Sean Christopherson <seanjc@xxxxxxxxxx> writes:
> On Mon, Feb 10, 2025, Tom Lendacky wrote:
>> On 2/10/25 03:22, Nikunj A Dadhania wrote:
>> > Disallow writes to MSR_IA32_TSC for Secure TSC enabled SNP guests, as such
>> > writes are not expected. Log the error and return #GP to the guest.
>>
>> Re-word this to make it a bit clearer about why this is needed. It is
>> expected that the guest won't write to MSR_IA32_TSC or, if it does, it
>> will ignore any writes to it and not exit to the HV. So this is catching
>> the case where that behavior is not occurring.
>
> Unless it's architectural impossible for KVM to modify MSR_IA32_TSC, I don't see
> any reason for KVM to care. If the guest wants to modify TSC, that's the guest's
> prerogative.
>
> If KVM _can't_ honor the write, then that's something else entirely, and the
> changelog should pretty much write itself.
How about the below changelog:
KVM: SVM: Prevent writes to TSC MSR when Secure TSC is enabled
Secure TSC enabled SNP guests should not write to the TSC MSR. Any such
writes should be identified and ignored by the guest kernel in the #VC
handler. As a safety measure, detect and disallow writes to MSR_IA32_TSC by
Secure TSC enabled guests, as these writes are not expected to reach the
hypervisor. Log the error and return #GP to the guest.
Additionally, incorporate a check for protected guest state to allow the
VMM to initialize the TSC MSR.
Regards,
Nikunj
