From patchwork Mon Feb 10 09:22:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikunj A Dadhania X-Patchwork-Id: 13967520 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2044.outbound.protection.outlook.com [40.107.94.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D866C1AA1C0 for ; Mon, 10 Feb 2025 09:22:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.44 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739179375; cv=fail; b=bbEAz84bGzsmO1CaYPBhaoaNxtXnv4U0bN9b1TrcjC5sPeVSEmrjGycyuKNv/7297EuF9GtQlcTE/ojC/DaBfHntatQ/izW3QubAe6yunxopTbpnyYSuqq7tp6VkcMs4SJ9xQlPCxOhkEyGl5WqVvCRHa9KqOJGpoW/apRMz4as= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739179375; c=relaxed/simple; bh=7MXPim+Xj1N/aZ5OjrsFh7FEBzxSlmr6Ys8JuCXuv/Q=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=EBLoLLJY8HyQY40R6K5gkdWqE13MOV9PeZozIjkIZyXevCCrWzgWFb6fgZ+KqnlXKa6x9CvTrPDlDshp6NFJjhDZpGpro5TyErTD8GWHyGZF6HqM3BeqAPzQOwyj4qvkmxPEMr/BkcZgnQTxNIHrMr9WRITucO59t+QVPpCf4Ww= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=JIxwRLkp; arc=fail smtp.client-ip=40.107.94.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="JIxwRLkp" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=B/LjZdYRw9lSpJpUI5Z5q2WYPCgJPXC8S5GV+QqQwWlGBG3rZ6BlkliJUcZbn+o2wZFkqm9IPQLLT0cr+bgSFNldhAYPPJUdypcLi71Vcv/ZI64k2QsSPLjBX8IEpsPdWvSVY5WQ4iS7HpJEFNO9WQTdvVlbFzXzTgfMfgDFkvSLcBpg+tvPTPEqpcajx8UahXeBJYU4ZMfiSKHiXa4csNZ9jf94GfCEJumGBDOCoL2vUzEeUOpPfONNzjmfncQNQacEgO4ilgJwCrbnbwZalJ2DdsLhBzhLLZdraPidxfNCN/ShYqgquhH3UZBP/6Sp0xm2VHEthZiofChj/n6DuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5+Nw6ukOq9Q5tyzYndx+P9odRvRbGTULF1K+hScO+0g=; b=MaQVJBDocNcYxsWCOnoZBxW+atZUnGG2TurV04VYgXwIxHRHc+xluqNSw8DDSZlylNP3f8JwBbkG7GUMAzouZH1EIJz+3N2xf4/u26N1uef+9bLBX9x8S7iA1aQlPiuv8liR8olQHjbfUHImaobvYoR6DpGVUFYJ1XNEaujcErgAFC13TONYqhoJfcsa4zna2C3EcDTc+Y/HmmeRqQR2Y7Eqdvbf0eNTcR23Nq4IG7Kan5MkAuWgTZ1SjkA3EF4vyUJ46kN0IbGudJzAp2xQiKn/1WOEDWBg/sX2oe8IBcRLlJRoVAy0DxQLHbn0NBW0rmSLQgm7TFQatWAua77oQQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5+Nw6ukOq9Q5tyzYndx+P9odRvRbGTULF1K+hScO+0g=; b=JIxwRLkp9gpt6ntKMf2NeJVCe/QvZ0oUvG6eGSkm7+jCGsqOdj9jYkh/AyePH+s3x7/UTBxr1CsCmFmAwrT/m0vPOfqc0+Vvgb7S5a0PIu40tUHwGY1a/g7p1nKg9ZII3qStg8APSzgur53qPDR+kT67sNmlBP8qKvvbsuP04GM= Received: from MW4PR04CA0304.namprd04.prod.outlook.com (2603:10b6:303:82::9) by CY8PR12MB7123.namprd12.prod.outlook.com (2603:10b6:930:60::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8422.18; Mon, 10 Feb 2025 09:22:50 +0000 Received: from MWH0EPF000A672E.namprd04.prod.outlook.com (2603:10b6:303:82:cafe::29) by MW4PR04CA0304.outlook.office365.com (2603:10b6:303:82::9) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8398.31 via Frontend Transport; Mon, 10 Feb 2025 09:22:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A672E.mail.protection.outlook.com (10.167.249.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8445.10 via Frontend Transport; Mon, 10 Feb 2025 09:22:49 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 10 Feb 2025 03:22:46 -0600 From: Nikunj A Dadhania To: , , CC: , , , , , Subject: [PATCH v2 1/4] x86/cpufeatures: Add SNP Secure TSC Date: Mon, 10 Feb 2025 14:52:27 +0530 Message-ID: <20250210092230.151034-2-nikunj@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250210092230.151034-1-nikunj@amd.com> References: <20250210092230.151034-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A672E:EE_|CY8PR12MB7123:EE_ X-MS-Office365-Filtering-Correlation-Id: 879fc50b-2cb4-4bd1-f0d6-08dd49b47d2b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: