From 7430074a12101513a9c3ece609f99671bff65226 Mon Sep 17 00:00:00 2001
From: Qi Yadong <yadong.qi@intel.com>
Date: Wed, 4 Apr 2018 14:42:01 +0800
Subject: [PATCH] trusty: initialize tsc_offset to zero

Per trusty design, trusty requires a monotonic increasing
secure tick(TSC) at run time. This secure tick will used
to mitigate password/pin force attack, control key expiration,
etc.

Currently, the TSC_OFFSET is enabled. And guest will got
(host_tsc + tsc_offset) when execute rdtsc/rdtscp/rdmsr to
aquire tsc value. The host_tsc is always keeping increasing
during the runtime.

So initialize tsc_offset of trusty to 0 will ensure the
secure tick feature.

Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
---
 hypervisor/arch/x86/trusty.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hypervisor/arch/x86/trusty.c b/hypervisor/arch/x86/trusty.c
index b767a9c4b..01e21c6bf 100644
--- a/hypervisor/arch/x86/trusty.c
+++ b/hypervisor/arch/x86/trusty.c
@@ -387,8 +387,12 @@ static bool init_secure_world_env(struct vcpu *vcpu,
 	vcpu->arch_vcpu.contexts[SECURE_WORLD].rip = entry_gpa;
 	vcpu->arch_vcpu.contexts[SECURE_WORLD].rsp =
 		TRUSTY_EPT_REBASE_GPA + size;
+	vcpu->arch_vcpu.contexts[SECURE_WORLD].tsc_offset = 0;
+
 	exec_vmwrite(VMX_GUEST_RSP,
 		TRUSTY_EPT_REBASE_GPA + size);
+	exec_vmwrite(VMX_TSC_OFFSET_FULL,
+		vcpu->arch_vcpu.contexts[SECURE_WORLD].tsc_offset);
 
 	return setup_trusty_info(vcpu, size, base_hpa);
 }