On Wed, May 22, 2024 at 07:24:41PM -0700, Dexuan Cui wrote: > A TDX VM on Hyper-V may run in TD mode or Partitioned TD mode (L2). For > the former, the VM has not enabled the Hyper-V TSC page (which is defined > in drivers/clocksource/hyperv_timer.c: "... tsc_pg __bss_decrypted ...") > because, for such a VM, the hypervisor requires that the page should be > shared, but currently the __bss_decrypted is not working for such a VM > yet. I don't see how it is safe. It opens guest clock for manipulations form VMM. Could you elaborate on security implications? > Hyper-V TSC page can work as a clocksource device similar to KVM pv > clock, and it's also used by the Hyper-V timer code to get the current > time: see hv_init_tsc_clocksource(), which sets the global function > pointer hv_read_reference_counter to read_hv_clock_tsc(); when > Hyper-V TSC page is not enabled, hv_read_reference_counter defaults to > be drivers/hv/hv_common.c: __hv_read_ref_counter(), which is suboptimal > as it uses the slow MSR interface to get the time info. Why can't the guest just read the TSC directly? Why do we need the page? I am confused. -- Kiryl Shutsemau / Kirill A. Shutemov