QFz8vI33fMKVR7va7K+0wcpuTX7P6u4mIuT3j6qaShqeiSejVdWgi4Tpkrzn4AZrF5pFRvOjA9rLJWY4mqULITG2oqcTAcoYr3EMeQ943evQzMJD3XLIPWxD1lfVjLbCV4r9fArxZ3FfB9iWhMYuO++1I0t0MukY3SjYcxsuLJ81JFaG7qUoUJ5af0EXlz3QAqyUq10vIx2POZh09BFM3wVn6ZZufDvpmiks5gZ14kJvTjOt/IiTcNayiHMW0BqGGKcnJTyCXeJ+euriAYWJA+fscGiaYczfoCxKkVrY3675YSFWPseWQrKdLZpC/f39bfVW7y4crweocO6SWukbiTLHZR4KvzHYeta+DMWKYtheXg+OPNq5CjDSxnqpg3ldCU9vmU+wTnHOacgGvNA3DL5uG2LMhQ53JsNvMcOhAd1avpBzzGYwtGQCtU8W6M8MGjBd5SwCQB29pGXlwGLCV8d23MJrFIPsBRh/JFftLwS06IP4IEEfNrKwpcz3KAmgAhvvVgrooWdZfG7dUyUY/GSo7i3qlC5uqui/qyMlpRg5vfNFBOPawj2KfcAurHM/3EI73ZFO2B1ciphG2XlmkkaBH+dS1nmVgc0gbFR0FbVCiGBFt/EaEHSY/61iECdaLkH7gqElgV3mITNTdysuJ1N43JhaFgfuKLG07E7jGRyD07rSzvTGEENzLADss9rec6ELVw0ghF1m0VzdnTBxR3fNMIAmM1Jnv7FhWl3LPrelzEdIco91Y8xfy+vWw9hC5wyKaTK2mQHDJhnVZ4RywUky1Z3PGlBKjoPXfWTUaGTTEzT36E+tWv5CtcedkhBVHdE9Jf63WBXjv5QUi+YrsYaqUObGAfEsHX/fu/dSLXZphIpEkhM01Z7ckdctNJ6oTQDXCQLtAb/Ex4dBfpUjEXYX2A6nJcanTyHdJncbS/sd9to8zxh2ivblob5YpQ4IPJsPlFYIVW47PKfXVsumRy/7H3b4AQDPJpNdRtIy1QD6OeolsRTwl+7vy8ZjzMJ6vVlHuvzmAiyqnqIX3SpGzGgpstgCOa9tGhKYujuQbrf9A3Zdrm8e9gqG6XnEaa7mjuIQZ/jl7jDjDk8wcqLYbdOyISJJMWGgi0+3+DlUdW0l0IKfZKwGB+UwJsGyxy5EF55fnYJfk/pcM88q6V054bhkmq2J/tasrirdVqpWSQvgFfTUcol9uhqwzqHz0IO6cMEjBM6mzpOT1lhqix/lecsMHEYKJKsimYNEWoNh96pka9B6ERANUePaIwIsCmC6A7ncOSwTxe3RZC5y/uNAr/xkhFBCJC+kslTauEFrMlFdsJG2l8JgnoE/nMYTX6WZdVYFe+8PVdaQrbpcoC7Xq9IhfzvG44iRsmP0c4J4wz4NqbHupiZP8UE/lq4EQEO3QYF9K+d3OQybj/Eq1cuFxQWpu/9bzblX+Ohf7ygptH2a9wg5hAR9KlqIapZWhUA3rcknvU3GhfhVYIJZ0tJwzQvGNRREAevobwuiDqdO3Ic= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Feb 2025 09:22:49.7732 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 879fc50b-2cb4-4bd1-f0d6-08dd49b47d2b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A672E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7123 The Secure TSC feature for SEV-SNP allows guests to securely use the RDTSC and RDTSCP instructions, ensuring that the parameters used cannot be altered by the hypervisor once the guest is launched. For more details, refer to the AMD64 APM Vol 2, Section "Secure TSC". Signed-off-by: Nikunj A Dadhania Acked-by: Borislav Petkov (AMD) --- arch/x86/include/asm/cpufeatures.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 508c0dad116b..921ed26b0be7 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -448,6 +448,7 @@ #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* VM Page Flush MSR is supported */ #define X86_FEATURE_SEV_ES (19*32+ 3) /* "sev_es" Secure Encrypted Virtualization - Encrypted State */ #define X86_FEATURE_SEV_SNP (19*32+ 4) /* "sev_snp" Secure Encrypted Virtualization - Secure Nested Paging */ +#define X86_FEATURE_SNP_SECURE_TSC (19*32+ 8) /* SEV-SNP Secure TSC */ #define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* Virtual TSC_AUX */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* hardware-enforced cache coherency */ #define X86_FEATURE_DEBUG_SWAP (19*32+14) /* "debug_swap" SEV-ES full debug state swap support */ From patchwork Mon Feb 10 09:22:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikunj A Dadhania X-Patchwork-Id: 13967521 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2079.outbound.protection.outlook.com [40.107.101.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A66DB1C4A17 for ; Mon, 10 Feb 2025 09:22:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.79 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739179378; cv=fail; b=VHqZM3Q40RXery0Ua5FRczDvlf6M4V6tJQnReElyO34ICr1c1hZeK2SInNtWYoaOWEQln4zKU7bTS97WJcYexIp4NZ/yaAnK4qKk9H+C/ZCF1DQvHkaEe4uKz4D1Dhl6SpWshmE0OhhCFGKYqhabTL3OOSN1hnUE0ZItAoQduTc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739179378; c=relaxed/simple; bh=VthUpfrvKQ8s/AiaD0mKK30whEG0xsK2rh9DJ5jTbzw=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=c1zSwzVhjUHM3UsTozuWkR6PTmRVDA8exCMHVmragjqbgzK1YrSFVIUJay+pYx9XzieUQWQOoQZJGAZm2Hn0w4trfuSuc7WveZqNrx1TFWi3ivWH8ZxFanLaHGY1IwR30BR2vvU3VrNXPQO+4F/NRqn6/0yO/R69KMjfK7av0yU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=JkKdkd+e; arc=fail