All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Nakajima, Jun" <jun.nakajima@intel.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	"Hansen, Dave" <dave.hansen@intel.com>,
	Borislav Petkov <bp@alien8.de>,
	"Lutomirski, Andy" <luto@kernel.org>,
	Kuppuswamy Sathyanarayanan
	<sathyanarayanan.kuppuswamy@linux.intel.com>,
	"Reshetova, Elena" <elena.reshetova@intel.com>,
	"x86@kernel.org" <x86@kernel.org>,
	"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86/tdx: Mark TSC reliable
Date: Thu, 31 Aug 2023 15:16:04 +0000	[thread overview]
Message-ID: <2B927B1B-A0B6-40F9-B869-46F5B1B3DE28@intel.com> (raw)
In-Reply-To: <87wmxd56hw.ffs@tglx>


> On Aug 30, 2023, at 12:33 AM, Thomas Gleixner <tglx@linutronix.de> wrote:
> 
> On Tue, Aug 29 2023 at 16:01, Jun Nakajima wrote:
>>> On Aug 25, 2023, at 10:09 AM, Thomas Gleixner <tglx@linutronix.de> wrote:
>>>> The newer spec says "Virtual TSC values are consistent among all the TD’s
>>>> VCPUs at the level supported by the CPU".
>>> 
>>> That means what? It's not a guarantee for consistency either. :(
>> 
>> Actually (in TDX Module 1.5 spec), the sentence is "Virtual TSC values
>> are consistent among all the TD’s VCPUs at the level supported by the
>> CPU, see below”.
>> 
>> And the below:
>> ---
>> The host VMM is required to do the following:
>> • Set up the same IA32_TSC_ADJUST values on all LPs before initializing the Intel TDX module.
>> • Make sure IA32_TSC_ADJUST is not modified from its initial value before calling SEAMCALL.
>> 
>> The Intel TDX module checks the above as part of TDH.VP.ENTER and any
>> other SEAMCALL leaf function that reads TSC.
> 
> What happens when the check detects that the host modified TSC ADJUST?

Such a SEAMCALL, e.g., TDH.VP.ENTER will fail with an error code (TDX_INCONSISTENT_MSR and MSR index of TSC ADJUST).

> 
> What validates the VMCS TSC offset field?

TDX module. The VMCSs of TDs are in private (protected) memory and accessed by the TDX module only. 
The host has no direct access to them.

> 
>> The virtualized TSC is designed to have the following characteristics:
>> • The virtual TSC frequency is specified by the host VMM as an input
>> to TDH.MNG.INIT in units of 25MHz – it can be between 4 and 400
>> (corresponding to a range of 100MHz to 10GHz).
> 
> What validates that the frequency is correct?

Validation of the real/hardware TSC frequency is part of hardware validation.

> 
> How is ensured that the host does not change TSC scaling?

I guess you mean virtual TSC scaling, which is used for calculation of the TSC observed by the guest.
This is a VMCS field set by the TDX module, based on the configured virtual TSC frequency and the real TSC frequency. So, the host cannot change it (as it has no direct access to the VMCS).


---
Jun

  reply	other threads:[~2023-08-31 15:18 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-08 16:23 [PATCH] x86/tdx: Mark TSC reliable Kirill A. Shutemov
2023-08-08 17:13 ` Dave Hansen
2023-08-08 20:01   ` Kirill A. Shutemov
2023-08-09  5:44     ` Reshetova, Elena
2023-08-09  6:13       ` Kirill A. Shutemov
2023-08-22 23:39         ` Erdem Aktas
2023-08-24 15:49     ` Thomas Gleixner
2023-08-25 13:52       ` Kirill A. Shutemov
2023-08-25 17:09         ` Thomas Gleixner
2023-08-29 16:01           ` Nakajima, Jun
2023-08-30  7:33             ` Thomas Gleixner
2023-08-31 15:16               ` Nakajima, Jun [this message]
2023-08-24 19:31     ` Thomas Gleixner
2023-08-25 13:47       ` Kirill A. Shutemov
2023-08-25 15:16         ` Sean Christopherson
2023-09-07 17:25           ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2B927B1B-A0B6-40F9-B869-46F5B1B3DE28@intel.com \
    --to=jun.nakajima@intel.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@intel.com \
    --cc=elena.reshetova@intel.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=sathyanarayanan.kuppuswamy@linux.intel.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.