| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <71bbdf87fdd423e3ba3a45b57642c119ee2dd98c.1752444335.git.kai.huang@intel.com> Date: Mon, 14 Jul 2025 10:20:20 +1200 From: Kai Huang <kai.huang@...el.com> To: seanjc@...gle.com, pbonzini@...hat.com Cc: kvm@...r.kernel.org, thomas.lendacky@....com, nikunj@....com, bp@...en8.de, isaku.yamahata@...el.com, xiaoyao.li@...el.com, rick.p.edgecombe@...el.com, chao.gao@...el.com, linux-kernel@...r.kernel.org Subject: [PATCH v2 2/2] KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest Reject KVM_SET_TSC_KHZ vCPU ioctl if guest's TSC is protected and not changeable by KVM, and update the documentation to reflect it. For such TSC protected guests, e.g. TDX guests, typically the TSC is configured once at VM level before any vCPU are created and remains unchanged during VM's lifetime. KVM provides the KVM_SET_TSC_KHZ VM scope ioctl to allow the userspace VMM to configure the TSC of such VM. After that the userspace VMM is not supposed to call the KVM_SET_TSC_KHZ vCPU scope ioctl anymore when creating the vCPU. The de facto userspace VMM Qemu does this for TDX guests. The upcoming SEV-SNP guests with Secure TSC should follow. Note this could be a break of ABI. But for now only TDX guests are TSC protected and only Qemu supports TDX, thus in practice this should not break any existing userspace. Suggested-by: Sean Christopherson <seanjc@...gle.com> Signed-off-by: Kai Huang <kai.huang@...el.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@...el.com> Reviewed-by: Nikunj A Dadhania <nikunj@....com> --- Documentation/virt/kvm/api.rst | 7 +++++++ arch/x86/kvm/x86.c | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index e343430ccb01..563878465a6a 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -2008,6 +2008,13 @@ If the KVM_CAP_VM_TSC_CONTROL capability is advertised, this can also be used as a vm ioctl to set the initial tsc frequency of subsequently created vCPUs. The vm ioctl must be called before any vCPU is created. +For TSC protected Confidential Computing (CoCo) VMs where TSC frequency +is configured once at VM scope and remains unchanged during VM's +lifetime, the vm ioctl should be used to configure the TSC frequency +and the vcpu ioctl is not supported. + +Example of such CoCo VMs: TDX guests. + 4.56 KVM_GET_TSC_KHZ -------------------- diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 4051c0cacb92..26737bc4decb 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6186,6 +6186,10 @@ long kvm_arch_vcpu_ioctl(struct file *filp, u32 user_tsc_khz; r = -EINVAL; + + if (vcpu->arch.guest_tsc_protected) + goto out; + user_tsc_khz = (u32)arg; if (kvm_caps.has_tsc_control && -- 2.50.0
Powered by blists - more mailing lists