Re: [PATCH v12 14/19] tsc: Use the GUEST_TSC_FREQ MSR for discovering TSC frequency

[Nikunj A. Dadhania]

Hi Tom,

On 10/11/2024 1:09 AM, Tom Lendacky wrote:
> On 10/9/24 04:28, Nikunj A Dadhania wrote:
>> Calibrating the TSC frequency using the kvmclock is not correct for
>> SecureTSC enabled guests. Use the platform provided TSC frequency via the
>> GUEST_TSC_FREQ MSR (C001_0134h).
>>
>> Signed-off-by: Nikunj A Dadhania <nikunj@xxxxxxx>
>> ---
>>  arch/x86/include/asm/msr-index.h |  1 +
>>  arch/x86/include/asm/sev.h       |  2 ++
>>  arch/x86/coco/sev/core.c         | 16 ++++++++++++++++
>>  arch/x86/kernel/tsc.c            |  5 +++++
>>  4 files changed, 24 insertions(+)

 
>> diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
>> index 5f555f905fad..ef0def203b3f 100644
>> --- a/arch/x86/coco/sev/core.c
>> +++ b/arch/x86/coco/sev/core.c
>> @@ -3100,3 +3100,19 @@ void __init snp_secure_tsc_prepare(void)
>>  
>>  	pr_debug("SecureTSC enabled");
>>  }
>> +
>> +static unsigned long securetsc_get_tsc_khz(void)
>> +{
>> +	unsigned long long tsc_freq_mhz;
>> +
>> +	setup_force_cpu_cap(X86_FEATURE_TSC_KNOWN_FREQ);
>> +	rdmsrl(MSR_AMD64_GUEST_TSC_FREQ, tsc_freq_mhz);
> 
> So this MSR can be intercepted by the hypervisor. You'll need to add
> code in the #VC handler that checks if an MSR access is for
> MSR_AMD64_GUEST_TSC_FREQ and Secure TSC is active, then the hypervisor
> is not cooperating and you should terminate the guest.

Yes, will add this in my next revision.

Regards
Nikunj