smtp.client-ip=40.107.101.79 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="JkKdkd+e" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lJWrckhsShULhPlfCriQABC5H6yLSoBSMuV1MpwGQf1awVE/Zr1uDd9C1+5I2PcfqHCxocWY7IEB4hGmcv5rZM5tu6HMjzeWH5NYgYtLuS50LttMBgsF59qOTj/xpwb/HZo8Nhy0maYOCv6HIDesVaErnirFBzPKaz2ufJMk3D056yHhIhnDh0aF1AsaEX8zOjLhND2hJS5u0831A2jePB16B9tyrG3LXErq58jeGcQwcMMRNGk3zYJ7vrt6qRQDxXtVw15tU+j3svHBAeSBMmZY/wMEYskXXdXKx/i1KKF7QAvlCKmOFl6mj+JHsrEfKLSq2eHF+/2H5ivbUcmCKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tIO9Kq+lO3SP2enn4fTWFX5aC6sZC1lkXzo4DF5Ajyk=; b=NHH9FZPYlQ27bqD7JS4tZAe73wEGxE5iVVsaGNiNzO5R23MifL0nvAl5m4W/+oWm+cFv1LAcDVw6Z/tCrrJ04lmqu7Bm7qUz0ZtzNks/T3QQVwQLvw9QpVrl70/XbwsKZ8dsEyqszwwGcN/Mcy+yf++wXtfRHZTZxxG3LKNG6xyHkEfu1f5cqz9NQbseQ7QTUgN8pVRfTi/dItC3LpZZwBmOo3LEheGVunxIQBG+tcgApFpFevTFKpmLsd6A3K3Ysh1JxVa8IH/p0gSNblaE6FNXAY1PYIrD4fh4RtkVNMiPxCIUICD/tpqq5E51eP3Y8TI8pW0hZO1KSM0bLtUyrw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tIO9Kq+lO3SP2enn4fTWFX5aC6sZC1lkXzo4DF5Ajyk=; b=JkKdkd+eqL//KWNN871aoYQVJvVJlaOi664teVSkh7RfQ6rlZwG9LZxLbFqvErNe4p9HydqboEI0EJMrbQTk+AWvHkBqu32+mwNseGRMBpSZ26ws8Y/QVZWIkvAfmuWzYWNPkj+5ZCd0tn7f9LbaTyumIvuIeNcj6uvPGbCBh4c= Received: from MW4PR04CA0172.namprd04.prod.outlook.com (2603:10b6:303:85::27) by DM4PR12MB9070.namprd12.prod.outlook.com (2603:10b6:8:bc::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8422.16; Mon, 10 Feb 2025 09:22:53 +0000 Received: from MWH0EPF000A6732.namprd04.prod.outlook.com (2603:10b6:303:85:cafe::4b) by MW4PR04CA0172.outlook.office365.com (2603:10b6:303:85::27) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8398.31 via Frontend Transport; Mon, 10 Feb 2025 09:22:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6732.mail.protection.outlook.com (10.167.249.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8445.10 via Frontend Transport; Mon, 10 Feb 2025 09:22:53 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 10 Feb 2025 03:22:49 -0600 From: Nikunj A Dadhania To: , , CC: , , , , , Subject: [PATCH v2 2/4] KVM: SVM: Add GUEST_TSC_FREQ MSR for Secure TSC enabled guests Date: Mon, 10 Feb 2025 14:52:28 +0530 Message-ID: <20250210092230.151034-3-nikunj@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250210092230.151034-1-nikunj@amd.com> References: <20250210092230.151034-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6732:EE_|DM4PR12MB9070:EE_ X-MS-Office365-Filtering-Correlation-Id: c5c50ec7-3fc8-4ba9-337e-08dd49b47f1a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|376014|36860700013; X-Microsoft-Antispam-Message-Info: RweQOqj8zGRLrZYih5ma2xWUDYKjhm+Wo2vLhPL4qZZzVtgBkyVMcKsRiuN1MOuyO8xe6cLQ3N7R5CvJOQ7tgnJOhU2eqrcanULMkHvUq65Vqgum06/Wt2fSXV1Tr8UJP137mu8rQvFPUM4bjp1a+ht5MadnA24XHp45HG+CYkJaaovi0NETwDmy8pnXTe+CqKvwGhqLgthx5yIrTWyUxZmKIZ0K22UyJgNXOfGYKg2i7cpf/n/CLIPiI3sdZKVc9E1lewIW6/DoweCQn1PpB+yaT0ostGxT7JEBoN8RvFR1/XOU7rz8syCMSBDwagQiqj8hmo42eCFHx6k+uKUeK6a9OEACGQuzV1sUvpqCGrUOQmlurCMGL6kv2assqPrlkm7HKrcUmUK2Hzp9tLCGPCexJ71Ta2jkpglQ++mfixByrEsgHadNCzP5rENvxSQ0Ovvd+4zxDfgsvOIJk0EVqjOdZsrTSHRXe9NvVEu/XmakSdiUfHPU3cgi+bSkESSc6cVlm0lL4T2446w+doGuGy9amq/Lsdx4o0TLHmsKVU7rT2OLBsJaGZG9mZRWWYfDLfhTNziBgvFMsS/04T8qeVy+2udhxbXNmdDIOFv3y5tAeN+TE6DsUCMXGuq2ksnUeIMYfofgk9YEcCRKv8Hwgtbxr/FdfiU0u3UKwi1/MPqApY7IG5aNYE6Q5CKtbyMTuIo2WOUJw8eHWDM7BT7x310V+Sqa4qGhG07b0bVsW2k1oASBmhCFP7uNBbW1i8F3cHw8S+7sSuT5AtdAdQze41So5Y3qOJ/ID09fqeuSFRnQQAI6inrisKFNgLSRWtwb2Ud4kBjE5Ws8IuyTch8HDjDT7QsGik4h7