From: Francesco Lavra <francescolavra.fl@gmail.com>
To: nikunj@amd.com
Cc: bp@alien8.de, dave.hansen@linux.intel.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, mingo@redhat.com,
pbonzini@redhat.com, pgonda@google.com, seanjc@google.com,
tglx@linutronix.de, thomas.lendacky@amd.com, x86@kernel.org
Subject: Re: [PATCH v15 03/13] x86/sev: Add Secure TSC support for SNP guests
Date: Sat, 04 Jan 2025 21:26:32 +0100 [thread overview]
Message-ID: <af92fc80484a6b1f74d8b2535f54833702b7e1f8.camel@gmail.com> (raw)
In-Reply-To: <20241203090045.942078-4-nikunj@amd.com>
On 2024-12-03 at 9:00, Nikunj A Dadhania wrote:
> diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
> index a61898c7f114..39683101b526 100644
> --- a/arch/x86/coco/sev/core.c
> +++ b/arch/x86/coco/sev/core.c
> @@ -96,6 +96,14 @@ static u64 sev_hv_features __ro_after_init;
> /* Secrets page physical address from the CC blob */
> static u64 secrets_pa __ro_after_init;
>
> +/*
> + * For Secure TSC guests, the BP fetches TSC_INFO using SNP guest
> messaging and
> + * initializes snp_tsc_scale and snp_tsc_offset. These values are
> replicated
> + * across the APs VMSA fields (TSC_SCALE and TSC_OFFSET).
> + */
> +static u64 snp_tsc_scale __ro_after_init;
> +static u64 snp_tsc_offset __ro_after_init;
> +
> /* #VC handler runtime per-CPU data */
> struct sev_es_runtime_data {
> struct ghcb ghcb_page;
> @@ -1277,6 +1285,12 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id,
> unsigned long start_ip)
> vmsa->vmpl = snp_vmpl;
> vmsa->sev_features = sev_status >> 2;
>
> + /* Populate AP's TSC scale/offset to get accurate TSC
> values. */
> + if (cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC)) {
> + vmsa->tsc_scale = snp_tsc_scale;
> + vmsa->tsc_offset = snp_tsc_offset;
> + }
> +
> /* Switch the page over to a VMSA page now that it is
> initialized */
> ret = snp_set_vmsa(vmsa, caa, apic_id, true);
> if (ret) {
> @@ -3127,3 +3141,105 @@ int snp_send_guest_request(struct
> snp_msg_desc *mdesc, struct snp_guest_req *req
> }
> EXPORT_SYMBOL_GPL(snp_send_guest_request);
>
> +static int __init snp_get_tsc_info(void)
> +{
> + struct snp_guest_request_ioctl *rio;
> + struct snp_tsc_info_resp *tsc_resp;
> + struct snp_tsc_info_req *tsc_req;
> + struct snp_msg_desc *mdesc;
> + struct snp_guest_req *req;
> + unsigned char *buf;
> + int rc = -ENOMEM;
> +
> + tsc_req = kzalloc(sizeof(*tsc_req), GFP_KERNEL);
> + if (!tsc_req)
> + return rc;
> +
> + tsc_resp = kzalloc(sizeof(*tsc_resp), GFP_KERNEL);
> + if (!tsc_resp)
> + goto e_free_tsc_req;
> +
> + req = kzalloc(sizeof(*req), GFP_KERNEL);
> + if (!req)
> + goto e_free_tsc_resp;
> +
> + rio = kzalloc(sizeof(*rio), GFP_KERNEL);
> + if (!rio)
> + goto e_free_req;
> +
> + /*
> + * The intermediate response buffer is used while decrypting
> the
> + * response payload. Make sure that it has enough space to
> cover
> + * the authtag.
