Received: by 2002:a05:7412:85a1:b0:e2:908c:2ebd with SMTP id n33csp49861rdh;
        Mon, 30 Oct 2023 13:27:14 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IF+tBGMpf4mwFKoOL7KmUrRhpOTyFtMveklf9twOppLXN6R76/BdCqCtt3zaCnZ/6oR3ivm
X-Received: by 2002:a05:6a20:e123:b0:15e:e0fd:98e7 with SMTP id kr35-20020a056a20e12300b0015ee0fd98e7mr16606154pzb.20.1698697634115;
        Mon, 30 Oct 2023 13:27:14 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1698697634; cv=pass;
        d=google.com; s=arc-20160816;
        b=EgvFP6wh5++X/HfxK+XebAvb/RlZprEYYrR0J2YEQKUbr6zeVwb7QQCUxi5psLRuyd
         /CTQuUYHuE3VsDASvXKEuzrA8Jy+ewedUttVH0c9wnAupTEcK6Wrm5x2JkZn0riQ46eS
         nirtxRoUx9jQc0QmfWJOFSsfN08F7Pj/UdzWuwpVytpb+gwS2Kj3+k90N/TNSnYqLXlQ
         XBVwUs175XjRveCmw9sfTyJ2zLJXxvG1/hj2/qFXwPzNxCcpxrcLoZ01AQSBXXkgthuo
         QRxwGKATL8XXDa4YQwgF0N7FXzgHKLybYgvMoFpm2gd4CRVbNcNAsuRtqLPNM/0WWD1l
         lBaw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:content-transfer-encoding
         :in-reply-to:from:references:cc:to:content-language:subject
         :user-agent:date:message-id:dkim-signature;
        bh=uIEHOeEdiGMJCsQaXHumckktB2o+cqiiekKgvWsnn+k=;
        fh=NU02LwloB+Fd/cfVcIBoNjJNLtnlo+NEvuRhjd90JOY=;
        b=w0RfutlvBgSE2YzAkju8mLKj1x+aSKGUfuHHmd2IPRwtOQgGBBCd2xFLQ6bHWmTq/i
         vMeseEXGyBLOqvMC2m04WSrUWBhLHblJQ8FBEix02SB91hHhcCLFhiJx3W7TlTjTbKeE
         6V0rJxcaa9eaUYKf9sApmcGf8+atlZ5lqNFWcMRqEYggElRYPKCoRPgJnc0bX62a9b6m
         8neXZp+PV9mqZuRfVwSNa5bSmWVAb6enuoA1Q8AFmwHQyJYxjoneA0zxRMzUzVxd4PG6
         gPNTzpEumDkCHSkrodMb75Mo1yI0GRHYDIo6FoQXtKqPYFAz/E7bgyWJftYxB3oLKO0/
         /yPw==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@amd.com header.s=selector1 header.b=XrdBvle2;
       arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7])
        by mx.google.com with ESMTPS id f4-20020a635544000000b005ae03de31cfsi5371334pgm.715.2023.10.30.13.27.13
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 30 Oct 2023 13:27:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amd.com header.s=selector1 header.b=XrdBvle2;
       arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by snail.vger.email (Postfix) with ESMTP id 1CF15802B409;
	Mon, 30 Oct 2023 13:27:13 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229763AbjJ3U1M (ORCPT <rfc822;gvb.lkml@gmail.com> + 99 others);
        Mon, 30 Oct 2023 16:27:12 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41126 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229779AbjJ3U1K (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 30 Oct 2023 16:27:10 -0400
