[v8,09/16] x86/cpufeatures: Add synthetic Secure TSC bit

Message ID	20240215113128.275608-10-nikunj@amd.com (mailing list archive)
State	New, archived
Headers	show Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2057.outbound.protection.outlook.com [40.107.93.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8818F12DDB9; Thu, 15 Feb 2024 11:32:34 +0000 (UTC) Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Nikunj A Dadhania <nikunj@amd.com> To: <linux-kernel@vger.kernel.org>, <thomas.lendacky@amd.com>, <bp@alien8.de>, <x86@kernel.org>, <kvm@vger.kernel.org> CC: <mingo@redhat.com>, <tglx@linutronix.de>, <dave.hansen@linux.intel.com>, <pgonda@google.com>, <seanjc@google.com>, <pbonzini@redhat.com>, <nikunj@amd.com> Subject: [PATCH v8 09/16] x86/cpufeatures: Add synthetic Secure TSC bit Date: Thu, 15 Feb 2024 17:01:21 +0530 Message-ID: <20240215113128.275608-10-nikunj@amd.com> In-Reply-To: <20240215113128.275608-1-nikunj@amd.com> References: <20240215113128.275608-1-nikunj@amd.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Add Secure TSC support for SNP guests \| expand [v8,00/16] Add Secure TSC support for SNP guests [v8,01/16] virt: sev-guest: Use AES GCM crypto library [v8,02/16] virt: sev-guest: Replace dev_dbg with pr_debug [v8,03/16] virt: sev-guest: Add SNP guest request structure [v8,04/16] virt: sev-guest: Add vmpck_id to snp_guest_dev struct [v8,05/16] x86/sev: Cache the secrets page address [v8,06/16] virt: sev-guest: Move SNP Guest command mutex [v8,07/16] x86/sev: Move and reorganize sev guest request api [v8,08/16] x86/mm: Add generic guest initialization hook [v8,09/16] x86/cpufeatures: Add synthetic Secure TSC bit [v8,10/16] x86/sev: Add Secure TSC support for SNP guests [v8,11/16] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests [v8,12/16] x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests [v8,13/16] x86/kvmclock: Skip kvmclock when Secure TSC is available [v8,14/16] x86/sev: Mark Secure TSC as reliable [v8,15/16] x86/cpu/amd: Do not print FW_BUG for Secure TSC [v8,16/16] x86/sev: Enable Secure TSC for SNP guests

Message ID

20240215113128.275608-10-nikunj@amd.com (mailing list archive)

State

New, archived

Headers

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
From: Nikunj A Dadhania <nikunj@amd.com>
To: <linux-kernel@vger.kernel.org>, <thomas.lendacky@amd.com>, <bp@alien8.de>,
	<x86@kernel.org>, <kvm@vger.kernel.org>
CC: <mingo@redhat.com>, <tglx@linutronix.de>, <dave.hansen@linux.intel.com>,
	<pgonda@google.com>, <seanjc@google.com>, <pbonzini@redhat.com>,
	<nikunj@amd.com>
Subject: [PATCH v8 09/16] x86/cpufeatures: Add synthetic Secure TSC bit
Date: Thu, 15 Feb 2024 17:01:21 +0530
Message-ID: <20240215113128.275608-10-nikunj@amd.com>
In-Reply-To: <20240215113128.275608-1-nikunj@amd.com>
References: <20240215113128.275608-1-nikunj@amd.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2024 11:32:31.8118
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 7ba24eeb-f153-4560-5d6d-08dc2e19cc70
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	SN1PEPF0002BA52.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4870

Series

Add Secure TSC support for SNP guests | expand

Commit Message

Nikunj A. Dadhania Feb. 15, 2024, 11:31 a.m. UTC

Add support for the synthetic CPUID flag which indicates that the SNP
guest is running with secure tsc enabled (MSR_AMD64_SEV Bit 11 -
SecureTsc_Enabled) . This flag is there so that this capability in the
guests can be detected easily without reading MSRs every time accessors.

Suggested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Tested-by: Peter Gonda <pgonda@google.com>
---
 arch/x86/include/asm/cpufeatures.h | 1 +
 1 file changed, 1 insertion(+)

Comments

Borislav Petkov April 22, 2024, 1:25 p.m. UTC | #1

On Thu, Feb 15, 2024 at 05:01:21PM +0530, Nikunj A Dadhania wrote:
> Add support for the synthetic CPUID flag which indicates that the SNP
> guest is running with secure tsc enabled (MSR_AMD64_SEV Bit 11 -

"TSC"

> SecureTsc_Enabled) . This flag is there so that this capability in the
> guests can be detected easily without reading MSRs every time accessors.

Why?

What's wrong with cc_platform_has(CC_ATTR_GUEST_SECURE_TSC) or so?

Nikunj A. Dadhania April 23, 2024, 4:40 a.m. UTC | #2

On 4/22/2024 6:55 PM, Borislav Petkov wrote:
> On Thu, Feb 15, 2024 at 05:01:21PM +0530, Nikunj A Dadhania wrote:
>> Add support for the synthetic CPUID flag which indicates that the SNP
>> guest is running with secure tsc enabled (MSR_AMD64_SEV Bit 11 -
> 
> "TSC"

Sure

> 
>> SecureTsc_Enabled) . This flag is there so that this capability in the
>> guests can be detected easily without reading MSRs every time accessors.
> 
> Why?
> 
> What's wrong with cc_platform_has(CC_ATTR_GUEST_SECURE_TSC) or so?
> 

That was the initial implementation, and there were review comments[1] to
use synthetic flag.

Regards
Nikunj

1. https://lore.kernel.org/lkml/20231106130041.gqoqszdxrmdomsxl@box.shutemov.name/

Borislav Petkov April 23, 2024, 1:29 p.m. UTC | #3

On Tue, Apr 23, 2024 at 10:10:14AM +0530, Nikunj A. Dadhania wrote:
> 1. https://lore.kernel.org/lkml/20231106130041.gqoqszdxrmdomsxl@box.shutemov.name/

I have no clue what "We have better instrumentation around features."
means and am not convinced.

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 0fa702673e73..24ac7fe97806 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -236,6 +236,7 @@ 
 #define X86_FEATURE_PVUNLOCK		( 8*32+20) /* "" PV unlock function */
 #define X86_FEATURE_VCPUPREEMPT		( 8*32+21) /* "" PV vcpu_is_preempted function */
 #define X86_FEATURE_TDX_GUEST		( 8*32+22) /* Intel Trust Domain Extensions Guest */
+#define X86_FEATURE_SNP_SECURE_TSC	( 8*32+23) /* "" AMD SNP Secure TSC */
 
 /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */
 #define X86_FEATURE_FSGSBASE		( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/

[v8,09/16] x86/cpufeatures: Add synthetic Secure TSC bit

Commit Message

Comments

Patch