Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp5218309rwb; Wed, 9 Aug 2023 00:01:05 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHoojWcnukMtet8r/ND/UIf3CbOZBNqd7p8WKQzUx7lAd6ZE9rnMDb44C00804XO9f9hAuf X-Received: by 2002:a05:6512:3c8a:b0:4f3:b588:48d0 with SMTP id h10-20020a0565123c8a00b004f3b58848d0mr1403818lfv.14.1691564465106; Wed, 09 Aug 2023 00:01:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691564465; cv=none; d=google.com; s=arc-20160816; b=YaqBQTQUO1naybIUYKdBZF1Zku0Tult3WY/y+GavZnYgAMCIf0kUZ8l6YY3O5SP2XJ ld5eaDRjUGZPR/5FZxq4IOKyuKQeBJ77Hp/uBV9ntSyucG4Nrae+f1zLECvsBtPRzJ37 QgMbk7bsfqBfdpynDSeXmnkL0S3f8fXr23gEMx8ZQcQ/QSliQLRcWzKRg68jtaYxqptT rqGXDJC/ChLgk8zeAj3IzPzteE2L5Y4Aoy/TqbNrvnEyJk7gUQc2Hc9CmJFfC79bKsJA vpRb4ZrAdIou+K4Mi6cv6z3zCns1oBg7CoWRMh9rl61qV+Kxs7dYs0+zeGoMrM2c2TBw p8Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Q6NhDfEiWHHT9c3nRSKlLD/wRLTa+VWF6pPgeKazaQI=; fh=Fd768xgooKQ8f9LLusPPSBhyZ0628dZ5mozVtGhDx4Q=; b=MhhpIiDUyxUr7OYBhLP9ID0WLt6ZXAo9NtA9FG4z0WIU7n6g5L6+3tPww18TW3wYHY d/+I1YXnn8vzTfOlgBqWu3NXqyxg244EURxklAXea0yJFwah0DmFqybdRsf0q/GCIuQn S7CrXcoK3a2Df8/4V9MmaAdTaFhTeX99iBLlyrgNySllHaI+d6yiPiArwLuxb0JUee9W KR2slc117K6qLkjOk5MZqCosubPN3U5XOJW1rutkh3pjKH4y1scJk5Zce23W87SvVMG6 DV4OHuK87Itw2bP48dl8tvqm+0Z39a3BmQgpzrhgxWOPkUYcSDOi6LRnjaC/VPh/GAuU Ryvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="ItX/UCo6"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lf7-20020a170906ae4700b00992071c984fsi8548322ejb.954.2023.08.09.00.00.37; Wed, 09 Aug 2023 00:01:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="ItX/UCo6"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230227AbjHIGN4 (ORCPT + 99 others); Wed, 9 Aug 2023 02:13:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41496 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229815AbjHIGNz (ORCPT ); Wed, 9 Aug 2023 02:13:55 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 98C061BF3 for ; Tue, 8 Aug 2023 23:13:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1691561634; x=1723097634; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=I89NpMm1BmDvQjFSjgEsliwddKY7luHiKWODVdUb6e0=; b=ItX/UCo67oYGUSgSswNnJVSO30l8BRndluyYzHjNJmpZhSOvCQ7K5v3t XzknT/tnjxXNnkIGYdq81w/72iKsFUxMg4Wm06IHrzvB92aYqfNWlf0JL FwcUg5GXDquaVavgn71ECROTb454g01IdEYiSoiRQ2iihWH1xZwUwzeUX X9zyBA1+ojNDWfSHOvp2XRofJ/IYQaaQDdRGAYXOKTaaqsQF4qP2bF+d8 3KS2rhaVcUeIRJ7TpEIcN3Nztsz1Ruz55OwTOj4v3LfYKGw8F7o007kKQ mXT8YK6AWm/I8YPmmbPp0svQpoXyPqKyavnW6Sa/3eUaEC+UF2HGvvC2j w==; X-IronPort-AV: E=McAfee;i="6600,9927,10795"; a="457410111" X-IronPort-AV: E=Sophos;i="6.01,158,1684825200"; d="scan'208";a="457410111" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Aug 2023 23:13:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10795"; a="731680732" X-IronPort-AV: E=Sophos;i="6.01,158,1684825200"; d="scan'208";a="731680732" Received: from jmhendri-mobl.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.40.58]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Aug 2023 23:13:51 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id D9E2C10A11A; Wed, 9 Aug 2023 09:13:48 +0300 (+03) Date: Wed, 9 Aug 2023 09:13:48 +0300 From: "Kirill A. Shutemov" To: "Reshetova, Elena" Cc: "Hansen, Dave" , Thomas Gleixner , Borislav Petkov , "Lutomirski, Andy" , Kuppuswamy Sathyanarayanan , "Nakajima, Jun" , "x86@kernel.org" , "linux-coco@lists.linux.dev" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH] x86/tdx: Mark TSC reliable Message-ID: <20230809061348.vhm5ie4uzystwfya@box.shutemov.name> References: <20230808162320.27297-1-kirill.shutemov@linux.intel.com> <20230808200111.nz74tmschph435ri@box> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 09, 2023 at 05:44:37AM +0000, Reshetova, Elena wrote: > > > > I don't know what the rules here. As far as I can see, all other clock > > sources relevant for TDX guest have lower rating. I guess we are fine? > > What about acpi_pm? > See this: > https://github.com/intel/tdx/commit/045692772ab4ef75062a83cc6e4ffa22cab40226 clocksource_acpi_pm.rating is 200 while TSC is 300. > > There's notable exception to the rating order is kvmclock which is higher > > than tsc. It has to be disabled, but it is not clear to me how. This topic > > is related to how we are going to filter allowed devices/drivers, so I > > would postpone the decision until we settle on wider filtering schema. > > One option is to include "no-kvmclock" into kernel command line, which > is attested. Another option is to try to disable it explicitly, like we had > in past: > https://github.com/intel/tdx/commit/6b0357f2115c1bdd158c0c8836f4f541517bf375 > > The obvious issues with command line is that it is going to 1) grow > considerably if we try to disable everything we can via command line > and 2) there is a high chance that in practice people will not use secure default > and/or forget to verify the correct status of cmd line. But this is to be > expected I guess for any security method that involves attestation unfortunately. I guess command line is fine, until we have coherent solution on filtering. -- Kiryl Shutsemau / Kirill A. Shutemov