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2051.outbound.protection.outlook.com [40.107.237.51])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC5B7107;
        Mon, 30 Oct 2023 13:27:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=NukTwQ1CA6NuLpscUauDS+3CucTiRCIA+W6IQpQ6BhyyL6QHcfhRkIItteQcunjqcZ4DII15LBvxBZwDBSrZFTS3mzy4zKKHhAd21ZDNz70O/UjKdWKmnTJ6qCeiP06k8Zrdmh3PEYVtc13AlI2euO95UBtPX+FATkUZrRpNplYkqeCK3D76341syMAiyHTz2k0tsDO5yky120ANLGqep2rqz2tqThQwIRKkod4unIv9O8UPO7iSvswh1yBOWfo8FNtwa8b7dXkWII417b4mTyN72oGN3ZpZIpUUX55vIwpdoLJESDGUhzMbbsJbbGAwZHT5yis1YOEEqYoGrWaEfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=uIEHOeEdiGMJCsQaXHumckktB2o+cqiiekKgvWsnn+k=;
 b=nAOSE+KB9G2xQdTcpZxmRUdvWzMORtD1r+5y4G5FSlDPyi7XWCmzChudTAp08cS8vTbFzfHgPcz+pvRPfPKEbyHultrgXmVtE4ZkKe00KXFd8+0aqtEeywMen+NR+UcDnTejFh2AnmCKe2viu3g/PDaROXo+ODH6gelBm/8VWxC6lmEd2qVc3lQ1s7YPxlOtqrbZEzmLWmIUYlkthTt3srGk48mlsgKf8saA0mbOYOs7SH3FqfwiXNUpRmyUHJpLGCCqupuWVevf88YZWXdvy+EzgxRf/2rPlQez1MdoTHV+7xnPH9pzPBO5zGCy6zOWQsVfDESgAgWm7tz5u1zduA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=uIEHOeEdiGMJCsQaXHumckktB2o+cqiiekKgvWsnn+k=;
 b=XrdBvle2VZOF9atUpnQXpKOSXQ3S5lgby96hndwvgSTBMCH/yxKiYxo+6BZ3T9G5tv6drkxGblJlTCER9BSD32fv/YIeW1Tseb7xUaSV/yC2P4TavUYnP6uEst74sZrjvX/ksav+3E3ksSy3Y6aHj+6JpMqoVgRr17vFz2JLmCg=
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=amd.com;
Received: from BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17)
 by PH8PR12MB7133.namprd12.prod.outlook.com (2603:10b6:510:22e::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.25; Mon, 30 Oct
 2023 20:27:02 +0000
Received: from BL1PR12MB5732.namprd12.prod.outlook.com
 ([fe80::e16e:d7f1:94ad:3021]) by BL1PR12MB5732.namprd12.prod.outlook.com
 ([fe80::e16e:d7f1:94ad:3021%7]) with mapi id 15.20.6933.027; Mon, 30 Oct 2023
 20:27:02 +0000
Message-ID: <b5e71977-abf6-aa27-3a7b-37230b014724@amd.com>
Date:   Mon, 30 Oct 2023 15:26:59 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.15.1
Subject: Re: [PATCH v5 09/14] x86/sev: Add Secure TSC support for SNP guests
Content-Language: en-US
To:     Nikunj A Dadhania <nikunj@amd.com>, linux-kernel@vger.kernel.org,
        x86@kernel.org, kvm@vger.kernel.org
Cc:     bp@alien8.de, mingo@redhat.com, tglx@linutronix.de,
        dave.hansen@linux.intel.com, dionnaglaze@google.com,
        pgonda@google.com, seanjc@google.com, pbonzini@redhat.com
References: <20231030063652.68675-1-nikunj@amd.com>
 <20231030063652.68675-10-nikunj@amd.com>
From:   Tom Lendacky <thomas.lendacky@amd.com>
