Re: [RFC PATCH 0/5] Enable Secure TSC for SEV-SNP

[Isaku Yamahata <isaku.yamahata@intel.com>]

On Thu, Aug 29, 2024 at 11:07:43AM +0530,
Nikunj A Dadhania <nikunj@amd.com> wrote:

> TSC value calculations for the guest are controlled by the hypervisor. A
> malicious hypervisor can prevent guest from moving forward. The Secure TSC
> feature for SEV-SNP allows guests to securely use the RDTSC and RDTSCP
> instructions. This ensures the guest gets a consistent view of time and
> prevents a malicious hypervisor from making it appear that time rolls
> backwards, advancing at an unusually fast rate, or employing similar tricks.
> For more details, please refer to "Secure Nested Paging (SEV-SNP)" section,
> subsection "Secure TSC" of APM Volume 2

Hello. Although I replied at [1], let raise this here too.

Don't we need to prevent the KVM from modifying KVM vcpu tsc offset/multiplier
(vcpu->arch.tsc_offset etc.)?

As long as I understand, the spec (APM volume2) says the timer interrupt (TSC
deadline timer or local APIC timer) is not virtualized by hardware so that KVM
emulates timer interrupt.
If KVM modifies guest offset/multiplier from the original value
(the SEV-SNP secure tsc uses or the TDX module uses), the timer interrupt
emulation by KVM will be inaccurate.  It's injected late or early than
the guest expects.

Please notice that kvm_arch_vcpu_create() calls
kvm_set_tsc_khz(vcpu, vcpu->kvm->arch.default_tsc_khz) after
kvm_x86_call(vcpu_create)().


[1] https://lore.kernel.org/kvm/Zz%2FDGOoo%2FmEvULiG@ls.amr.corp.intel.com/


> This patchset is also available at:
> 
>   https://github.com/AMDESE/linux-kvm/tree/sectsc-host-latest
> 
> and is based on v6.11-rc5
> 
> Testing SecureTSC
> -----------------
>  
> SecureTSC Guest patches:
> https://github.com/AMDESE/linux-kvm/tree/sectsc-guest-latest
>  
> QEMU changes:
> https://github.com/nikunjad/qemu/tree/snp-securetsc-latest
>  
> QEMU commandline SEV-SNP with SecureTSC:
>  
>   qemu-system-x86_64 -cpu EPYC-Milan-v2 -smp 4 \
>      -object memory-backend-memfd,id=ram1,size=1G,share=true,prealloc=false,reserve=false \
>      -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on \
>      -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \
>      ...

Did you test it with tsc frequency/offset different from the kvm system default
value (max_tsc_khz or kvm_caps.default_tsc_scaling_ranio etc.)?
-- 
Isaku Yamahata <isaku.yamahata@intel.com>