lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <173641582537.399.13047549744545643127.tip-bot2@tip-bot2>
Date: Thu, 09 Jan 2025 09:43:45 -0000
From: "tip-bot2 for Nikunj A Dadhania" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Nikunj A Dadhania <nikunj@....com>, "Borislav Petkov (AMD)" <bp@...en8.de>,
 Tom Lendacky <thomas.lendacky@....com>, Peter Gonda <pgonda@...gle.com>,
 x86@...nel.org, linux-kernel@...r.kernel.org
Subject:
 [tip: x86/sev] x86/sev: Mark the TSC in a secure TSC guest as reliable

The following commit has been merged into the x86/sev branch of tip:

Commit-ID:     0a2a98f691f2c57db5bb321e68787cb1de29c7dd
Gitweb:        https://git.kernel.org/tip/0a2a98f691f2c57db5bb321e68787cb1de29c7dd
Author:        Nikunj A Dadhania <nikunj@....com>
AuthorDate:    Mon, 06 Jan 2025 18:16:29 +05:30
Committer:     Borislav Petkov (AMD) <bp@...en8.de>
CommitterDate: Tue, 07 Jan 2025 21:26:20 +01:00

x86/sev: Mark the TSC in a secure TSC guest as reliable

In SNP guest environment with Secure TSC enabled, unlike other clock sources
(such as HPET, ACPI timer, APIC, etc), the RDTSC instruction is handled
without causing a VM exit, resulting in minimal overhead and jitters. Even
when the host CPU's TSC is tampered with, the Secure TSC enabled guest keeps
on ticking forward. Hence, mark Secure TSC as the only reliable clock source,
bypassing unstable calibration.

  [ bp: Massage. ]

Signed-off-by: Nikunj A Dadhania <nikunj@....com>
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@....com>
Tested-by: Peter Gonda <pgonda@...gle.com>
Link: https://lore.kernel.org/r/20250106124633.1418972-10-nikunj@amd.com
---
 arch/x86/mm/mem_encrypt_amd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index 774f967..b56c5c0 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -541,6 +541,9 @@ void __init sme_early_init(void)
 	 * kernel mapped.
 	 */
 	snp_update_svsm_ca();
+
+	if (sev_status & MSR_AMD64_SNP_SECURE_TSC)
+		setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE);
 }
 
 void __init mem_encrypt_free_decrypted_mem(void)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