> + */
> + buf = kzalloc(SNP_TSC_INFO_RESP_SZ + AUTHTAG_LEN,
> GFP_KERNEL);
> + if (!buf)
> + goto e_free_rio;
> +
> + mdesc = snp_msg_alloc();
> + if (IS_ERR_OR_NULL(mdesc))
> + goto e_free_buf;
> +
> + rc = snp_msg_init(mdesc, snp_vmpl);
> + if (rc)
> + goto e_free_mdesc;
> +
> + req->msg_version = MSG_HDR_VER;
> + req->msg_type = SNP_MSG_TSC_INFO_REQ;
> + req->vmpck_id = snp_vmpl;
> + req->req_buf = tsc_req;
> + req->req_sz = sizeof(*tsc_req);
> + req->resp_buf = buf;
> + req->resp_sz = sizeof(*tsc_resp) + AUTHTAG_LEN;
> + req->exit_code = SVM_VMGEXIT_GUEST_REQUEST;
> +
> + rc = snp_send_guest_request(mdesc, req, rio);
> + if (rc)
> + goto e_request;
> +
> + memcpy(tsc_resp, buf, sizeof(*tsc_resp));
> + pr_debug("%s: response status 0x%x scale 0x%llx offset
> 0x%llx factor 0x%x\n",
> + __func__, tsc_resp->status, tsc_resp->tsc_scale,
> tsc_resp->tsc_offset,
> + tsc_resp->tsc_factor);
> +
> + if (tsc_resp->status == 0) {
> + snp_tsc_scale = tsc_resp->tsc_scale;
> + snp_tsc_offset = tsc_resp->tsc_offset;
> + } else {
> + pr_err("Failed to get TSC info, response status
> 0x%x\n", tsc_resp->status);
> + rc = -EIO;
> + }
> +
> +e_request:
> + /* The response buffer contains sensitive data, explicitly
> clear it. */
> + memzero_explicit(buf, sizeof(buf));
> + memzero_explicit(tsc_resp, sizeof(*tsc_resp));
buf is an unsigned char *, so by using sizeof(buf) you are not zeroing
the entire buffer.
Also, I see no point in having a separate tsc_resp buffer just to copy
the response from buf to tsc_resp, if you just use a single buffer with
size (SNP_TSC_INFO_RESP_SZ + AUTHTAG_LEN) and parse the response from
that buffer you will avoid the double buffer allocation, the memory
copying, and the double zeroing.
next prev parent reply other threads:[~2025-01-04 20:26 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-03 9:00 [PATCH v15 00/13] Add Secure TSC support for SNP guests Nikunj A Dadhania
2024-12-03 9:00 ` [PATCH v15 01/13] x86/sev: Carve out and export SNP guest messaging init routines Nikunj A Dadhania
2024-12-03 14:19 ` Borislav Petkov
2024-12-03 14:35 ` Nikunj A. Dadhania
2024-12-03 14:50 ` Borislav Petkov
2024-12-03 14:52 ` Nikunj A. Dadhania
2024-12-04 9:30 ` Nikunj A. Dadhania
2024-12-04 10:00 ` Nikunj A. Dadhania
2024-12-04 20:02 ` Borislav Petkov
2024-12-05 6:23 ` Nikunj A. Dadhania
2024-12-06 20:27 ` Borislav Petkov
2024-12-07 0:27 ` Dionna Amalie Glaze
2024-12-09 15:36 ` Borislav Petkov
2024-12-09 6:16 ` Nikunj A. Dadhania
2024-12-09 15:38 ` Borislav Petkov
2024-12-10 6:38 ` Nikunj A Dadhania
2025-01-04 19:06 ` Francesco Lavra
2025-01-06 4:14 ` Nikunj A. Dadhania
2024-12-03 9:00 ` [PATCH v15 02/13] x86/sev: Relocate SNP guest messaging routines to common code Nikunj A Dadhania
2024-12-04 20:20 ` Borislav Petkov
2024-12-05 6:25 ` Nikunj A. Dadhania
2024-12-03 9:00 ` [PATCH v15 03/13] x86/sev: Add Secure TSC support for SNP guests Nikunj A Dadhania
2024-12-05 11:55 ` Borislav Petkov
2024-12-06 4:19 ` Nikunj A. Dadhania
2024-12-16 16:06 ` Tom Lendacky
2024-12-17 6:12 ` Nikunj A Dadhania
2025-01-04 20:26 ` Francesco Lavra [this message]
2025-01-06 4:34 ` Nikunj A. Dadhania
2024-12-03 9:00 ` [PATCH v15 04/13] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Nikunj A Dadhania
