From: Nikunj A Dadhania <nikunj@amd.com>
To: <linux-kernel@vger.kernel.org>, <thomas.lendacky@amd.com>,
<bp@alien8.de>, <x86@kernel.org>, <kvm@vger.kernel.org>
Cc: <mingo@redhat.com>, <tglx@linutronix.de>,
<dave.hansen@linux.intel.com>, <pgonda@google.com>,
<seanjc@google.com>, <pbonzini@redhat.com>, <nikunj@amd.com>
Subject: [PATCH v14 05/13] x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests
Date: Mon, 28 Oct 2024 11:04:23 +0530 [thread overview]
Message-ID: <20241028053431.3439593-6-nikunj@amd.com> (raw)
In-Reply-To: <20241028053431.3439593-1-nikunj@amd.com>
The hypervisor should not be intercepting RDTSC/RDTSCP when Secure TSC is
enabled. A #VC exception will be generated if the RDTSC/RDTSCP instructions
are being intercepted. If this should occur and Secure TSC is enabled,
guest execution should be terminated as the guest cannot rely on the TSC
value provided by the hypervisor.
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Tested-by: Peter Gonda <pgonda@google.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/coco/sev/shared.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/arch/x86/coco/sev/shared.c b/arch/x86/coco/sev/shared.c
index 71de53194089..c2a9e2ada659 100644
--- a/arch/x86/coco/sev/shared.c
+++ b/arch/x86/coco/sev/shared.c
@@ -1140,6 +1140,16 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghcb,
bool rdtscp = (exit_code == SVM_EXIT_RDTSCP);
enum es_result ret;
+ /*
+ * RDTSC and RDTSCP should not be intercepted when Secure TSC is
+ * enabled. Terminate the SNP guest when the interception is enabled.
+ * This file is included from kernel/sev.c and boot/compressed/sev.c,
+ * use sev_status here as cc_platform_has() is not available when
+ * compiling boot/compressed/sev.c.
+ */
+ if (sev_status & MSR_AMD64_SNP_SECURE_TSC)
+ return ES_VMM_ERROR;
+
ret = sev_es_ghcb_hv_call(ghcb, ctxt, exit_code, 0, 0);
if (ret != ES_OK)
return ret;
--
2.34.1
next prev parent reply other threads:[~2024-10-28 5:35 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-28 5:34 [PATCH v14 00/13] Add Secure TSC support for SNP guests Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 01/13] x86/sev: Carve out and export SNP guest messaging init routines Nikunj A Dadhania
2024-10-29 17:43 ` Borislav Petkov
2024-10-30 4:44 ` Nikunj A. Dadhania
2024-10-30 10:10 ` Borislav Petkov
2024-10-28 5:34 ` [PATCH v14 02/13] x86/sev: Relocate SNP guest messaging routines to common code Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 03/13] x86/sev: Add Secure TSC support for SNP guests Nikunj A Dadhania
2024-10-29 8:41 ` Xiaoyao Li
2024-10-29 8:46 ` Nikunj A. Dadhania
2024-10-29 9:19 ` Xiaoyao Li
2024-10-29 14:27 ` Borislav Petkov
2024-10-29 14:34 ` Tom Lendacky
2024-10-29 14:49 ` Borislav Petkov
2024-10-29 14:50 ` Xiaoyao Li
2024-10-29 15:03 ` Borislav Petkov
2024-10-29 15:14 ` Xiaoyao Li
2024-10-29 15:57 ` Borislav Petkov
2024-10-29 16:50 ` Dave Hansen
2024-10-29 17:05 ` Borislav Petkov
2024-10-30 11:55 ` Nikunj A. Dadhania
2024-11-01 16:00 ` Borislav Petkov
2024-11-11 7:03 ` Nikunj A. Dadhania
2024-11-11 8:46 ` Nikunj A. Dadhania
2024-11-11 10:51 ` Borislav Petkov
2024-11-11 11:23 ` Nikunj A. Dadhania
2024-11-11 11:30 ` Borislav Petkov
2024-11-11 11:44 ` Nikunj A. Dadhania
2024-11-11 13:42 ` Borislav Petkov
2024-11-12 8:43 ` Nikunj A. Dadhania
2024-11-11 10:34 ` Borislav Petkov
2024-10-28 5:34 ` [PATCH v14 04/13] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Nikunj A Dadhania
2024-11-01 16:40 ` Borislav Petkov
2024-11-11 7:06 ` Nikunj A. Dadhania
2024-10-28 5:34 ` Nikunj A Dadhania [this message]
2024-11-11 15:53 ` [PATCH v14 05/13] x86/sev: Prevent RDTSC/RDTSCP interception " Borislav Petkov
2024-11-11 16:39 ` Nikunj A. Dadhania
2024-11-11 17:03 ` Borislav Petkov
2024-10-28 5:34 ` [PATCH v14 06/13] x86/sev: Prevent GUEST_TSC_FREQ MSR " Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 07/13] x86/sev: Mark Secure TSC as reliable clocksource Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 08/13] x86/cpu/amd: Do not print FW_BUG for Secure TSC Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 09/13] tsc: Use the GUEST_TSC_FREQ MSR for discovering TSC frequency Nikunj A Dadhania
2024-10-29 3:02 ` Xiaoyao Li
2024-10-29 3:56 ` Nikunj A. Dadhania
2024-10-29 9:15 ` Xiaoyao Li
2024-10-29 9:36 ` Nikunj A. Dadhania
2024-10-28 5:34 ` [PATCH v14 10/13] tsc: Upgrade TSC clocksource rating Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 11/13] tsc: Switch to native sched clock Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 12/13] x86/kvmclock: Abort SecureTSC enabled guest when kvmclock is selected Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 13/13] x86/sev: Allow Secure TSC feature for SNP guests Nikunj A Dadhania
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241028053431.3439593-6-nikunj@amd.com \
--to=nikunj@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox