On 3/12/2025 5:52 PM, Paolo Bonzini wrote: > On 10/12/24 09:55, Isaku Yamahata wrote: >> The current x86 KVM implementation conflicts with protected TSC because the >> VMM can't change the TSC offset/multiplier. Disable or ignore the KVM >> logic to change/adjust the TSC offset/multiplier somehow. >> >> Because KVM emulates the TSC timer or the TSC deadline timer with the TSC >> offset/multiplier, the TSC timer interrupts are injected to the guest at the >> wrong time if the KVM TSC offset is different from what the TDX module >> determined. >> >> Originally the issue was found by cyclic test of rt-test [1] as the latency in >> TDX case is worse than VMX value + TDX SEAMCALL overhead. It turned out that >> the KVM TSC offset is different from what the TDX module determines. >> >> The solution is to keep the KVM TSC offset/multiplier the same as the value of >> the TDX module somehow. [...] Ignore (or don't call related functions) the >> request to change the TSC offset/multiplier. >> >> [...] With this patch series, SEV-SNP secure TSC can be supported. > > Thanks, I've squashed these changes (apart from setting > vcpu->arch.guest_tsc_protected) into the corresponding patches in > kvm-coco-queue. Just one small change is needed in patch 2, to > which I will reply. > > For SEV-SNP, all that's necessary on top should be > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index d92e97baea0f..beddeed90ff0 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -2481,6 +2481,9 @@ static int snp_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp) > } > > svm->vcpu.arch.guest_state_protected = true; > + if (snp_secure_tsc_enabled(kvm)) > + svm->vcpu.arch.guest_tsc_protected = true; > + > /* > * SEV-ES (and thus SNP) guest mandates LBR Virtualization to > * be _always_ ON. Enable it only after setting > > For the sake of testing, I applied the latest SEV-SNP host patches > from https://github.com/AMDESE/linux-kvm/commits/sectsc-host-latest > to kvm-coco-queue as well, plus the above hunk; Nikunj can integrate > it in the next revision of > https://lore.kernel.org/kvm/20250310064347.13986-1-nikunj@xxxxxxx/T/. Sure Paolo, I will add the above changes in my next revision. Should I rebase the Secure TSC host patches on top of kvm-coco-queue ? Regards Nikunj