Uf1a9oNo2ZItStmVOSScAVozhNlVaCVVAUT2iSkPSjiKioVb2djd58Ar3WkMXebTZquaVqVkPwBISozvv+ABWDTgjeMIEDbVMZojCfliFGn9fipWYCrGBssQllKL39OPKpGFeaQ6y8D8l6YCo9a5LtHf9d2BYXX5PcZDOr2XNJZ9DAFfU82u8ut498cGb/0A3u7G1CpxYXUP8Tjg+szs9HEy3QgQ2eRjlShif+14OZDTE21DmjJWzOc4SRMq65p8GAbdSRP608kTZgG+Ss3QURoQTxfY+Q/msx44I3LVtwU8iYgp0yM6m6m3I7mjkCcSJwmLGRSrrVmHapX/aeurHNYGHfz7XtArqjxkYTUcZDci/jIQghsLJ1+xotVRIBwAdJZwYcn8Upx47uVjNGK+tmr8ydcthwjk0mDDXhB3INxYR62nqIvaKtaPpt4Bs/MSWhRt88tsJgcME0Swp2YYnatyKr6gFzcsSrOStFPTVzbsfvLf2y+Gx9aq9gZc5DSaduA1fWWCWu+g6XSwNhVmuLfkmIhnoZV4co+ikAAJLy4j5Qy0WnLjcDsOj2TbDl3uawyhw0pLvNvoV+XbZRV02ImJYenhUjvedYVegoYFBl+vNE+t06Fam2f8rlgeO19tPpKY+Q2BCY= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Feb 2025 09:22:53.0280 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c5c50ec7-3fc8-4ba9-337e-08dd49b47f1a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6732.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB9070 Introduce the read-only MSR GUEST_TSC_FREQ (0xc0010134) that returns guest effective frequency in MHZ when secure TSC is enabled for SNP guests. Disable interception of this MSR when Secure TSC is enabled. Note that GUEST_TSC_FREQ MSR is accessible only to the guest and not from the hypervisor context. Signed-off-by: Nikunj A Dadhania --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/sev.c | 2 ++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 14 +++++++++++++- 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index e2fac21471f5..a04346068c60 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -289,6 +289,7 @@ static_assert((X2AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == X2AVIC_ #define SVM_SEV_FEAT_RESTRICTED_INJECTION BIT(3) #define SVM_SEV_FEAT_ALTERNATE_INJECTION BIT(4) #define SVM_SEV_FEAT_DEBUG_SWAP BIT(5) +#define SVM_SEV_FEAT_SECURE_TSC BIT(9) #define SVM_SEV_FEAT_INT_INJ_MODES \ (SVM_SEV_FEAT_RESTRICTED_INJECTION | \ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index a2a794c32050..0a1fd5c034e2 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -849,6 +849,8 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) save->dr6 = svm->vcpu.arch.dr6; save->sev_features = sev->vmsa_features; + if (snp_secure_tsc_enabled(vcpu->kvm)) + set_msr_interception(&svm->vcpu, svm->msrpm, MSR_AMD64_GUEST_TSC_FREQ, 1, 1); /* * Skip FPU and AVX setup with KVM_SEV_ES_INIT to avoid diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7640a84e554a..d7a0428aa2ae 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -143,6 +143,7 @@ static const struct svm_direct_access_msrs { { .index = X2APIC_MSR(APIC_TMICT), .always = false }, { .index = X2APIC_MSR(APIC_TMCCT), .always = false }, { .index = X2APIC_MSR(APIC_TDCR), .always = false }, + { .index = MSR_AMD64_GUEST_TSC_FREQ, .always = false }, { .index = MSR_INVALID, .always = false }, }; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 9d7cdb8fbf87..8ef582c463e0 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -44,7 +44,7 @@ static inline struct page *__sme_pa_to_page(unsigned long pa) #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 48 +#define MAX_DIRECT_ACCESS_MSRS 49 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; @@ -385,6 +385,18 @@ static __always_inline bool sev_snp_guest(struct kvm *kvm) #define sev_snp_guest(kvm) false #endif +static inline bool snp_secure_tsc_enabled(struct kvm *kvm) +{ +#ifdef CONFIG_KVM_AMD_SEV + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + + return (sev->vmsa_features & SVM_SEV_FEAT_SECURE_TSC) && + !WARN_ON_ONCE(!sev_snp_guest(kvm)); +#else + return false; +#endif +} + static inline bool ghcb_gpa_is_registered(struct vcpu_svm *svm, u64 val) { return svm->sev_es.ghcb_registered_gpa == val; From patchwork Mon Feb 10 09:22:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikunj A Dadhania X-Patchwork-Id: 13967522 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2051.outbound.protection.outlook.com [40.107.236.