| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0d9d6900-9197-48fa-9627-8a9231b3857e@amd.com>
Date: Thu, 7 Dec 2023 11:42:08 +0530
From: "Nikunj A. Dadhania" <nikunj@....com>
To: Dionna Amalie Glaze <dionnaglaze@...gle.com>
Cc: linux-kernel@...r.kernel.org, thomas.lendacky@....com,
x86@...nel.org, kvm@...r.kernel.org, bp@...en8.de,
mingo@...hat.com, tglx@...utronix.de, dave.hansen@...ux.intel.com,
pgonda@...gle.com, seanjc@...gle.com, pbonzini@...hat.com
Subject: Re: [PATCH v6 12/16] x86/sev: Prevent RDTSC/RDTSCP interception for
Secure TSC enabled guests
On 12/7/2023 12:15 AM, Dionna Amalie Glaze wrote:
>>>> + if (sev_status & MSR_AMD64_SNP_SECURE_TSC)
>>>> + return ES_VMM_ERROR;
>>>
>>> Is this not a cc_platform_has situation? I don't recall how the
>>> conversation shook out for TDX's forcing X86_FEATURE_TSC_RELIABLE
>>> versus having a cc_attr_secure_tsc
>>
>> For SNP, SecureTSC is an opt-in feature. AFAIU, for TDX the feature is
>> turned on by default. So SNP guests need to check if the VMM has enabled
>> the feature before moving forward with SecureTSC initializations.
>>
>> The idea was to have some generic name instead of AMD specific SecureTSC
>> (cc_attr_secure_tsc), and I had sought comments from Kirill [1]. After
>> that discussion I have added a synthetic flag for Secure TSC[2].
>>
>
> So with regards to [2], this sev_status flag check should be
> cpu_has_feature(X86_FEATURE_SNP_SECURE_TSC)? I'm not sure if that's
> available in early boot where this code is used, so if it isn't,
> probably that's worth a comment.
Right, I will update the comment.
Regards
Nikunj
Powered by blists - more mailing lists