On 1/2/2025 2:55 PM, Borislav Petkov wrote: > On Thu, Jan 02, 2025 at 11:04:21AM +0530, Nikunj A. Dadhania wrote: >> >> >> On 1/1/2025 9:49 PM, Borislav Petkov wrote: >>> On Wed, Jan 01, 2025 at 03:14:12PM +0530, Nikunj A. Dadhania wrote: >>>> I can drop this patch, and if the admin wants to change the clock >>>> source to kvm-clock from Secure TSC, that will be permitted. >>> >>> Why would the admin want that and why would we even support that? >> >> I am not saying that admin will do that, I am saying that it is a possibility. >> >> Changing clocksource is supported via sysfs interface: >> >> echo "kvm-clock" > /sys/devices/system/clocksource/clocksource0/current_clocksource > > You can do that in the guest, right? Yes. > > Not on the host. Right, kvm-clock is not available on host. > If so, are you basically saying that users will be able to kill their guests > simply by switching the clocksource? > > Because this would be dumb of us. > > And then the real thing to do should be something along the lines of > > "You're running a Secure TSC guest, changing the clocksource is not allowed!" > > or even better we warn when the user changes it but allow the change and taint > the kernel. Sure, that sounds better. I will keep the warning and taint the kernel. Regards, Nikunj