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A73751C2DB4 for ; Mon, 10 Feb 2025 09:23:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.51 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739179382; cv=fail; b=OfBgc5sF1FwyO4SkroCABbldVa1lbYGLFy0FkjoQfKydRlAtqIBjMP3Uyt9nGzwKduQeMrPKFL1Dlrdm6EWn6+9SjW1GltqPljOtDh2SOkzsYH3L8gui+zIEAf4jKICRmOPdcV+hpbCgsTuB2cKkh18uobiWlvtapxkSqMG47gE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739179382; c=relaxed/simple; bh=rSaAevgpkI+TNVkp6KsROK8waD5YsKgD5+55UCzT23E=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pCqa/yLI3JI/zuWLhEfZGMwCkp3AyzTmKwnZvkwQWj6bG72R347CVNLiLBDcX+3+F9e/t+Q1rOnahssERrsNIBmFT2YFuHS39oU5hAnGGkAg8OBUg9jLLkLjzSrnpRqmJFLbcQ7VtUNu2TtyO4H/3Qde2rfFzTrh6fKCSs7ohYc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tTEHomhO; arc=fail smtp.client-ip=40.107.236.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tTEHomhO" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QjpYc0p3jzKeyGV7QI0AO0vTwSGcnzvoCXcNPgmTfFZ7+tzG3gotCE9XBzBei0ToKcqrypecKOf4zZpafd4DkG9nj7sb4MUm9PFMIsJ+0ykqwOWHP4fJ/ashkF4ZV5hJWn9q6skewGU8yaiLPOesSBT/i4pGXp884wcsB4MS8KZnVSnJWGm6vOCEZHW3BMeUMzuxQqyZvtlW8FmsM9E7qqxJ80U8wHxxFoDhINjGf/U72+9SSJSRnkdKRvJIkVwx/7786GD3FLnEAD7Anl7Br+DeuYw5so6WbwRyQaS9TSY+MKaz0jw2jp4Zb8wwwby3pU46Is6eGfO4nay2Wvpl0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7/fFLmFleA3d4xhF2WJaKXXpGGUXEJqb72Z1xxXU4k0=; b=f22pyKQE/ebdJ3k2XSTZFtyEOohw6nbW5z1R8R9P7BBXVRrG2WfytFuuKy5Zqvugb6BF1xESyJsPaGAwPAvHK8/xAiHMYH07y5Jo9C5JWPffJRa8mN0NKuQVXsCic4s+a1PWh7Kkimcw+KaSqXHbdworfLm5oP7LG36+V3oPIqmZecHc0a1eYnKMKg+9aeZuw0mp6P0qdHurQAK8wK08EYwicACjNdeuqpCmjHZLfE5HN+zkcc24RkvFJSNAxMO1v7DcEafTIQ1RkbwMiQrhpF5zhF1vvWm1juDME25HT3Uvni4T62kRBKTOmvcnACDy3c7D1AHFJZeKRlL+tYd4Uw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7/fFLmFleA3d4xhF2WJaKXXpGGUXEJqb72Z1xxXU4k0=; b=tTEHomhOV09qXUiH1cGkRDwrdaz3kJxRlGEsgeEejJKhXV7HspLBqZ5SKNNQCVuhGBriI8Gm8P0d/v8iuukfX8IC2Zq9prnVSmalOo+APtQExK6c5QFFXVosFETXZf+VmtDNyrYUuBDqEg7FEkqi1CoU71D0eZZ7zL6V9JB0nok= Received: from MW4P222CA0030.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::35) by SA0PR12MB7004.namprd12.prod.outlook.com (2603:10b6:806:2c0::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8422.18; Mon, 10 Feb 2025 09:22:56 +0000 Received: from MWH0EPF000A6731.namprd04.prod.outlook.com (2603:10b6:303:114:cafe::98) by MW4P222CA0030.outlook.office365.com (2603:10b6:303:114::35) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8398.23 via Frontend Transport; Mon, 10 Feb 2025 09:22:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6731.mail.protection.outlook.com (10.167.249.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8445.10 via Frontend Transport; Mon, 10 Feb 2025 09:22:56 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 10 Feb 2025 03:22:52 -0600 From: Nikunj A Dadhania To: , , CC: , , , , , Subject: [PATCH v2 3/4] KVM: SVM: Prevent writes to TSC MSR when Secure TSC is enabled Date: Mon, 10 Feb 2025 14:52:29 +0530 Message-ID: <20250210092230.151034-4-nikunj@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250210092230.151034-1-nikunj@amd.com> References: <20250210092230.151034-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6731:EE_|SA0PR12MB7004:EE_ X-MS-Office365-Filtering-Correlation-Id: c6e2b5b9-59a6-4756-c535-08dd49b480fa X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: