Skip to content

Commit

Permalink
x86/sev: Mark the TSC in a secure TSC guest as reliable
Browse files Browse the repository at this point in the history 
In SNP guest environment with Secure TSC enabled, unlike other clock sources
(such as HPET, ACPI timer, APIC, etc), the RDTSC instruction is handled
without causing a VM exit, resulting in minimal overhead and jitters. Even
when the host CPU's TSC is tampered with, the Secure TSC enabled guest keeps
on ticking forward. Hence, mark Secure TSC as the only reliable clock source,
bypassing unstable calibration.

  [ bp: Massage. ]

Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Tested-by: Peter Gonda <pgonda@google.com>
Link: https://lore.kernel.org/r/20250106124633.1418972-10-nikunj@amd.com
  • Loading branch information
Nikunj A Dadhania authored and Borislav Petkov (AMD) committed Jan 7, 2025
1 parent eef679a commit 0a2a98f
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions arch/x86/mm/mem_encrypt_amd.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -541,6 +541,9 @@ void __init sme_early_init(void)
* kernel mapped.
*/
snp_update_svsm_ca();

if (sev_status & MSR_AMD64_SNP_SECURE_TSC)
setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE);
}

void __init mem_encrypt_free_decrypted_mem(void)
Expand Down

0 comments on commit 0a2a98f

Please sign in to comment.