 08/47] x86/tsc: Add dedicated hypervisor hooks for getting known TSC/CPU frequencies Sean Christopherson
2026-06-01 21:49 ` [PATCH v4 8/47] " David Woodhouse
2026-05-29 14:43 ` [PATCH v4 09/47] x86/acrn: Mark TSC frequency as known when using ACRN for calibration Sean Christopherson
2026-05-29 16:40 ` sashiko-bot
2026-05-29 17:01 ` Sean Christopherson
2026-05-29 14:43 ` [PATCH v4 10/47] x86/tsc: Consolidate forcing of X86_FEATURE_TSC_KNOWN_FREQ for PV code Sean Christopherson
2026-05-29 19:01 ` sashiko-bot
2026-05-29 14:43 ` [PATCH v4 11/47] x86/tsc: Kill off x86_platform_ops.calibrate_{cpu,tsc}() hooks Sean Christopherson
2026-06-01 21:51 ` David Woodhouse
2026-05-29 14:43 ` [PATCH v4 12/47] x86/tsc: Rename pit_hpet_ptimer_calibrate_cpu() => native_calibrate_cpu_late() Sean Christopherson
2026-06-01 21:52 ` David Woodhouse
2026-05-29 14:44 ` [PATCH v4 13/47] x86/tsc: Fold native_calibrate_cpu() into recalibrate_cpu_khz() Sean Christopherson
2026-06-01 21:52 ` David Woodhouse
2026-05-29 14:44 ` [PATCH v4 14/47] x86/kvmclock: Rename kvm_get_tsc_khz() to kvmclock_get_tsc_khz() Sean Christopherson
2026-06-01 21:53 ` David Woodhouse
2026-05-29 14:44 ` [PATCH v4 15/47] KVM: x86: Officially define CPUID 0x40000010 as PV Timing Info (TSC and Bus) Sean Christopherson
2026-05-29 14:44 ` [PATCH v4 16/47] x86/kvm: Obtain TSC frequency from PV CPUID if present Sean Christopherson
2026-05-29 14:44 ` [PATCH v4 17/47] x86/kvm: Mark TSC as reliable when it's constant and nonstop Sean Christopherson
2026-05-29 18:12 ` sashiko-bot
2026-05-29 18:57 ` Sean Christopherson
2026-06-01 22:02 ` David Woodhouse
2026-05-29 14:44 ` [PATCH v4 18/47] x86/kvm: Get local APIC bus frequency from PV CPUID Timing Info Sean Christopherson
2026-05-29 18:12 ` sashiko-bot
2026-05-29 18:24 ` Sean Christopherson
2026-06-01 22:06 ` David Woodhouse
2026-05-29 14:44 ` [PATCH v4 19/47] x86/tsc: Add standalone helper for getting CPU frequency from CPUID Sean Christopherson
2026-05-29 14:44 ` [PATCH v4 20/47] x86/kvm: Get CPU base frequency from CPUID when it's available Sean Christopherson
2026-05-30 6:24 ` sashiko-bot
2026-05-29 14:44 ` [PATCH v4 21/47] x86/xen: Obtain TSC frequency from CPUID if present Sean Christopherson
2026-05-30 6:35 ` sashiko-bot
2026-05-29 14:44 ` [PATCH v4 22/47] clocksource: hyper-v: Register sched_clock save/restore iff it's necessary Sean Christopherson
2026-05-29 14:44 ` [PATCH v4 23/47] clocksource: hyper-v: Drop wrappers to sched_clock save/restore helpers Sean Christopherson
2026-05-29 14:44 ` [PATCH v4 24/47] clocksource: hyper-v: Don't save/restore TSC offset when using HV sched_clock Sean Christopherson
2026-05-29 14:44 ` [PATCH v4 25/47] x86/kvmclock: Setup kvmclock for secondary CPUs iff CONFIG_SMP=y Sean Christopherson
2026-05-29 14:44 ` [PATCH v4 26/47] x86/kvm: Don't disable kvmclock on BSP in syscore_suspend() Sean Christopherson
2026-05-30 7:08 ` sashiko-bot
2026-05-29 15:06 ` [PATCH v4 27/47] x86/paravirt: Remove unnecessary PARAVIRT=n stub for paravirt_set_sched_clock() Sean Christopherson
2026-05-29 15:07 ` [PATCH v4 28/47] x86/paravirt: Move handling of unstable PV clocks into paravirt_set_sched_clock() Sean Christopherson
2026-05-29 15:07 ` [PATCH v4 29/47] x86/kvmclock: Move sched_clock save/restore helpers up in kvmclock.c Sean Christopherson