xvsLj96Rfz6dzibGG8vYXPPNq7QY/nzPtM+gl5JNLgqUncVG2GWx7wt8PjISi5bLPrQujUi6G5TXrlC9HXXmOGbmcDA2OrgKQoIwV1NAJknNV7I1cJqv1Q/DXllzRl8fWkRxoCINHorsXq73yTZdf6DcY3NOgYP02LOFnL6PhiMPN3U1hOYpORDVxH+HlGBiSItu85RGkJHt7OfcI+jTekRm5ar4lw85rXr93A2XEw9gmKtZ9XdSmkdYGIB8yeXohmPuwLHHNvsmeCYaToE1x82olH+fv8/eqUlwAQbi4so2hiLY2eo6XRacG4G0EivblOfVlAgmT6BOW2yweI70e866L1raFk3PP7EfChRc773ArrSib9s7Xv6Ovjl3h4Z4wYDfpaUqW1PxMWTbcyTqVYuyfPQaxoGllWdHf2Ctg3QvJNb56gnDDnE7EXu1SfQsDgdq90vFrdE1/98X8nvVYCgF7TFuGcMTOzGWb2qEVpNasMvEbX0SqDFJdKE5Vo7aMM37iYv2tDMdBr0Vzk2PuJero8Dz+c2wiN1+sBzewz+SEaJgOrRTsaHFJQz7MoFKzPnDCqgvMl3dpuQmufe2dd2L6i9fD3FxDr6yQ93xfd6nuZlwGNzUKYNcNpYRiwA98Knrw77SVKIAWDXm4LXbdbBLj3maQLE2CFH0idKv/ZNCiFo2KPDXoBC8Ss4mFbGeDM0fhzmyM6FZEoL0pMIv7qamrau5EL3UlOmznkVeROcUqpmaYOvgMLTzHgqll6Gy2QPgWPH9jSH0tv5EezkPPhxUocUBaSGNFZUYlodYjdBC967MiVyEdsPlDnLDpP1cKFwBY9+eE234GbMRv8PC8keSG3rbttWLaDDMI/U1WouiwUL33fNxWAEGpNCdPyPmxBlmrYjg8M8TzFtO3wRr5XENRxtLNlpw3gBpY//IVMod16ocMh+6dU0Bpt+7p444U2zedy+wSO5NCkxQksRcDOB1JmkAqe6gECIN0+sB6RtfaIyqnbbjzzWIp9rSzUFqj8X2RHZH/nq6ov6l/41BXoNDnjqJo+LJKEY5HFmwbNs64ZeTTP47FF0CRhPUZ3m2UZjMDAN27D37SAHOUeowuUSHuoaHHOM77YbdDGJGZTF2LuZlUYBsZkE/CP4aje9TEIVfMJmx/YAwnY2uR2Rl38YaoTDIhDDaWHIxV0bMPtV8hK5+FtDEybkSY3+w1UWdMi/fwiZhgFmZVMIsgRtVn5oQ9ZD045emHirMiIY/rSWpLk3pv9Lpz9zVOn8EicrW9FPC3jn1X9R83J7QP9inRBzalrz2oe/li2vyGTLuZ/bHXoNVIv/BrlVzKEteA1sVFs9Ie6ymDGGyr20ZwEW3v0q4fedCOo3lJI/wWmUT2gWu1Inv52E94E7FEMDeGeFp64q8D4hcGG5DLRtVXA270xczbmem/tPzGhsbhJveMG3zL8Jkex/R/9/LEavuzLjG0Kz29YUpC+UJlxwTOYY5qQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Feb 2025 09:22:56.1775 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c6e2b5b9-59a6-4756-c535-08dd49b480fa X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6731.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB7004 Disallow writes to MSR_IA32_TSC for Secure TSC enabled SNP guests, as such writes are not expected. Log the error and return #GP to the guest. Signed-off-by: Nikunj A Dadhania --- arch/x86/kvm/svm/svm.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d7a0428aa2ae..929f35a2f542 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3161,6 +3161,17 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) svm->tsc_aux = data; break; + case MSR_IA32_TSC: + /* + * If Secure TSC is enabled, KVM doesn't expect to receive + * a VMEXIT for a TSC write, record the error and return a + * #GP + */ + if (vcpu->arch.guest_state_protected && snp_secure_tsc_enabled(vcpu->kvm)) { + vcpu_unimpl(vcpu, "unimplemented IA32_TSC for secure tsc\n"); + return 1; + } + break; case MSR_IA32_DEBUGCTLMSR: if (!lbrv) { kvm_pr_unimpl_wrmsr(vcpu, ecx, data); From patchwork Mon Feb 10 09:22:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikunj A Dadhania X-Patchwork-Id: 13967523 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2082.outbound.protection.outlook.com [40.107.94.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE3591C2DB4 for ; Mon, 10 Feb 2025 09:23:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.82 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739179385; cv=fail; b=ivFXZ7pelslx58tqFxKhLSyl/94TfFF+VwuosMkUhmzpT8vgSGEfJIxKmXZaol/T97IxgNCxPO246ZJfFYE5q5phYn7gtK5iRqM+mB2CghKxfVwBhwv8tqAcCbHC2IIun/mNRTQmRCBFYwOQl0rbW6uZIZD0NhIsbKL8Ot1Q17Q= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739179385; c=relaxed/simple; bh=bwOvIHlmi24/nDW7fOz0kCsVaoTCROHLh6w6mMolEeI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=E9Dwh/NmeWGnGrJO3Ysvtt15KS9XTlgRaK5TcuuUGoFGZKqMTQEEg0N03ovarUAUndQaVfCpbmynSuvc/LATuR7p7zRGig++X2ihdwKIRbVgs5w98YA17vW7QUI2iFzOfMWiKPIr2Ts3bI4IE5MaFgudDNL9tL2lEVd/mfxnlrg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=TVn9VmnW; arc=fail smtp.client-ip=40.107.94.82 