On Tue, Oct 24, 2023, Yifei Ma wrote: > Hi KVM community, > > I am trying to figure out how TSC is virtualized in KVM-VMX world. > According to the kernel documentation, reading TSC register through MSR > can be trapped into KVM and VMX. I am trying to figure out the KVM code > handing this trap. Key word "can". KVM chooses not to intercept RDMSR to MSR_IA32_TSC because hardware handles the necessary offset and scaling. KVM does still emulate reads in kvm_get_msr_common(), e.g. if KVM is forced to emulate a RDMSR, but that's a very, very uncommon path. Ditto for the RDTSC instruction, which isn't subject to MSR intercpetion bitmaps and has a dedicated control. KVM will emulate RDTSC if KVM is already emulating, but otherwise the guest can execute RDTSC without triggering a VM-Exit. Modern CPUs provide both a offset and a scaling factor for VMX guests, i.e. the CPU itself virtualizes guest TSC. See the RDMSR and RDTSC bullet points in the "CHANGES TO INSTRUCTION BEHAVIOR IN VMX NON-ROOT OPERATION" section of the SDM for details. > In order to understand it, I have run a kernel traced by GDB, and added > break points to the code I thought they may handle the MSR trap, e.g., > kvm_get_msr, vmx_exec_control, etc. Then ran rdtsc from guest application, > however, it didn’t trigger these breakpoints. I am a little lost in how > TSC is virtualized. > > Two questions: > - does the TSC MRS instructions are emulated and trapped into KVM? Nope, see above. > - if TSC is trapped, which code handles it? Also see above :-) > Any background about TSC virtualization and suggestions on tracing its > virtualization are appreciated.
