From: Nikunj A Dadhania <nikunj@amd.com>
To: <seanjc@google.com>, <pbonzini@redhat.com>
Cc: <kvm@vger.kernel.org>, <thomas.lendacky@amd.com>,
<santosh.shukla@amd.com>, <nikunj@amd.com>
Subject: [PATCH] KVM: SVM: Add module parameter to control SEV-SNP Secure TSC feature
Date: Wed, 29 Oct 2025 05:57:53 +0000 [thread overview]
Message-ID: <20251029055753.5742-1-nikunj@amd.com> (raw)
Add a module parameter secure_tsc to allow control of the SEV-SNP Secure
TSC feature at module load time, providing administrators with the ability
to disable Secure TSC support even when the hardware and kernel support it.
Default the parameter to enabled (true) to maintain existing behavior when
the feature is supported. Set the parameter to false if the feature cannot
be enabled to reflect the actual state.
Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
---
arch/x86/kvm/svm/sev.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 0835c664fbfd..1f359e31104f 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -56,6 +56,11 @@ module_param_named(sev_snp, sev_snp_enabled, bool, 0444);
/* enable/disable SEV-ES DebugSwap support */
static bool sev_es_debug_swap_enabled = true;
module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444);
+
+/* enable/disable Secure TSC support */
+static bool sev_snp_secure_tsc_enabled = true;
+module_param_named(secure_tsc, sev_snp_secure_tsc_enabled, bool, 0444);
+
static u64 sev_supported_vmsa_features;
static unsigned int nr_ciphertext_hiding_asids;
@@ -3147,8 +3152,11 @@ void __init sev_hardware_setup(void)
if (sev_es_debug_swap_enabled)
sev_supported_vmsa_features |= SVM_SEV_FEAT_DEBUG_SWAP;
- if (sev_snp_enabled && tsc_khz && cpu_feature_enabled(X86_FEATURE_SNP_SECURE_TSC))
+ if (sev_snp_enabled && sev_snp_secure_tsc_enabled &&
+ tsc_khz && cpu_feature_enabled(X86_FEATURE_SNP_SECURE_TSC))
sev_supported_vmsa_features |= SVM_SEV_FEAT_SECURE_TSC;
+ else
+ sev_snp_secure_tsc_enabled = false;
}
void sev_hardware_unsetup(void)
base-commit: 6b36119b94d0b2bb8cea9d512017efafd461d6ac
--
2.48.1
next reply other threads:[~2025-10-29 5:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-29 5:57 Nikunj A Dadhania [this message]
2025-10-29 13:18 ` [PATCH] KVM: SVM: Add module parameter to control SEV-SNP Secure TSC feature Tom Lendacky
2025-10-29 13:58 ` Sean Christopherson
2025-10-29 15:38 ` Tom Lendacky
2025-10-29 16:52 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251029055753.5742-1-nikunj@amd.com \
--to=nikunj@amd.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=santosh.shukla@amd.com \
--cc=seanjc@google.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox