Hi Tom,
On 10/11/2024 1:09 AM, Tom Lendacky wrote:
> On 10/9/24 04:28, Nikunj A Dadhania wrote:
>> Calibrating the TSC frequency using the kvmclock is not correct for
>> SecureTSC enabled guests. Use the platform provided TSC frequency via the
>> GUEST_TSC_FREQ MSR (C001_0134h).
>>
>> Signed-off-by: Nikunj A Dadhania <nikunj@xxxxxxx>
>> ---
>> arch/x86/include/asm/msr-index.h | 1 +
>> arch/x86/include/asm/sev.h | 2 ++
>> arch/x86/coco/sev/core.c | 16 ++++++++++++++++
>> arch/x86/kernel/tsc.c | 5 +++++
>> 4 files changed, 24 insertions(+)
>> diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
>> index 5f555f905fad..ef0def203b3f 100644
>> --- a/arch/x86/coco/sev/core.c
>> +++ b/arch/x86/coco/sev/core.c
>> @@ -3100,3 +3100,19 @@ void __init snp_secure_tsc_prepare(void)
>>
>> pr_debug("SecureTSC enabled");
>> }
>> +
>> +static unsigned long securetsc_get_tsc_khz(void)
>> +{
>> + unsigned long long tsc_freq_mhz;
>> +
>> + setup_force_cpu_cap(X86_FEATURE_TSC_KNOWN_FREQ);
>> + rdmsrl(MSR_AMD64_GUEST_TSC_FREQ, tsc_freq_mhz);
>
> So this MSR can be intercepted by the hypervisor. You'll need to add
> code in the #VC handler that checks if an MSR access is for
> MSR_AMD64_GUEST_TSC_FREQ and Secure TSC is active, then the hypervisor
> is not cooperating and you should terminate the guest.
Yes, will add this in my next revision.
Regards
Nikunj
