From: "Nikunj A. Dadhania" <nikunj@amd.com>
To: Dionna Amalie Glaze <dionnaglaze@google.com>
Cc: linux-kernel@vger.kernel.org, thomas.lendacky@amd.com,
x86@kernel.org, kvm@vger.kernel.org, bp@alien8.de,
mingo@redhat.com, tglx@linutronix.de,
dave.hansen@linux.intel.com, pgonda@google.com,
seanjc@google.com, pbonzini@redhat.com
Subject: Re: [PATCH v6 12/16] x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests
Date: Wed, 6 Dec 2023 10:07:14 +0530 [thread overview]
Message-ID: <dbffc58e-e720-42fc-8c8d-44cd3f0281e3@amd.com> (raw)
In-Reply-To: <CAAH4kHYL9A4+F0cN1VT1EbaHACFjB6Crbsdzp3hwjz+GuK_CSg@mail.gmail.com>
On 12/5/2023 10:46 PM, Dionna Amalie Glaze wrote:
> On Tue, Nov 28, 2023 at 5:02 AM Nikunj A Dadhania <nikunj@amd.com> wrote:
>>
>> The hypervisor should not be intercepting RDTSC/RDTSCP when Secure TSC
>> is enabled. A #VC exception will be generated if the RDTSC/RDTSCP
>> instructions are being intercepted. If this should occur and Secure
>> TSC is enabled, terminate guest execution.
>>
>> Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
>> ---
>> arch/x86/kernel/sev-shared.c | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
>> index ccb0915e84e1..6d9ef5897421 100644
>> --- a/arch/x86/kernel/sev-shared.c
>> +++ b/arch/x86/kernel/sev-shared.c
>> @@ -991,6 +991,16 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghcb,
>> bool rdtscp = (exit_code == SVM_EXIT_RDTSCP);
>> enum es_result ret;
>>
>> + /*
>> + * RDTSC and RDTSCP should not be intercepted when Secure TSC is
>> + * enabled. Terminate the SNP guest when the interception is enabled.
>> + * This file is included from kernel/sev.c and boot/compressed/sev.c,
>> + * use sev_status here as cc_platform_has() is not available when
>> + * compiling boot/compressed/sev.c.
>> + */
>> + if (sev_status & MSR_AMD64_SNP_SECURE_TSC)
>> + return ES_VMM_ERROR;
>
> Is this not a cc_platform_has situation? I don't recall how the
> conversation shook out for TDX's forcing X86_FEATURE_TSC_RELIABLE
> versus having a cc_attr_secure_tsc
For SNP, SecureTSC is an opt-in feature. AFAIU, for TDX the feature is
turned on by default. So SNP guests need to check if the VMM has enabled
the feature before moving forward with SecureTSC initializations.
The idea was to have some generic name instead of AMD specific SecureTSC
(cc_attr_secure_tsc), and I had sought comments from Kirill [1]. After
that discussion I have added a synthetic flag for Secure TSC[2].
Regards
Nikunj
1. https://lore.kernel.org/lkml/55de810b-66f9-49e3-8459-b7cac1532a0c@amd.com/
2. https://lore.kernel.org/lkml/20231128125959.1810039-10-nikunj@amd.com/
next prev parent reply other threads:[~2023-12-06 4:37 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-28 12:59 [PATCH v6 00/16] Add Secure TSC support for SNP guests Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 01/16] virt: sev-guest: Use AES GCM crypto library Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 02/16] virt: sev-guest: Move mutex to SNP guest device structure Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 03/16] virt: sev-guest: Replace dev_dbg with pr_debug Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 04/16] virt: sev-guest: Add SNP guest request structure Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 05/16] virt: sev-guest: Add vmpck_id to snp_guest_dev struct Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 06/16] x86/sev: Cache the secrets page address Nikunj A Dadhania
2023-12-06 22:21 ` Dionna Amalie Glaze
2023-12-07 6:06 ` Nikunj A. Dadhania
2023-11-28 12:59 ` [PATCH v6 07/16] x86/sev: Move and reorganize sev guest request api Nikunj A Dadhania
2023-11-28 22:50 ` kernel test robot
2023-11-29 2:40 ` kernel test robot
2023-12-05 17:13 ` Dionna Amalie Glaze
2023-12-06 4:24 ` Nikunj A. Dadhania
2023-11-28 12:59 ` [PATCH v6 08/16] x86/mm: Add generic guest initialization hook Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 09/16] x86/cpufeatures: Add synthetic Secure TSC bit Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 10/16] x86/sev: Add Secure TSC support for SNP guests Nikunj A Dadhania
2023-11-29 4:08 ` kernel test robot
2023-11-28 12:59 ` [PATCH v6 11/16] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 12/16] x86/sev: Prevent RDTSC/RDTSCP interception " Nikunj A Dadhania
2023-12-05 17:16 ` Dionna Amalie Glaze
2023-12-06 4:37 ` Nikunj A. Dadhania [this message]
2023-12-06 18:45 ` Dionna Amalie Glaze
2023-12-07 6:12 ` Nikunj A. Dadhania
2023-11-28 12:59 ` [PATCH v6 13/16] x86/kvmclock: Skip kvmclock when Secure TSC is available Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 14/16] x86/sev: Mark Secure TSC as reliable Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 15/16] x86/cpu/amd: Do not print FW_BUG for Secure TSC Nikunj A Dadhania
2023-11-28 12:59 ` [PATCH v6 16/16] x86/sev: Enable Secure TSC for SNP guests Nikunj A Dadhania
2023-12-06 17:46 ` [PATCH v6 00/16] Add Secure TSC support " Peter Gonda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dbffc58e-e720-42fc-8c8d-44cd3f0281e3@amd.com \
--to=nikunj@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dionnaglaze@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox