lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 2 Nov 2023 17:37:36 +0530
From:   "Nikunj A. Dadhania" <nikunj@....com>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc:     Dave Hansen <dave.hansen@...el.com>, linux-kernel@...r.kernel.org,
        thomas.lendacky@....com, x86@...nel.org, kvm@...r.kernel.org,
        bp@...en8.de, mingo@...hat.com, tglx@...utronix.de,
        dave.hansen@...ux.intel.com, dionnaglaze@...gle.com,
        pgonda@...gle.com, seanjc@...gle.com, pbonzini@...hat.com
Subject: Re: [PATCH v5 13/14] x86/tsc: Mark Secure TSC as reliable clocksource

On 11/2/2023 4:03 PM, Kirill A. Shutemov wrote:
> On Thu, Nov 02, 2023 at 11:23:34AM +0530, Nikunj A. Dadhania wrote:
>> On 10/30/2023 10:48 PM, Dave Hansen wrote:
>>> On 10/29/23 23:36, Nikunj A Dadhania wrote:
>>> ...
>>>> diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
>>>> index 15f97c0abc9d..b0a8546d3703 100644
>>>> --- a/arch/x86/kernel/tsc.c
>>>> +++ b/arch/x86/kernel/tsc.c
>>>> @@ -1241,7 +1241,7 @@ static void __init check_system_tsc_reliable(void)
>>>>  			tsc_clocksource_reliable = 1;
>>>>  	}
>>>>  #endif
>>>> -	if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE))
>>>> +	if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE) || cc_platform_has(CC_ATTR_GUEST_SECURE_TSC))
>>>>  		tsc_clocksource_reliable = 1;
>>>
>>> Why can't you just set X86_FEATURE_TSC_RELIABLE?
>>
>> Last time when I tried, I had removed my kvmclock changes and I had set
>> the X86_FEATURE_TSC_RELIABLE similar to Kirill's patch[1], this did not
>> select the SecureTSC.
>>
>> Let me try setting X86_FEATURE_TSC_RELIABLE and retaining my patch for
>> skipping kvmclock.
> 
> kvmclock lowers its rating if TSC is good enough:
> 
> 	if (boot_cpu_has(X86_FEATURE_CONSTANT_TSC) &&
> 	    boot_cpu_has(X86_FEATURE_NONSTOP_TSC) &&
> 	    !check_tsc_unstable())
> 		kvm_clock.rating = 299;
> 
> Does your TSC meet the requirements?

I have set TscInvariant (bit 8) in CPUID_8000_0007_edx and TSC is set as reliable.

With this I see kvm_clock rating being lowered, but kvm-clock is still being picked as clock-source.

[    0.000834] kvmclock_init: lowering kvm_clock rating
[    0.002623] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[    2.295082] clocksource: Switched to clocksource kvm-clock

Regards
Nikunj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