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="TVn9VmnW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jBUSfxcW/KXc1aFmZuD0lAJXJN5wP3UQXoLbbeE65WnypiKkBFjP+7TRXIjODX3A8roit/1+lQRUSlcFbUs3BisWOV3/+Q8ULEs9odIFp25eAYI+rbX2sTFplWqJex9vo+iBqlNcI0nSgJBrRHk9j9TQ3Hru4w+hXIOsyJaDhFjr5hMfqRiXp4T1943tKAZjLf1H1Mdmzfv6Cdbli3CFrMADUBQNx71/P4mq3mJbbDyhjQwGkdW2FT0PVya98FF9DLlzgHa4BUEBHbRFJO9suP3hQKbZBKABK+RqUhvOYIzbINzL5N8fwEQaqTXLsszyPjsff5c/ZeVxRjYXgjWqAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i1SbuF9/gJKIs8T4JEEjbonioNx7y3Pu4NYO1pSsUqY=; b=Ap25BICABVdVDghmgDXC4pvwSD7aAv8tBEH/mchmqlbQHQVA6JZ6Rr1RYjnlmX1ZJyqM8QWPu9DJEnPjkxonW/1guu9GUAAGHLvTEksruUnWmaOpa6slcOdsiyIixaR5AnIWRZTVTngXBEpRvqzxmxofIaULPk0OPiG8ZSwW8hAmb7/i5lQ4GA6Mk8pd81KB1ke0qOguLDUnV60zzzEvQ//Odhe7Nma06D7TJNfpyOi28LQjxQgdKmIsivm8vlV4aOdlM2QjCXsH+df1oHU0R/AJ0YU9UXf/1M05VVHH4p4+a6aFRId4b3t1QyZnj1sxQ0u01zCeTt13MeUYSBPASQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i1SbuF9/gJKIs8T4JEEjbonioNx7y3Pu4NYO1pSsUqY=; b=TVn9VmnWYXdUVlW41oLHove2533SkCaBaajtOjVd4l4a1JfVdzKDMoN4Bk6oggGF+hDzdYUkacVUz1HXAyG1ajJla0ur9+JWvqqCsSqvqiCW5mWDI+G1VTtkGv32fis32VSDc3/1apLxWOkjP5gLf0xxtAZIBFQpxYUyF8hiztA= Received: from MW4PR04CA0152.namprd04.prod.outlook.com (2603:10b6:303:85::7) by MW6PR12MB8916.namprd12.prod.outlook.com (2603:10b6:303:24b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8422.18; Mon, 10 Feb 2025 09:22:59 +0000 Received: from MWH0EPF000A6732.namprd04.prod.outlook.com (2603:10b6:303:85:cafe::8e) by MW4PR04CA0152.outlook.office365.com (2603:10b6:303:85::7) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8398.31 via Frontend Transport; Mon, 10 Feb 2025 09:22:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by MWH0EPF000A6732.mail.protection.outlook.com (10.167.249.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8445.10 via Frontend Transport; Mon, 10 Feb 2025 09:22:59 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 10 Feb 2025 03:22:55 -0600 From: Nikunj A Dadhania To: , , CC: , , , , , Subject: [PATCH v2 4/4] KVM: SVM: Enable Secure TSC for SNP guests Date: Mon, 10 Feb 2025 14:52:30 +0530 Message-ID: <20250210092230.151034-5-nikunj@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250210092230.151034-1-nikunj@amd.com> References: <20250210092230.151034-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MWH0EPF000A6732:EE_|MW6PR12MB8916:EE_ X-MS-Office365-Filtering-Correlation-Id: facbd363-8aaa-49c2-6901-08dd49b482dd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700013|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: i/p1Yt4N/4wmDClqCLqN2kZkNqB0AwyncURMxWSoAt2KpKJCDONuMJ+lcKiu31aMDSE97nDgr/wx0BLXH/jL+erpAHbrbxm5AYyC5lnVqLhLr6sC9gCY3Pg5KsKuLrd5yuqNEUixPvV+rlYJcKBgvzEDTX/2VJ5vOQ05x3u5BkuUUAqVEHeHTRbkFYGcKcdQLX9H99h8k581VWFtARHAZ87pb/EEyVx6KWkwHRU+Tff++zEAejP55JOiucMuiLCbVEwpJlHaMoqD1Sq4dFLOIlyPPTt/L4ZwBx2xFQlq8Arm4nXgoxpd9krX3MpnbnOmc/t6kJW1BzFeJwuYJ7KEWP8FbcFO4XHyrlbQP90oSRJCesEO6MYROTRtLKbPMRIluSybmvkHMiOr1+E1mn0D2zvptsvOAit2mep5t3uz4oK51Tekkso3/hr6W2z4PMAJuBQtTfGciHm3fmvrwvse+0QSWnE7uZr/XDBvBtstHnam34+cnNJ4nwtKfJ7RGORZ1TA0XWCwICPrGXTuodmK653G4bL+UJ5VOeQ5SnyhM7PZ0cbdMoM2jt2WqQmWOe1vk6NCbU/ZX14eflKYPsadmZF7CxzmMJYeTgtS0X/yQLyKXKLpi86FDOPtAP+mp3yG1sOgzIE9be6/mGlnvUQRj8vCaBwONJslN4HMwT+VcfWxAQnxETrSjL7DG6VYj0KGaCMdNCoPy+t3NopUP0SUmviySJtJ28c69I7jrUtvgcZbFsDapj4iLlJAgkUcvU2gBSzB+6J6T11A8SUNb8goJtHTz0Mn/YfQYih5tVOsG2fLuzKvjniChLnwc0ALTBl3XY7tm+gpU7iCthuIkQJ8+IpqY/XSk5b8Pj3x2LCzX2erU9sl1KlIlVhcTNU0lnIBLXtSjHPLQBR7z5x7gzj7xrpb4ADfIzjCJz4MPmjkVO5c43SQywH7XQqFrB6E64bj9D+kKqwDlf7+DTLE4G5wveG+8wxETcKtkWf1tMQFpQfBBDl5dRoDmd3f+nb2jGxcHC6tyY5WciWQF3j5KEBho9HbHxXL840H2ucsvgJgSqm9t/tAc4ac01dQiQVbbYeNLMhodVQVq/BN6nb5T0P1rX+BftMLf0qV3cxj9pvSya+z57ZYS9lJfXersY4Tg+jVNLLhGnMCf/KlyK5zBwiaaSRa0uIEOOyZciyN1Mllz1+2zgDqHRbH/HfZwdzPAQoJ2x0I1Sb9ccnFN4YTEdJzED0a9vZK6OdDnOhMB/eNYbrlV1B3FmsNWtnw6TWFdYg5ym3Xf5+N71tKrP++W1/n4PcXLWaoPX2TLFJdWSYKHA9/vKXnrUpq51RYGjQunn8QDyZWFsO/6kEo2ZklJDYbvhQNLXw1UHR3m5j5R7wN7+zZXSkWFxKPuFyCcW3mOz+8RHMBlHyHofqVIvU8pHLlBfmn23VBSZ4/z9LuiFc3nMaXIVRvxgVyyGs6Tn0/Z1FFA8AAdhfzQB4RGWVpIaOVKWQR5iyfVKmE5F4jeg/rrME= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700013)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Feb 