On 11/11/2024 9:23 PM, Borislav Petkov wrote: > On Mon, Oct 28, 2024 at 11:04:23AM +0530, Nikunj A Dadhania wrote: >> The hypervisor should not be intercepting RDTSC/RDTSCP when Secure TSC is >> enabled. A #VC exception will be generated if the RDTSC/RDTSCP instructions >> are being intercepted. If this should occur and Secure TSC is enabled, >> guest execution should be terminated as the guest cannot rely on the TSC >> value provided by the hypervisor. > > This should be in the comment below. Same message in commit and the code comment ? > >> Signed-off-by: Nikunj A Dadhania <nikunj@xxxxxxx> >> Tested-by: Peter Gonda <pgonda@xxxxxxxxxx> >> Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx> >> --- >> arch/x86/coco/sev/shared.c | 10 ++++++++++ >> 1 file changed, 10 insertions(+) >> >> diff --git a/arch/x86/coco/sev/shared.c b/arch/x86/coco/sev/shared.c >> index 71de53194089..c2a9e2ada659 100644 >> --- a/arch/x86/coco/sev/shared.c >> +++ b/arch/x86/coco/sev/shared.c >> @@ -1140,6 +1140,16 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghcb, >> bool rdtscp = (exit_code == SVM_EXIT_RDTSCP); >> enum es_result ret; >> >> + /* >> + * RDTSC and RDTSCP should not be intercepted when Secure TSC is >> + * enabled. Terminate the SNP guest when the interception is enabled. >> + * This file is included from kernel/sev.c and boot/compressed/sev.c, >> + * use sev_status here as cc_platform_has() is not available when >> + * compiling boot/compressed/sev.c. >> + */ >> + if (sev_status & MSR_AMD64_SNP_SECURE_TSC) >> + return ES_VMM_ERROR; >> + >> ret = sev_es_ghcb_hv_call(ghcb, ctxt, exit_code, 0, 0); >> if (ret != ES_OK) >> return ret; >> -- >> 2.34.1 >> >
