On 2/10/25 03:22, Nikunj A Dadhania wrote:
> Disallow writes to MSR_IA32_TSC for Secure TSC enabled SNP guests, as such
> writes are not expected. Log the error and return #GP to the guest.
Re-word this to make it a bit clearer about why this is needed. It is
expected that the guest won't write to MSR_IA32_TSC or, if it does, it
will ignore any writes to it and not exit to the HV. So this is catching
the case where that behavior is not occurring.
>
> Signed-off-by: Nikunj A Dadhania <nikunj@xxxxxxx>
> ---
> arch/x86/kvm/svm/svm.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index d7a0428aa2ae..929f35a2f542 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -3161,6 +3161,17 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
>
> svm->tsc_aux = data;
> break;
> + case MSR_IA32_TSC:
> + /*
> + * If Secure TSC is enabled, KVM doesn't expect to receive
> + * a VMEXIT for a TSC write, record the error and return a
> + * #GP
> + */
> + if (vcpu->arch.guest_state_protected && snp_secure_tsc_enabled(vcpu->kvm)) {
Does it matter if the VMSA has already been encrypted? Can this just be
if (sev_snp_guest() && snp_secure_tsc_enabled(vcpu->kvm)) {
?
> + vcpu_unimpl(vcpu, "unimplemented IA32_TSC for secure tsc\n");
> + return 1;
> + }
> + break;
> case MSR_IA32_DEBUGCTLMSR:
> if (!lbrv) {
> kvm_pr_unimpl_wrmsr(vcpu, ecx, data);