2025 09:22:59.3405 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: facbd363-8aaa-49c2-6901-08dd49b482dd X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000A6732.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB8916 From: Ketan Chaturvedi Add support for Secure TSC, allowing userspace to configure the Secure TSC feature for SNP guests. Use the SNP specification's desired TSC frequency parameter during the SNP_LAUNCH_START command to set the mean TSC frequency in KHz for Secure TSC enabled guests. If the frequency is not specified by the VMM, default to tsc_khz. Signed-off-by: Ketan Chaturvedi Co-developed-by: Nikunj A Dadhania Signed-off-by: Nikunj A Dadhania --- arch/x86/include/uapi/asm/kvm.h | 3 ++- arch/x86/kvm/svm/sev.c | 20 ++++++++++++++++++++ include/linux/psp-sev.h | 2 ++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h index 9e75da97bce0..8e090cab9aa0 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -836,7 +836,8 @@ struct kvm_sev_snp_launch_start { __u64 policy; __u8 gosvw[16]; __u16 flags; - __u8 pad0[6]; + __u32 desired_tsc_khz; + __u8 pad0[2]; __u64 pad1[4]; }; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 0a1fd5c034e2..0edd473749f7 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2228,6 +2228,20 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) start.gctx_paddr = __psp_pa(sev->snp_context); start.policy = params.policy; + + if (snp_secure_tsc_enabled(kvm)) { + u32 user_tsc_khz = params.desired_tsc_khz; + + /* Use tsc_khz if the VMM has not provided the TSC frequency */ + if (!user_tsc_khz) + user_tsc_khz = tsc_khz; + + start.desired_tsc_khz = user_tsc_khz; + + /* Set the arch default TSC for the VM*/ + kvm->arch.default_tsc_khz = user_tsc_khz; + } + memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw)); rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_START, &start, &argp->error); if (rc) { @@ -2949,6 +2963,9 @@ void __init sev_set_cpu_caps(void) if (sev_snp_enabled) { kvm_cpu_cap_set(X86_FEATURE_SEV_SNP); kvm_caps.supported_vm_types |= BIT(KVM_X86_SNP_VM); + + if (cpu_feature_enabled(X86_FEATURE_SNP_SECURE_TSC)) + kvm_cpu_cap_set(X86_FEATURE_SNP_SECURE_TSC); } } @@ -3071,6 +3088,9 @@ void __init sev_hardware_setup(void) sev_supported_vmsa_features = 0; if (sev_es_debug_swap_enabled) sev_supported_vmsa_features |= SVM_SEV_FEAT_DEBUG_SWAP; + + if (sev_snp_enabled && cpu_feature_enabled(X86_FEATURE_SNP_SECURE_TSC)) + sev_supported_vmsa_features |= SVM_SEV_FEAT_SECURE_TSC; } void sev_hardware_unsetup(void) diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 903ddfea8585..613a8209bed2 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -594,6 +594,7 @@ struct sev_data_snp_addr { * @imi_en: launch flow is launching an IMI (Incoming Migration Image) for the * purpose of guest-assisted migration. * @rsvd: reserved + * @desired_tsc_khz: hypervisor desired mean TSC freq in kHz of the guest * @gosvw: guest OS-visible workarounds, as defined by hypervisor */ struct sev_data_snp_launch_start { @@ -603,6 +604,7 @@ struct sev_data_snp_launch_start { u32 ma_en:1; /* In */ u32 imi_en:1; /* In */ u32 rsvd:30; + u32 desired_tsc_khz; /* In */ u8 gosvw[16]; /* In */ } __packed;