[v6,0/4] Enable Secure TSC for SEV-SNP

Message ID	20250408093213.57962-1-nikunj@amd.com (mailing list archive)
Headers	show Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2057.outbound.protection.outlook.com [40.107.94.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A26D2673A2 for <kvm@vger.kernel.org>; Tue, 8 Apr 2025 09:32:38 +0000 (UTC) Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Nikunj A Dadhania <nikunj@amd.com> To: <seanjc@google.com>, <pbonzini@redhat.com>, <kvm@vger.kernel.org> CC: <thomas.lendacky@amd.com>, <santosh.shukla@amd.com>, <bp@alien8.de>, <nikunj@amd.com>, <isaku.yamahata@intel.com>, <vaishali.thakkar@suse.com> Subject: [PATCH v6 0/4] Enable Secure TSC for SEV-SNP Date: Tue, 8 Apr 2025 15:02:09 +0530 Message-ID: <20250408093213.57962-1-nikunj@amd.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Enable Secure TSC for SEV-SNP \| expand [v6,0/4] Enable Secure TSC for SEV-SNP [v6,1/4] x86/cpufeatures: Add SNP Secure TSC [v6,2/4] KVM: SVM: Add missing member in SNP_LAUNCH_START command structure [v6,3/4] KVM: SVM: Add GUEST_TSC_FREQ MSR for Secure TSC enabled guests [v6,4/4] KVM: SVM: Enable Secure TSC for SNP guests

Message ID

20250408093213.57962-1-nikunj@amd.com (mailing list archive)

Headers

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
From: Nikunj A Dadhania <nikunj@amd.com>
To: <seanjc@google.com>, <pbonzini@redhat.com>, <kvm@vger.kernel.org>
CC: <thomas.lendacky@amd.com>, <santosh.shukla@amd.com>, <bp@alien8.de>,
	<nikunj@amd.com>, <isaku.yamahata@intel.com>, <vaishali.thakkar@suse.com>
Subject: [PATCH v6 0/4] Enable Secure TSC for SEV-SNP
Date: Tue, 8 Apr 2025 15:02:09 +0530
Message-ID: <20250408093213.57962-1-nikunj@amd.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Apr 2025 09:32:35.0684
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 86af2151-6ec5-4491-e1b7-08dd76804b8f
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	MWH0EPF000971E9.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5799

Series

Enable Secure TSC for SEV-SNP | expand

Message

Nikunj A Dadhania April 8, 2025, 9:32 a.m. UTC

The hypervisor controls TSC value calculations for the guest. A malicious
hypervisor can prevent the guest from progressing. The Secure TSC feature for
SEV-SNP allows guests to securely use the RDTSC and RDTSCP instructions. This
ensures the guest has a consistent view of time and prevents a malicious
hypervisor from manipulating time, such as making it appear to move backward or
advance too quickly. For more details, refer to the "Secure Nested Paging
(SEV-SNP)" section, subsection "Secure TSC" in APM Volume 2.

This patch set is also available at:

  https://github.com/AMDESE/linux-kvm/tree/sectsc-host-latest

and is based on kvm/master

Testing Secure TSC
-----------------

Secure TSC guest patches are available as part of v6.14-rc1.

QEMU changes:
https://github.com/nikunjad/qemu/tree/snp-securetsc-latest

QEMU command line SEV-SNP with Secure TSC:

  qemu-system-x86_64 -cpu EPYC-Milan-v2 -smp 4 \
    -object memory-backend-memfd,id=ram1,size=1G,share=true,prealloc=false,reserve=false \
    -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on,stsc-freq=2000000000 \
    -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \
    ...

Changelog:
----------
v6:
* Rebased on top of kvm/master
* Collected Reviewed-by/Tested-by
* s/svm->vcpu/vcpu/ in snp_launch_update_vmsa() as vcpu pointer is already available (Tom)
* Simplify assignment of guest_protected_tsc (Tom)


v5: https://lore.kernel.org/kvm/20250317052308.498244-1-nikunj@amd.com/
* Rebased on top of kvm/queue that includes protected TSC patches
  https://lore.kernel.org/kvm/20250314183422.2990277-1-pbonzini@redhat.com/
* Dropped patch 4/5 as it is not required after protected TSC patches
* Set guest_tsc_protected when Secure TSC is enabled (Paolo)
* Collect Reviewed-by from Tom
* Base the desired_tsc_freq on KVM's ABI (Sean)

Ketan Chaturvedi (1):
  KVM: SVM: Enable Secure TSC for SNP guests

Nikunj A Dadhania (3):
  x86/cpufeatures: Add SNP Secure TSC
  KVM: SVM: Add missing member in SNP_LAUNCH_START command structure
  KVM: SVM: Add GUEST_TSC_FREQ MSR for Secure TSC enabled guests

 arch/x86/include/asm/cpufeatures.h |  1 +
 arch/x86/include/asm/svm.h         |  1 +
 arch/x86/include/uapi/asm/kvm.h    |  3 ++-
 arch/x86/kvm/svm/sev.c             | 18 +++++++++++++++++-
 arch/x86/kvm/svm/svm.c             |  1 +
 arch/x86/kvm/svm/svm.h             | 11 ++++++++++-
 include/linux/psp-sev.h            |  2 ++
 7 files changed, 34 insertions(+), 3 deletions(-)


base-commit: c77eee50caa289fee6cfde146471aa7b0f311471

Comments

Nikunj A Dadhania April 14, 2025, 5:50 a.m. UTC | #1

On 4/8/2025 3:02 PM, Nikunj A Dadhania wrote:
> The hypervisor controls TSC value calculations for the guest. A malicious
> hypervisor can prevent the guest from progressing. The Secure TSC feature for
> SEV-SNP allows guests to securely use the RDTSC and RDTSCP instructions. This
> ensures the guest has a consistent view of time and prevents a malicious
> hypervisor from manipulating time, such as making it appear to move backward or
> advance too quickly. For more details, refer to the "Secure Nested Paging
> (SEV-SNP)" section, subsection "Secure TSC" in APM Volume 2.
> 
> This patch set is also available at:
> 
>   https://github.com/AMDESE/linux-kvm/tree/sectsc-host-latest
> 
> and is based on kvm/master
> 
> Testing Secure TSC
> -----------------
> 
> Secure TSC guest patches are available as part of v6.14-rc1.
> 
> QEMU changes:
> https://github.com/nikunjad/qemu/tree/snp-securetsc-latest
> 
> QEMU command line SEV-SNP with Secure TSC:
> 
>   qemu-system-x86_64 -cpu EPYC-Milan-v2 -smp 4 \
>     -object memory-backend-memfd,id=ram1,size=1G,share=true,prealloc=false,reserve=false \
>     -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on,stsc-freq=2000000000 \
>     -machine q35,confidential-guest-support=sev0,memory-backend=ram1 \
>     ...
> 
> Changelog:
> ----------
> v6:
> * Rebased on top of kvm/master
> * Collected Reviewed-by/Tested-by
> * s/svm->vcpu/vcpu/ in snp_launch_update_vmsa() as vcpu pointer is already available (Tom)
> * Simplify assignment of guest_protected_tsc (Tom)

A gentle reminder, any other suggestions/improvement ?

Regards
Nikunj