CVE-2025-38508

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation<br /> <br /> When using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based on<br /> the nominal P0 frequency, which deviates slightly (typically ~0.2%) from<br /> the actual mean TSC frequency due to clocking parameters.<br /> <br /> Over extended VM uptime, this discrepancy accumulates, causing clock skew<br /> between the hypervisor and a SEV-SNP VM, leading to early timer interrupts as<br /> perceived by the guest.<br /> <br /> The guest kernel relies on the reported nominal frequency for TSC-based<br /> timekeeping, while the actual frequency set during SNP_LAUNCH_START may<br /> differ. This mismatch results in inaccurate time calculations, causing the<br /> guest to perceive hrtimers as firing earlier than expected.<br /> <br /> Utilize the TSC_FACTOR from the SEV firmware&amp;#39;s secrets page (see "Secrets<br /> Page Format" in the SNP Firmware ABI Specification) to calculate the mean<br /> TSC frequency, ensuring accurate timekeeping and mitigating clock skew in<br /> SEV-SNP VMs.<br /> <br /> Use early_ioremap_encrypted() to map the secrets page as<br /> ioremap_encrypted() uses kmalloc() which is not available during early TSC<br /> initialization and causes a panic.<br /> <br /> [ bp: Drop the silly dummy var:<br /> https://lore.kernel.org/r/20250630192726.GBaGLlHl84xIopx4Pt@fat_crate.local ]