| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <afcf9a0b-7450-4df7-a21b-80b56264fc15@amd.com>
Date: Wed, 20 Aug 2025 14:18:18 +0530
From: "Nikunj A. Dadhania" <nikunj@....com>
To: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini
<pbonzini@...hat.com>
CC: <kvm@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Thomas Lendacky
<thomas.lendacky@....com>, Michael Roth <michael.roth@....com>, "Borislav
Petkov" <bp@...en8.de>, Vaishali Thakkar <vaishali.thakkar@...e.com>, "Ketan
Chaturvedi" <Ketan.Chaturvedi@....com>, Kai Huang <kai.huang@...el.com>
Subject: Re: [PATCH v11 0/8] KVM: SVM: Enable Secure TSC for SEV-SNP
On 8/20/2025 5:18 AM, Sean Christopherson wrote:
> This is a combination of Nikunk's series to enable secure TSC support and to
*Nikunj's 😊 (close though!)
> fix the GHCB version issues, along with some code refactorings to move SEV+
> setup code into sev.c (we've managed to grow something like 4 flows that all
> do more or less the same thing).
>
> Note, I haven't tested SNP functionality in any way.
Tested SNP with and without Secure TSC, guest works as expected.
>
> v11:
> - Shuffle code around so that snp_is_secure_tsc_enabled() doesn't need to
> be exposed outside of sev.c.
> - Explicitly modify the intercept for MSR_AMD64_GUEST_TSC_FREQ (paranoia is
> cheap in this case).
> - Trim the changelog for the GHCB version enforcement patch.
> - Continue on with snp_launch_start() if default_tsc_khz is '0'. AFAICT,
> continuing on doesn't put the host at (any moer) risk. [Kai]
If I hack default_tsc_khz as '0', SNP guest kernel with SecureTSC spits out
couple of warnings and finally panics:
Persistent clock returned invalid value
------------[ cut here ]------------
Missing cycle counter and fallback timer; RNG entropy collection will consequently suffer.
WARNING: CPU: 0 PID: 0 at drivers/char/random.c:931 random_init+0xe7/0xf0
RIP: 0010:random_init+0xe7/0xf0
Call Trace:
<TASK>
start_kernel+0x5e9/0xb80
x86_64_start_reservations+0x18/0x30
x86_64_start_kernel+0xf5/0x140
common_startup_64+0x13e/0x141
</TASK>
...
WARNING: CPU: 0 PID: 0 at arch/x86/kernel/tsc.c:1464 determine_cpu_tsc_frequencies+0x118/0x120
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.17.0-rc2-stsc+ #1063 PREEMPT(voluntary)
RIP: 0010:determine_cpu_tsc_frequencies+0x118/0x120
Call Trace:
<TASK>
tsc_init+0x2ba/0x430
x86_late_time_init+0x29/0x40
start_kernel+0x70b/0xb80
x86_64_start_reservations+0x18/0x30
x86_64_start_kernel+0xf5/0x140
common_startup_64+0x13e/0x141
</TASK>
...
Oops: divide error: 0000 [#1] SMP NOPTI
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.17.0-rc2-stsc+ #1063 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022
RIP: 0010:pit_hpet_ptimer_calibrate_cpu+0x1be/0x410
Call Trace:
<TASK>
determine_cpu_tsc_frequencies+0xc1/0x120
tsc_init+0x2ba/0x430
x86_late_time_init+0x29/0x40
start_kernel+0x70b/0xb80
x86_64_start_reservations+0x18/0x30
x86_64_start_kernel+0xf5/0x140
common_startup_64+0x13e/0x141
</TASK>
Regards,
Nikunj
Powered by blists - more mailing lists