On Wed, Dec 18, 2024 at 10:50:07AM +0530, Nikunj A. Dadhania wrote:
> With the condition inside the function, even tough the MSR is not
> valid in this configuration, I am getting value 0. Is this behavior
> acceptable ?
The whole untested diff, should DTRT this time:
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index 10980898c054..96a9ee93f9cb 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1441,10 +1441,25 @@ static enum es_result __vc_handle_msr_caa(struct pt_regs *regs, bool write)
*/
static enum es_result __vc_handle_msr_tsc(struct pt_regs *regs, bool write)
{
+ bool sec_tsc = sev_status & MSR_AMD64_SNP_SECURE_TSC;
u64 tsc;
- if (write)
- return ES_OK;
+ /*
+ * The GUEST_TSC_FREQ MSR should not be intercepted when secure
+ * TSC is enabled so terminate the guest. For non-secure TSC
+ * guests, that MSR is #GP(0).
+ */
+ if (regs->cx == MSR_AMD64_GUEST_TSC_FREQ) {
+ if (sec_tsc)
+ return ES_VMM_ERROR;
+ else
+ return ES_UNSUPPORTED;
+ }
+
+ if (write) {
+ WARN_ONCE(1, "TSC MSR writes are verboten!\n");
+ return ES_UNSUPPORTED;
+ }
tsc = rdtsc_ordered();
regs->ax = lower_32_bits(tsc);
@@ -1462,19 +1477,15 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt)
/* Is it a WRMSR? */
write = ctxt->insn.opcode.bytes[1] == 0x30;
- if (regs->cx == MSR_SVSM_CAA)
+ switch(regs->cx) {
+ case MSR_SVSM_CAA:
return __vc_handle_msr_caa(regs, write);
-
- if (regs->cx == MSR_IA32_TSC && (sev_status & MSR_AMD64_SNP_SECURE_TSC))
+ case MSR_IA32_TSC:
+ case MSR_AMD64_GUEST_TSC_FREQ:
return __vc_handle_msr_tsc(regs, write);
-
- /*
- * GUEST_TSC_FREQ should not be intercepted when Secure TSC is
- * enabled. Terminate the SNP guest when the interception is enabled.
- */
- if (regs->cx == MSR_AMD64_GUEST_TSC_FREQ && (sev_status & MSR_AMD64_SNP_SECURE_TSC))
- return ES_VMM_ERROR;
-
+ default:
+ break;
+ }
ghcb_set_rcx(ghcb, regs->cx);
if (write) {
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
