On 10/31/2023 2:02 AM, Tom Lendacky wrote: > On 10/30/23 01:36, Nikunj A Dadhania wrote: >> The hypervisor should not be intercepting RDTSC/RDTSCP when Secure TSC >> is enabled. A #VC exception will be generated if the RDTSC/RDTSCP >> instructions are being intercepted. If this should occur and Secure >> TSC is enabled, terminate guest execution. >> >> Signed-off-by: Nikunj A Dadhania <nikunj@xxxxxxx> >> --- >> arch/x86/kernel/sev-shared.c | 7 +++++++ >> 1 file changed, 7 insertions(+) >> >> diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c >> index ccb0915e84e1..833b0ae38f0b 100644 >> --- a/arch/x86/kernel/sev-shared.c >> +++ b/arch/x86/kernel/sev-shared.c >> @@ -991,6 +991,13 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghcb, >> bool rdtscp = (exit_code == SVM_EXIT_RDTSCP); >> enum es_result ret; >> + /* >> + * RDTSC and RDTSCP should not be intercepted when Secure TSC is >> + * enabled. Terminate the SNP guest when the interception is enabled. >> + */ >> + if (sev_status & MSR_AMD64_SNP_SECURE_TSC) > > If you have to use sev_status, then please document why cc_platform_has() can't be used in the comment above. Right, for sev-shared.c, cc_platform_has() is not available when compiling boot/compressed. Regards Nikunj