2026-05-29 15:07 ` [PATCH v4 30/47] x86/xen/time: NOP-ify x86_platform's sched_clock save/restore hooks Sean Christopherson
2026-06-01 22:09 ` David Woodhouse
2026-05-29 15:07 ` [PATCH v4 31/47] x86/vmware: NOP-ify save/restore hooks when using VMware's sched_clock Sean Christopherson
2026-06-01 22:09 ` David Woodhouse
2026-05-29 15:07 ` [PATCH v4 32/47] x86/tsc: WARN if TSC sched_clock save/restore used with PV sched_clock Sean Christopherson
2026-05-29 15:07 ` [PATCH v4 33/47] x86/paravirt: Pass sched_clock save/restore helpers during registration Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 34/47] x86/kvmclock: Move kvm_sched_clock_init() down in kvmclock.c Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 35/47] x86/xen/time: Mark xen_setup_vsyscall_time_info() as __init Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 36/47] x86/pvclock: Mark setup helpers and related various as __init/__ro_after_init Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 37/47] x86/pvclock: WARN if pvclock's valid_flags are overwritten Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 38/47] x86/kvmclock: Refactor handling of PVCLOCK_TSC_STABLE_BIT during kvmclock_init() Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 39/47] timekeeping: Resume clocksources before reading persistent clock Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 40/47] x86/kvmclock: Hook clocksource.suspend/resume when kvmclock isn't sched_clock Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 41/47] x86/kvmclock: WARN if wall clock is read while kvmclock is suspended Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 42/47] x86/paravirt: Mark __paravirt_set_sched_clock() as __init Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 43/47] x86/paravirt: Plumb a return code into __paravirt_set_sched_clock() Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 44/47] x86/paravirt: Don't use a PV sched_clock in CoCo guests with trusted TSC Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 45/47] x86/kvmclock: Use TSC for sched_clock if it's constant and non-stop Sean Christopherson
2026-05-29 15:08 ` [PATCH v4 46/47] x86/kvmclock: Plumb in AP-online and BSP-resume to kvmlock, for documentation Sean Christopherson
2026-06-01 22:09 ` David Woodhouse
2026-05-29 15:08 ` [PATCH v4 47/47] x86/paravirt: Move using_native_sched_clock() stub into timer.h Sean Christopherson
2026-05-29 15:10 ` [PATCH v4 00/47] x86: Try to wrangle PV clocks vs. TSC Sean Christopherson
2026-05-29 15:17 ` Jürgen Groß
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ah_7jEMnqs80gXLG@thinkstation \
--to=kas@kernel.org \
--cc=ajay.kaher@broadcom.com \
--cc=alexey.makhalov@broadcom.com \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=daniel.lezcano@kernel.org \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=dwmw2@infradead.org \
--cc=dwmw@amazon.co.uk \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=jan.kiszka@siemens.com \
--cc=jgross@suse.com \
--cc=jstultz@google.com \
--cc=kvm@vger.kernel.org \
--cc=kys@microsoft.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longli@microsoft.com \
--cc=luto@kernel.org \
--cc=mhklinux@outlook.com \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=sboyd@kernel.org \
--cc=seanjc@google.com \
--cc=tglx@kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux.dev \
--cc=vkuznets@redhat.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.