trusty: initialize tsc_offset to zero

YadongQi · jren1 · commit 7430074a1210 · 2018-05-15T17:25:25.000+08:00
Per trusty design, trusty requires a monotonic increasing
secure tick(TSC) at run time. This secure tick will used
to mitigate password/pin force attack, control key expiration,
etc.

Currently, the TSC_OFFSET is enabled. And guest will got
(host_tsc + tsc_offset) when execute rdtsc/rdtscp/rdmsr to
aquire tsc value. The host_tsc is always keeping increasing
during the runtime.

So initialize tsc_offset of trusty to 0 will ensure the
secure tick feature.

Signed-off-by: Qi Yadong &lt;yadong.qi@intel.com&gt;
Acked-by: Eddie Dong &lt;eddie.dong@intel.com&gt;
diff --git a/hypervisor/arch/x86/trusty.c b/hypervisor/arch/x86/trusty.c
@@ -387,8 +387,12 @@ static bool init_secure_world_env(struct vcpu *vcpu,
 	vcpu->arch_vcpu.contexts[SECURE_WORLD].rip = entry_gpa;
 	vcpu->arch_vcpu.contexts[SECURE_WORLD].rsp =
 		TRUSTY_EPT_REBASE_GPA + size;
+	vcpu->arch_vcpu.contexts[SECURE_WORLD].tsc_offset = 0;
+
 	exec_vmwrite(VMX_GUEST_RSP,
 		TRUSTY_EPT_REBASE_GPA + size);
+	exec_vmwrite(VMX_TSC_OFFSET_FULL,
+		vcpu->arch_vcpu.contexts[SECURE_WORLD].tsc_offset);
 
 	return setup_trusty_info(vcpu, size, base_hpa);
 }
