diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-5.15/0084-KVM-SEV-ES-Use-V_TSC_AUX-if-available-instead-of-RDT.patch')
-rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-5.15/0084-KVM-SEV-ES-Use-V_TSC_AUX-if-available-instead-of-RDT.patch | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-5.15/0084-KVM-SEV-ES-Use-V_TSC_AUX-if-available-instead-of-RDT.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-5.15/0084-KVM-SEV-ES-Use-V_TSC_AUX-if-available-instead-of-RDT.patch new file mode 100644 index 00000000..be89b2be --- /dev/null +++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-5.15/0084-KVM-SEV-ES-Use-V_TSC_AUX-if-available-instead-of-RDT.patch @@ -0,0 +1,89 @@ +From 9ae45c8437f869ad0067802f47b393ab55df9847 Mon Sep 17 00:00:00 2001 +From: Babu Moger <babu.moger@amd.com> +Date: Tue, 19 Apr 2022 15:54:44 -0500 +Subject: [PATCH 84/86] KVM: SEV-ES: Use V_TSC_AUX if available instead of + RDTSC/MSR_TSC_AUX intercepts + +commit 296d5a17e793956f7b914336422043c939263409 upstream + +The TSC_AUX virtualization feature allows AMD SEV-ES guests to securely use +TSC_AUX (auxiliary time stamp counter data) in the RDTSCP and RDPID +instructions. The TSC_AUX value is set using the WRMSR instruction to the +TSC_AUX MSR (0xC0000103). It is read by the RDMSR, RDTSCP and RDPID +instructions. If the read/write of the TSC_AUX MSR is intercepted, then +RDTSCP and RDPID must also be intercepted when TSC_AUX virtualization +is present. However, the RDPID instruction can't be intercepted. This means +that when TSC_AUX virtualization is present, RDTSCP and TSC_AUX MSR +read/write must not be intercepted for SEV-ES (or SEV-SNP) guests. + +Signed-off-by: Babu Moger <babu.moger@amd.com> +Message-Id: <165040164424.1399644.13833277687385156344.stgit@bmoger-ubuntu> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +Signed-off-by: Zhaolong Zhang <zhaolong.zhang@windriver.com> +--- + arch/x86/include/asm/cpufeatures.h | 2 +- + arch/x86/kvm/svm/sev.c | 8 ++++++++ + arch/x86/kvm/svm/svm.c | 1 + + arch/x86/kvm/svm/svm.h | 2 +- + 4 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h +index ad146c4fe630..f38525a16601 100644 +--- a/arch/x86/include/asm/cpufeatures.h ++++ b/arch/x86/include/asm/cpufeatures.h +@@ -409,7 +409,7 @@ + #define X86_FEATURE_SEV (19*32+ 1) /* AMD Secure Encrypted Virtualization */ + #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* "" VM Page Flush MSR is supported */ + #define X86_FEATURE_SEV_ES (19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */ +-#define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* Virtual TSC_AUX */ ++#define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* "" Virtual TSC_AUX */ + #define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */ + + /* +diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c +index d02bf4dbb048..0371c077b8cd 100644 +--- a/arch/x86/kvm/svm/sev.c ++++ b/arch/x86/kvm/svm/sev.c +@@ -2663,6 +2663,14 @@ void sev_es_init_vmcb(struct vcpu_svm *svm) + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTFROMIP, 1, 1); + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_LASTINTTOIP, 1, 1); ++ ++ if (boot_cpu_has(X86_FEATURE_V_TSC_AUX) && ++ (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP) || ++ guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDPID))) { ++ set_msr_interception(vcpu, svm->msrpm, MSR_TSC_AUX, 1, 1); ++ if (guest_cpuid_has(&svm->vcpu, X86_FEATURE_RDTSCP)) ++ svm_clr_intercept(svm, INTERCEPT_RDTSCP); ++ } + } + + void sev_es_vcpu_reset(struct vcpu_svm *svm) +diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c +index 2d3c8f766769..f42f17fb3909 100644 +--- a/arch/x86/kvm/svm/svm.c ++++ b/arch/x86/kvm/svm/svm.c +@@ -112,6 +112,7 @@ static const struct svm_direct_access_msrs { + { .index = MSR_EFER, .always = false }, + { .index = MSR_IA32_CR_PAT, .always = false }, + { .index = MSR_AMD64_SEV_ES_GHCB, .always = true }, ++ { .index = MSR_TSC_AUX, .always = false }, + { .index = MSR_INVALID, .always = false }, + }; + +diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h +index de536e692e02..84b94f03d2f1 100644 +--- a/arch/x86/kvm/svm/svm.h ++++ b/arch/x86/kvm/svm/svm.h +@@ -29,7 +29,7 @@ + #define IOPM_SIZE PAGE_SIZE * 3 + #define MSRPM_SIZE PAGE_SIZE * 2 + +-#define MAX_DIRECT_ACCESS_MSRS 20 ++#define MAX_DIRECT_ACCESS_MSRS 21 + #define MSRPM_OFFSETS 16 + extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; + extern bool npt_enabled; +-- +2.37.3 + |