From: Tom Lendacky <thomas.lendacky@amd.com>
To: Nikunj A Dadhania <nikunj@amd.com>,
linux-kernel@vger.kernel.org, bp@alien8.de, x86@kernel.org,
kvm@vger.kernel.org
Cc: mingo@redhat.com, tglx@linutronix.de,
dave.hansen@linux.intel.com, pgonda@google.com,
seanjc@google.com, pbonzini@redhat.com
Subject: Re: [PATCH v13 06/13] x86/sev: Prevent GUEST_TSC_FREQ MSR interception for Secure TSC enabled guests
Date: Mon, 21 Oct 2024 09:08:50 -0500 [thread overview]
Message-ID: <a25377ad-27ea-3a45-2a42-4bd41bde783a@amd.com> (raw)
In-Reply-To: <20241021055156.2342564-7-nikunj@amd.com>
On 10/21/24 00:51, Nikunj A Dadhania wrote:
> The hypervisor should not be intercepting GUEST_TSC_FREQ MSR(0xcOO10134)
> when Secure TSC is enabled. A #VC exception will be generated if the
> GUEST_TSC_FREQ MSR is being intercepted. If this should occur and SecureTSC
> is enabled, terminate guest execution.
>
> Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Just a minor comment/question below.
> ---
> arch/x86/include/asm/msr-index.h | 1 +
> arch/x86/coco/sev/core.c | 8 ++++++++
> 2 files changed, 9 insertions(+)
>
> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
> index 3ae84c3b8e6d..233be13cc21f 100644
> --- a/arch/x86/include/asm/msr-index.h
> +++ b/arch/x86/include/asm/msr-index.h
> @@ -608,6 +608,7 @@
> #define MSR_AMD_PERF_CTL 0xc0010062
> #define MSR_AMD_PERF_STATUS 0xc0010063
> #define MSR_AMD_PSTATE_DEF_BASE 0xc0010064
> +#define MSR_AMD64_GUEST_TSC_FREQ 0xc0010134
> #define MSR_AMD64_OSVW_ID_LENGTH 0xc0010140
> #define MSR_AMD64_OSVW_STATUS 0xc0010141
> #define MSR_AMD_PPIN_CTL 0xc00102f0
> diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
> index 2ad7773458c0..4e9b1cc1f26b 100644
> --- a/arch/x86/coco/sev/core.c
> +++ b/arch/x86/coco/sev/core.c
> @@ -1332,6 +1332,14 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt)
> return ES_OK;
> }
>
> + /*
> + * GUEST_TSC_FREQ should not be intercepted when Secure TSC is
> + * enabled. Terminate the SNP guest when the interception is enabled.
> + */
> + if (regs->cx == MSR_AMD64_GUEST_TSC_FREQ && cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC))
Should the cc_platform_has() check be changed into a check against
sev_status directly (similar to the DEBUG_SWAP support)? Just in case
this handler ends up getting used in early code where cc_platform_has()
can't be used.
Thanks,
Tom
> + return ES_VMM_ERROR;
> +
> +
> ghcb_set_rcx(ghcb, regs->cx);
> if (exit_info_1) {
> ghcb_set_rax(ghcb, regs->ax);
next prev parent reply other threads:[~2024-10-21 14:08 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-21 5:51 [PATCH v13 00/13] Add Secure TSC support for SNP guests Nikunj A Dadhania
2024-10-21 5:51 ` [PATCH v13 01/13] x86/sev: Carve out and export SNP guest messaging init routines Nikunj A Dadhania
2024-10-21 7:48 ` Christophe JAILLET
2024-10-22 4:12 ` Nikunj A. Dadhania
2024-10-21 5:51 ` [PATCH v13 02/13] x86/sev: Relocate SNP guest messaging routines to common code Nikunj A Dadhania
2024-10-21 5:51 ` [PATCH v13 03/13] x86/sev: Add Secure TSC support for SNP guests Nikunj A Dadhania
2024-10-21 8:12 ` Christophe JAILLET
2024-10-22 4:15 ` Nikunj A. Dadhania
2024-10-21 5:51 ` [PATCH v13 04/13] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Nikunj A Dadhania
2024-10-23 3:25 ` Xiaoyao Li
2024-10-24 6:24 ` Nikunj A. Dadhania
2024-10-24 7:31 ` Xiaoyao Li
2024-10-24 10:16 ` Nikunj A. Dadhania
2024-10-21 5:51 ` [PATCH v13 05/13] x86/sev: Prevent RDTSC/RDTSCP interception " Nikunj A Dadhania
2024-10-24 7:56 ` Xiaoyao Li
2024-10-24 8:44 ` Nikunj A. Dadhania
2024-10-24 15:34 ` Xiaoyao Li
2024-10-21 5:51 ` [PATCH v13 06/13] x86/sev: Prevent GUEST_TSC_FREQ MSR " Nikunj A Dadhania
2024-10-21 14:08 ` Tom Lendacky [this message]
2024-10-22 4:20 ` Nikunj A. Dadhania
2024-10-21 5:51 ` [PATCH v13 07/13] x86/sev: Mark Secure TSC as reliable clocksource Nikunj A Dadhania
2024-10-21 5:51 ` [PATCH v13 08/13] x86/cpu/amd: Do not print FW_BUG for Secure TSC Nikunj A Dadhania
2024-10-21 5:51 ` [PATCH v13 09/13] tsc: Use the GUEST_TSC_FREQ MSR for discovering TSC frequency Nikunj A Dadhania
2024-10-21 14:33 ` Tom Lendacky
2024-10-22 4:24 ` Nikunj A. Dadhania
2024-10-21 5:51 ` [PATCH v13 10/13] tsc: Upgrade TSC clocksource rating Nikunj A Dadhania
2024-10-21 5:51 ` [PATCH v13 11/13] tsc: Switch to native sched clock Nikunj A Dadhania
2024-10-21 14:37 ` Tom Lendacky
2024-10-22 4:26 ` Nikunj A. Dadhania
2024-10-21 21:30 ` kernel test robot
2024-10-21 23:03 ` kernel test robot
2024-10-21 5:51 ` [PATCH v13 12/13] x86/kvmclock: Abort SecureTSC enabled guest when kvmclock is selected Nikunj A Dadhania
2024-10-21 15:00 ` Tom Lendacky
2024-10-22 4:28 ` Nikunj A. Dadhania
2024-10-21 5:51 ` [PATCH v13 13/13] x86/sev: Allow Secure TSC feature for SNP guests Nikunj A Dadhania
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a25377ad-27ea-3a45-2a42-4bd41bde783a@amd.com \
--to=thomas.lendacky@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox