| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241009092850.197575-18-nikunj@amd.com>
Date: Wed, 9 Oct 2024 14:58:48 +0530
From: Nikunj A Dadhania <nikunj@....com>
To: <linux-kernel@...r.kernel.org>, <thomas.lendacky@....com>, <bp@...en8.de>,
<x86@...nel.org>, <kvm@...r.kernel.org>
CC: <mingo@...hat.com>, <tglx@...utronix.de>, <dave.hansen@...ux.intel.com>,
<pgonda@...gle.com>, <seanjc@...gle.com>, <pbonzini@...hat.com>,
<nikunj@....com>
Subject: [PATCH v12 17/19] x86/kvmclock: Abort SecureTSC enabled guest when kvmclock is selected
SecureTSC enabled guests should use TSC as the only clock source, abort
the guest when clock source switches to hypervisor controlled kvmclock.
Signed-off-by: Nikunj A Dadhania <nikunj@....com>
---
arch/x86/kernel/kvmclock.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
index 5cd3717e103b..552c28cda874 100644
--- a/arch/x86/kernel/kvmclock.c
+++ b/arch/x86/kernel/kvmclock.c
@@ -22,6 +22,7 @@
#include <asm/x86_init.h>
#include <asm/kvmclock.h>
#include <asm/timer.h>
+#include <asm/sev.h>
static int kvmclock __initdata = 1;
static int kvmclock_vsyscall __initdata = 1;
@@ -155,6 +156,13 @@ static void enable_kvm_sc_work(struct work_struct *work)
{
u8 flags;
+ /*
+ * For guest with SecureTSC enabled, TSC should be the only clock source.
+ * Abort the guest when kvmclock is selected as the clock source.
+ */
+ if (cc_platform_has(CC_ATTR_GUEST_SNP_SECURE_TSC))
+ snp_abort();
+
old_pv_sched_clock = static_call_query(pv_sched_clock);
flags = pvclock_read_flags(&hv_clock_boot[0].pvti);
kvm_sched_clock_init(flags & PVCLOCK_TSC_STABLE_BIT);
--
2.34.1
Powered by blists - more mailing lists