[RFC PATCH 2/5] KVM: SVM: Set TSC frequency for SecureTSC-enabled guests

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: Nikunj A Dadhania <nikunj@amd.com>
To: <seanjc@google.com>, <pbonzini@redhat.com>, <kvm@vger.kernel.org>
Cc: <thomas.lendacky@amd.com>, <santosh.shukla@amd.com>,
	<bp@alien8.de>, <ketanch@iitk.ac.in>, <nikunj@amd.com>
Subject: [RFC PATCH 2/5] KVM: SVM: Set TSC frequency for SecureTSC-enabled guests
Date: Thu, 29 Aug 2024 11:07:45 +0530	[thread overview]
Message-ID: <20240829053748.8283-3-nikunj@amd.com> (raw)
In-Reply-To: <20240829053748.8283-1-nikunj@amd.com>

From: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com>

The SNP specification provides a desired TSC frequency parameter that can
be set as part of the SNP_LAUNCH_START command. This field has effect only
in Secure TSC enabled guests and can be used by the hypervisor to set
desired mean TSC frequency in KHz of the guest.

Signed-off-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com>
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
---
 arch/x86/include/asm/svm.h      |  1 +
 arch/x86/include/uapi/asm/kvm.h |  3 ++-
 arch/x86/kvm/svm/sev.c          |  7 +++++++
 arch/x86/kvm/svm/svm.h          | 12 ++++++++++++
 include/linux/psp-sev.h         |  2 ++
 5 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index f0dea3750ca9..2bb9be9b2d30 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -289,6 +289,7 @@ static_assert((X2AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == X2AVIC_
 #define SVM_SEV_FEAT_RESTRICTED_INJECTION		BIT(3)
 #define SVM_SEV_FEAT_ALTERNATE_INJECTION		BIT(4)
 #define SVM_SEV_FEAT_DEBUG_SWAP				BIT(5)
+#define SVM_SEV_FEAT_SECURE_TSC				BIT(9)
 
 #define SVM_SEV_FEAT_INT_INJ_MODES		\
 	(SVM_SEV_FEAT_RESTRICTED_INJECTION |	\
diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
index bf57a824f722..c15d7c843bfd 100644
--- a/arch/x86/include/uapi/asm/kvm.h
+++ b/arch/x86/include/uapi/asm/kvm.h
@@ -834,7 +834,8 @@ struct kvm_sev_snp_launch_start {
 	__u64 policy;
 	__u8 gosvw[16];
 	__u16 flags;
-	__u8 pad0[6];
+	__u32 desired_tsc_freq;
+	__u8 pad0[2];
 	__u64 pad1[4];
 };
 
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 714c517dd4b7..ff82a644b174 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2212,6 +2212,9 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
 	if (sev->snp_context)
 		return -EINVAL;
 
+	if (snp_secure_tsc_enabled(kvm) && !params.desired_tsc_freq)
+		return -EINVAL;
+
 	sev->snp_context = snp_context_create(kvm, argp);
 	if (!sev->snp_context)
 		return -ENOTTY;
@@ -2232,6 +2235,10 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
 
 	start.gctx_paddr = __psp_pa(sev->snp_context);
 	start.policy = params.policy;
+
+	if (snp_secure_tsc_enabled(kvm))
+		start.desired_tsc_freq = params.desired_tsc_freq;
+
 	memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw));
 	rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_START, &start, &argp->error);
 	if (rc) {
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 76107c7d0595..262b638dfcb8 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -378,6 +378,18 @@ static __always_inline bool sev_snp_guest(struct kvm *kvm)
 #endif
 }
 
+static inline bool snp_secure_tsc_enabled(struct kvm *kvm)
+{
+#ifdef CONFIG_KVM_AMD_SEV
+	struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
+
+	return (sev->vmsa_features & SVM_SEV_FEAT_SECURE_TSC) &&
+	       !WARN_ON_ONCE(!sev_snp_guest(kvm));
+#else
+	return false;
+#endif
+}
+
 static inline bool ghcb_gpa_is_registered(struct vcpu_svm *svm, u64 val)
 {
 	return svm->sev_es.ghcb_registered_gpa == val;
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index 903ddfea8585..fcd710f0baf8 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -594,6 +594,7 @@ struct sev_data_snp_addr {
  * @imi_en: launch flow is launching an IMI (Incoming Migration Image) for the
  *          purpose of guest-assisted migration.
  * @rsvd: reserved
+ * @desired_tsc_freq: hypervisor desired mean TSC freq in kHz of the guest
  * @gosvw: guest OS-visible workarounds, as defined by hypervisor
  */
 struct sev_data_snp_launch_start {
@@ -603,6 +604,7 @@ struct sev_data_snp_launch_start {
 	u32 ma_en:1;				/* In */
 	u32 imi_en:1;				/* In */
 	u32 rsvd:30;
+	u32 desired_tsc_freq;			/* In */
 	u8 gosvw[16];				/* In */
 } __packed;
 
-- 
2.34.1

next prev parent reply	other threads:[~2024-08-29  5:38 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-29  5:37 [RFC PATCH 0/5] Enable Secure TSC for SEV-SNP Nikunj A Dadhania
2024-08-29  5:37 ` [RFC PATCH 1/5] x86/cpufeatures: Add SNP Secure TSC Nikunj A Dadhania
2024-08-29 13:22   ` Borislav Petkov
2024-09-02  4:16     ` Nikunj A. Dadhania
2024-09-02 16:42       ` Borislav Petkov
2024-09-03  5:43         ` Nikunj A. Dadhania
2024-09-03  7:16           ` Borislav Petkov
2024-08-29  5:37 ` Nikunj A Dadhania [this message]
2024-08-29  5:37 ` [RFC PATCH 3/5] KVM: SVM: Add GUEST_TSC_FREQ MSR Nikunj A Dadhania
2024-08-29  5:37 ` [RFC PATCH 4/5] KVM: SVM: Prevent writes to TSC MSR when Secure TSC is enabled Nikunj A Dadhania
2024-08-29  5:37 ` [RFC PATCH 5/5] KVM: SVM: Add Secure TSC support for SNP Guest Nikunj A Dadhania
2024-11-22  0:41 ` [RFC PATCH 0/5] Enable Secure TSC for SEV-SNP Isaku Yamahata

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f0dea3750ca dfblob:2bb9be9b2d3 dfblob:bf57a824f72
dfblob:c15d7c843bf dfblob:714c517dd4b dfblob:ff82a644b17
dfblob:76107c7d059 dfblob:262b638dfcb dfblob:903ddfea858
dfblob:fcd710f0baf )
 OR (
bs:"[RFC PATCH 2/5] KVM: SVM: Set TSC frequency for SecureTSC-enabled guests" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240829053748.8283-3-nikunj@amd.com \
    --to=nikunj@amd.com \
    --cc=bp@alien8.de \
    --cc=ketanch@iitk.ac.in \
    --cc=kvm@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=santosh.shukla@amd.com \
    --cc=seanjc@google.com \
    --cc=thomas.lendacky@amd.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox