rdtsc-spoof.patch

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 8fafcb2cd..2b1c7b378 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2363,7 +2363,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf,
 	     CPU_BASED_MWAIT_EXITING |
 	     CPU_BASED_MONITOR_EXITING |
 	     CPU_BASED_INVLPG_EXITING |
-	     CPU_BASED_RDPMC_EXITING;
+	     CPU_BASED_RDPMC_EXITING |
+	     CPU_BASED_RDTSC_EXITING;
 
 	opt = CPU_BASED_TPR_SHADOW |
 	     CPU_BASED_USE_MSR_BITMAPS |
@@ -5543,6 +5544,33 @@ static int handle_encls(struct kvm_vcpu *vcpu)
 	return 1;
 }
 
+/*
+ * Hacky spoof for RDTSC timers
+ */
+static int handle_rdtsc(struct kvm_vcpu *vcpu)
+{
+	struct msr_data msr;
+
+	msr.index = MSR_IA32_TSC;
+	msr.host_initiated = false;
+
+	if (vmx_get_msr(vcpu, &msr)) {
+		kvm_inject_gp(vcpu, 0);
+		pr_warn("handle_rdtsc: vmx_get_msr failed!!!");
+		goto end;
+	}
+
+	vcpu->run->exit_reason = 20;
+	vcpu->arch.regs[VCPU_REGS_RAX] = msr.data & -1u;
+	vcpu->arch.regs[VCPU_REGS_RDX] = (msr.data >> 32) & -1u;
+	skip_emulated_instruction(vcpu);
+
+	pr_info("handling fake rdtsc from cpl %i\n", vmx_get_cpl(vcpu));
+
+end:
+	return 1;
+}
+
 /*
  * The exit handlers return 1 if the exit was handled fully and guest execution
  * may resume.  Otherwise they set the kvm_run parameter to indicate what needs
@@ -5599,6 +5627,7 @@ static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
 	[EXIT_REASON_VMFUNC]		     = handle_vmx_instruction,
 	[EXIT_REASON_PREEMPTION_TIMER]	     = handle_preemption_timer,
 	[EXIT_REASON_ENCLS]		     = handle_encls,
+	[EXIT_REASON_RDTSC]		     = handle_rdtsc,
 };
 
 static const int kvm_vmx_max_exit_handlers =