Re: [PATCH v3 8/9] target/i386: SEV: Add support for setting TSC frequency for Secure TSC

[Markus Armbruster <armbru@redhat.com>]

Naveen N Rao <naveen@kernel.org> writes:

> On Thu, Nov 06, 2025 at 01:09:37PM +0100, Markus Armbruster wrote:
>> Pardon my ignorance...
>> 
>> "Naveen N Rao (AMD)" <naveen@kernel.org> writes:
>> 
>> > Add support for configuring the TSC frequency when Secure TSC is enabled
>> > in SEV-SNP guests through a new "tsc-frequency" property on SEV-SNP
>> > guest objects, similar to the vCPU-specific property used by regular
>> > guests and TDX.
>> 
>> Which property exactly?
>
> Same name: tsc-frequency specified with '-cpu'

Thanks.  It's x86_64-cpu property tsc-frequency.

>> 
>> >                 A new property is needed since SEV-SNP guests require
>> > the TSC frequency to be specified during early SNP_LAUNCH_START command
>> > before any vCPUs are created.
>> 
>> Sounds awkward.
>> 
>> Do the two properties set the same thing at different times?
>
> Yes. For regular guests, TSC frequency is set using a vCPU ioctl.  
> However, TDX and SEV-SNP (with Secure TSC) require the TSC frequency to 
> be set as a VM property (there is a VM ioctl for this purpose).
>
> This was Tom's question too (see v2): is there any way to re-use 
> 'tsc-frequency' specified with '-cpu' for Secure TSC.

Hmm, let's see whether I can guess how this stuff works.  Please correct
my misunderstandings.

When machine property confidential-guest-support is null, it's a regular
guest.

If it points to a sev-guest object, it's SEV.

If it points to a sev-snp-guest object, it's SEV-SNP.

If it points to a tdx-guest object, it's TDX.

Normally, the TSC frequency is specified with x86_64-cpu property
tsc-frequency.

Can different CPUs have different frequencies?

In certain cases (SEV-SNP or TDX guest with Secure TSC), tsc-frequency
needs to be configured before any CPUs are created.  You're implementing
this for SEV-SNP, and you chose to create a sev-snp property
tsc-frequency for this.

What happens when I enable Secure TSC with sev-snp property
"secure-tsc": true, but don't set property tsc-frequency?

What happens when I do set it, and then also set the CPU property?  To
the same frequency?  To a different frequency?

>> > The user-provided TSC frequency is set through KVM_SET_TSC_KHZ before
>> > issuing KVM_SEV_SNP_LAUNCH_START.
>> >
>> > Attempts to set TSC frequency on both the SEV_SNP object and the cpu
>> > object result in an error from KVM (on the vCPU ioctl), so do not add
>> > separate checks for the same.
>> >
>> > Sample command-line:
>> >   -machine q35,confidential-guest-support=sev0 \
>> >   -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on,tsc-frequency=2500000000
>> >
>> > Co-developed-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com>
>> > Signed-off-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com>
>> > Co-developed-by: Nikunj A Dadhania <nikunj@amd.com>
>> > Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
>> > Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org>
>> 
>> [...]
>> 
>> > diff --git a/qapi/qom.json b/qapi/qom.json
>> > index c7dd2dd1b095..5daaf065b6b7 100644
>> > --- a/qapi/qom.json
>> > +++ b/qapi/qom.json
>> > @@ -1104,6 +1104,9 @@
>> >  # @secure-tsc: enable Secure TSC
>> >  #     (default: false) (since 10.2)
>> >  #
>> > +# @tsc-frequency: set secure TSC frequency.  Only valid if Secure TSC
>> > +#     is enabled (default: zero) (since 10.2)
>> 
>> Is this likely to remain the only property that's only valied when
>> @secure-tsc is true?
>
> At this stage, yes. I am not aware of anything else that is specific to 
> Secure TSC.

Alright, this makes "only valid if" reasonable.