2024-12-09 15:57 ` Borislav Petkov
2024-12-10 5:02 ` Nikunj A. Dadhania
2024-12-10 11:43 ` Borislav Petkov
2024-12-10 16:44 ` Nikunj A Dadhania
2024-12-10 14:29 ` Tom Lendacky
2024-12-10 16:59 ` Nikunj A Dadhania
2024-12-11 19:00 ` Borislav Petkov
2024-12-11 22:01 ` Tom Lendacky
2024-12-11 22:22 ` Borislav Petkov
2024-12-11 22:43 ` Tom Lendacky
2024-12-03 9:00 ` [PATCH v15 05/13] x86/sev: Prevent RDTSC/RDTSCP interception " Nikunj A Dadhania
2024-12-10 11:53 ` Borislav Petkov
2024-12-03 9:00 ` [PATCH v15 06/13] x86/sev: Prevent GUEST_TSC_FREQ MSR " Nikunj A Dadhania
2024-12-10 12:11 ` Borislav Petkov
2024-12-10 17:13 ` Nikunj A Dadhania
2024-12-10 17:18 ` Borislav Petkov
2024-12-12 4:53 ` Nikunj A. Dadhania
2024-12-17 10:57 ` Borislav Petkov
2024-12-18 5:20 ` Nikunj A. Dadhania
2024-12-24 11:53 ` Borislav Petkov
2025-01-01 8:44 ` Nikunj A. Dadhania
2025-01-01 16:10 ` Borislav Petkov
2025-01-02 5:03 ` Nikunj A. Dadhania
2025-01-02 9:07 ` Borislav Petkov
2025-01-02 9:30 ` Nikunj A. Dadhania
2025-01-02 14:45 ` Tom Lendacky
2025-01-02 14:54 ` Borislav Petkov
2024-12-10 17:22 ` Tom Lendacky
2024-12-03 9:00 ` [PATCH v15 07/13] x86/sev: Mark Secure TSC as reliable clocksource Nikunj A Dadhania
2024-12-11 20:32 ` Borislav Petkov
2024-12-12 5:07 ` Nikunj A Dadhania
2024-12-03 9:00 ` [PATCH v15 08/13] x86/cpu/amd: Do not print FW_BUG for Secure TSC Nikunj A Dadhania
2024-12-17 11:10 ` Borislav Petkov
2024-12-18 5:21 ` Nikunj A. Dadhania
2024-12-03 9:00 ` [PATCH v15 09/13] tsc: Use the GUEST_TSC_FREQ MSR for discovering TSC frequency Nikunj A Dadhania
2024-12-16 16:31 ` Tom Lendacky
2024-12-17 6:27 ` Nikunj A Dadhania
2024-12-17 7:05 ` Tom Lendacky
2024-12-17 7:57 ` Nikunj A. Dadhania
2024-12-30 11:29 ` Borislav Petkov
2025-01-01 8:56 ` Nikunj A. Dadhania
2025-01-01 16:15 ` Borislav Petkov
2025-01-02 5:10 ` Nikunj A. Dadhania
2025-01-02 9:17 ` Borislav Petkov
2025-01-02 10:01 ` Nikunj A. Dadhania
2025-01-02 10:45 ` Borislav Petkov
2025-01-02 13:10 ` Nikunj A. Dadhania
2025-01-03 12:04 ` Borislav Petkov
2025-01-03 13:59 ` Nikunj A. Dadhania
2025-01-04 10:28 ` Borislav Petkov
2024-12-03 9:00 ` [PATCH v15 10/13] tsc: Upgrade TSC clocksource rating Nikunj A Dadhania
2024-12-30 11:36 ` Borislav Petkov
2025-01-02 5:20 ` Nikunj A. Dadhania
2025-01-02 9:32 ` Borislav Petkov
2025-01-03 10:09 ` Nikunj A. Dadhania
2025-01-03 12:06 ` Borislav Petkov
2025-01-03 14:03 ` Nikunj A. Dadhania
2024-12-03 9:00 ` [PATCH v15 11/13] tsc: Switch to native sched clock Nikunj A Dadhania
2024-12-03 9:00 ` [PATCH v15 12/13] x86/kvmclock: Abort SecureTSC enabled guest when kvmclock is selected Nikunj A Dadhania
2024-12-16 16:36 ` Tom Lendacky
2024-12-30 17:04 ` Borislav Petkov
2025-01-01 9:44 ` Nikunj A. Dadhania
2025-01-01 16:19 ` Borislav Petkov
2025-01-02 5:34 ` Nikunj A. Dadhania
2025-01-02 9:25 ` Borislav Petkov
2025-01-02 10:06 ` Nikunj A. Dadhania
2024-12-03 9:00 ` [PATCH v15 13/13] x86/sev: Allow Secure TSC feature for SNP guests Nikunj A Dadhania
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=af92fc80484a6b1f74d8b2535f54833702b7e1f8.camel@gmail.com \
--to=francescolavra.fl@gmail.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox