feat: reset SYS_CNTPCT_EL0 on VM boot

ShadowCurse · ShadowCurse · commit 88c243e7b96a · 2025-01-10T12:58:47.000Z
Reset SYS_CNTPCT_EL0 performance counter register on VM boot
to avoid passing through host performance counter.
Note that resetting the register on VM boot does not guarantee
that VM will see the counter value 0 at startup because there is
a delta in time between register reset and VM boot during which
counter continues to advance.

Signed-off-by: Egor Lazarchuk &lt;yegorlz@amazon.co.uk&gt;
diff --git a/src/vmm/src/arch/aarch64/vcpu.rs b/src/vmm/src/arch/aarch64/vcpu.rs
@@ -10,6 +10,7 @@ use std::path::PathBuf;
 
 use kvm_bindings::*;
 use kvm_ioctls::VcpuFd;
+use log::warn;
 
 use super::get_fdt_addr;
 use super::regs::*;
@@ -106,6 +107,19 @@ pub fn setup_boot_regs(
         vcpufd
             .set_one_reg(id, &get_fdt_addr(mem).to_le_bytes())
             .map_err(|err| VcpuError::SetOneReg(id, err))?;
+
+        // Reset the physical counter for the guest. This way we avoid guest reading
+        // host physical counter.
+        // Resetting SYS_CNTPCT_EL0 for singe vcpu is enough because there is only 1 performance
+        // counter in the system.
+        // Because the access to SYS_CNTPCT_EL0 is not present in all kernels, we don't
+        // fail if ioctl returns an error.
+        // Note: the value observed by the guest will still be above 0, because there is a delta
+        // time between this resetting and first call to KVM_RUN
+        let zero: u64 = 0;
+        if let Err(_) = vcpufd.set_one_reg(SYS_CNTPCT_EL0, &zero.to_le_bytes()) {
+            warn!("Unable to reset performance counter. VM will use host value instead.");
+        }
     }
     Ok(())
 }
@@ -238,6 +252,15 @@ mod tests {
         vcpu.vcpu_init(&kvi).unwrap();
 
         setup_boot_regs(&vcpu, 0, 0x0, &mem).unwrap();
+
+        // Check that the register is reset on compatible kernels.
+        // Because there is a delta in time between we reset the register and time we
+        // read it, we cannot compare with 0. Choose some meaningfully small value instead.
+        let mut reg_bytes = [0_u8; 8];
+        if let Ok(_) = vcpufd.get_one_reg(SYS_CNTPCT_EL0, &mut reg_bytes) {
+            let counter_value = u64::from_le_bytes(reg_bytes);
+            assert!(counter_value < 10_000);
+        }
     }
 
     #[test]
