On 12/10/2024 10:48 PM, Borislav Petkov wrote:
> On Tue, Dec 10, 2024 at 10:43:05PM +0530, Nikunj A Dadhania wrote:
>> This is incorrect, for a non-Secure TSC guest, a read of intercepted
>> MSR_AMD64_GUEST_TSC_FREQ will return value of rdtsc_ordered(). This is an invalid
>> MSR when SecureTSC is not enabled.
>
> So how would you change this diff to fix this?
How about the below change, this also keeps the behavior intact for non-Secure TSC guests (SEV-ES/SNP):
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index 25a4c47f58c4..fa57adf5a2c6 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1448,15 +1448,18 @@ static enum es_result __vc_handle_msr_tsc(struct pt_regs *regs, bool write)
{
u64 tsc;
- if (!(sev_status & MSR_AMD64_SNP_SECURE_TSC))
- goto read_tsc;
+ /*
+ * GUEST_TSC_FREQ should not be intercepted when Secure TSC is
+ * enabled. Terminate the SNP guest when the interception is enabled.
+ */
+ if (regs->cx == MSR_AMD64_GUEST_TSC_FREQ)
+ return ES_VMM_ERROR;
if (write) {
WARN_ONCE(1, "TSC MSR writes are verboten!\n");
return ES_OK;
}
-read_tsc:
tsc = rdtsc_ordered();
regs->ax = lower_32_bits(tsc);
regs->dx = upper_32_bits(tsc);
@@ -1477,19 +1480,13 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt)
case MSR_SVSM_CAA:
return __vc_handle_msr_caa(regs, write);
case MSR_IA32_TSC:
- return __vc_handle_msr_tsc(regs, write);
+ case MSR_AMD64_GUEST_TSC_FREQ:
+ if (sev_status & MSR_AMD64_SNP_SECURE_TSC)
+ return __vc_handle_msr_tsc(regs, write);
default:
break;
}
- /*
- * GUEST_TSC_FREQ should not be intercepted when Secure TSC is
- * enabled. Terminate the SNP guest when the interception is enabled.
- */
- if (regs->cx == MSR_AMD64_GUEST_TSC_FREQ && (sev_status & MSR_AMD64_SNP_SECURE_TSC))
- return ES_VMM_ERROR;
-
-
ghcb_set_rcx(ghcb, regs->cx);
if (write) {
ghcb_set_rax(ghcb, regs->ax);
---
Regards
Nikunj
