On Wed, Feb 12, 2025, Nikunj A Dadhania wrote: > Sean Christopherson <seanjc@xxxxxxxxxx> writes: > > > On Mon, Feb 10, 2025, Tom Lendacky wrote: > >> On 2/10/25 03:22, Nikunj A Dadhania wrote: > >> > Disallow writes to MSR_IA32_TSC for Secure TSC enabled SNP guests, as such > >> > writes are not expected. Log the error and return #GP to the guest. > >> > >> Re-word this to make it a bit clearer about why this is needed. It is > >> expected that the guest won't write to MSR_IA32_TSC or, if it does, it > >> will ignore any writes to it and not exit to the HV. So this is catching > >> the case where that behavior is not occurring. > > > > Unless it's architectural impossible for KVM to modify MSR_IA32_TSC, I don't see > > any reason for KVM to care. If the guest wants to modify TSC, that's the guest's > > prerogative. > > > > If KVM _can't_ honor the write, then that's something else entirely, and the > > changelog should pretty much write itself. > > How about the below changelog: > > KVM: SVM: Prevent writes to TSC MSR when Secure TSC is enabled > > Secure TSC enabled SNP guests should not write to the TSC MSR. Any such This is a host write, not a guest write. What guest's "should" or should not do is irrelevant. > writes should be identified and ignored by the guest kernel in the #VC Again, I don't care what the guest does. Talking about #VC just adds noise. E.g. if the guest requests WRMSR emulation without ever doing WRMSR, there will be no #VC. > handler. As a safety measure, detect and disallow writes to MSR_IA32_TSC by No, KVM is not the trusted monitor. "safety measure" makes it sound like KVM is protecting the guest from a malicious VMM. That is not KVM's responsibility. > Secure TSC enabled guests, as these writes are not expected to reach the > hypervisor. Log the error and return #GP to the guest. Again, none of this ever says what actually happens if KVM tries to emulate a write to MSR_IA32_TSC. Based on what the APM says, the TSC fields in the control area are ignored. _That's_ what's relevant. The TSC value is first scaled with the GUEST_TSC_SCALE value from the VMSA and then is added to the VMSA GUEST_TSC_OFFSET value. The P0 frequency, TSC_RATIO (C001_0104h) and TSC_OFFSET (VMCB offset 50h) values are not used in the calculation.