In-Reply-To: <20231030063652.68675-10-nikunj@amd.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: DM5PR08CA0034.namprd08.prod.outlook.com
 (2603:10b6:4:60::23) To BL1PR12MB5732.namprd12.prod.outlook.com
 (2603:10b6:208:387::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL1PR12MB5732:EE_|PH8PR12MB7133:EE_
X-MS-Office365-Filtering-Correlation-Id: 25bf153e-08ef-47d6-3230-08dbd9869339
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: pY5fnsv6gvn4GQMIFgRK0h/yGUIqdvIFloyxbeb1hIXtQjrVgRrjRckaJoWH29a9QjJdKR75X6o5siEdV913qHscZQdqZbWdM5mdxTgfiXwkVI0TNbLhvtxIrx/BoQ8ZAoKe4AoE4UPrK6HyE5RamG7KlhIPeKhGK8KeU81If+dTWfiOI1yPgIlMtkRS9NerdH/wd1AW6H09h0nH+0e+laiCyLKPyAhnJ48oXbO8+tVYQEccwgYKcjmMWUz7WNSzoHd9kcV7mmC1MaMJds15Hi5dUwDEOVLrDS3juyj3cprS8IP/QtHAqPx+WPDhpK4BJxtf9XiAo4izqNNInSjOHpNZrcgFdIxAnfiE5nR4FYpfyJkS46eE54vx+Oyj+SXGLYHEwioKKZTkMdZMSdXaIEBtwPE/0+RSvM+sqkAkDqYvyJU9e9995oAtEsFN9lpoV5UbM7IF/c6JF4kZyKqTFqowtk+VU2knJeFIFiZm6CkgT7sJNuPmYd9ZWP+mSNokcA72DIrZGyXbXt+Z7tPWUWDdeIM5P2QKbXgM5MJtIe4zShUpfXEYClZqrBHUz+ZyE5rox1COv0PnmaGukUO5J908iLrO2oflmBYNl51CQ6lhro0FIMZG5SExV2DYIgoRTaTiKI64EG0FJOBLQL7fyg==
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL1PR12MB5732.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(136003)(396003)(366004)(346002)(39860400002)(376002)(230922051799003)(186009)(64100799003)(451199024)(1800799009)(26005)(6486002)(83380400001)(2616005)(6506007)(478600001)(6666004)(6512007)(53546011)(316002)(66946007)(8676002)(4326008)(8936002)(31686004)(38100700002)(7416002)(41300700001)(66556008)(66476007)(36756003)(5660300002)(2906002)(31696002)(86362001)(43740500002)(45980500001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?L05jeFR0L2RpSk13SDFpVU1lQVdmOHc0WGRMcEFnRHFkMFRKZlZ2Ui9ic21t?=
 =?utf-8?B?cTh1aHJ3VUI3WHhWTzdzUk5SK09SckhYRDZmdXMxNmN2enlrMDZlajE2ZWdJ?=
 =?utf-8?B?RjVxME9TVktmVDQwVGlOVTQ2VmgvQTBRVFZNQ3lDRU85ZTZORTMvT2VxVkV4?=
 =?utf-8?B?ekw4UjZhMmpxU2tYL0h0ZytsS3k0dG9KZUZNM1p3WDhEbjRDVE9RMmhnZENZ?=
 =?utf-8?B?bjVRRmVxSzU0d2RLN0k3V05NVGQ1bUxxdlBmQWY0M212MytXWWN2N09iWmw5?=
 =?utf-8?B?YkltWFRRSFREOGpybXVpRVY3OEw2bVMzS1VqcjhCUEJNYmhwRnNpUXBqcVBs?=
 =?utf-8?B?VUJoR1Q0bVUvdk5pRXZYc0hOTFlaMnFrbmhvcWVMYlcya3pnOU9QVkNnMGJS?=
 =?utf-8?B?YTN5WjNTSlFacVVZOXlEWndoUVJuK0NNNmVWNmhrcGo5VDhxRkdZeGhocXdm?=
 =?utf-8?B?bVZEVkxtaWJJZ0F2YVFHN3c0T0R1ZXliSGlyRUYxaHFLT2lDaFY4aU9hOUI0?=
 =?utf-8?B?QkkvaUcvNlM4VWljQk9rcVdOV2NtdnRoVVE1YncwR2FOanJIeWFQOHdZQWhx?=
 =?utf-8?B?VWhBYUx6T0FWa0RwQlh5bGZURU4rcERyUHNoMFlqN0ROVFo0NkhnQkwyR0hI?=
 =?utf-8?B?UGlUM1c2QmREUWxBUWFIZGxPMnpsTlVHeFprZlovYUVKNWZpZ2NvVElnMUlu?=
 =?utf-8?B?U0RKcXprT3dvTFFMQ2NsYkcyYlBqbnlCVUFtbnV1T2lyY081NTZvRVhQZGd4?=
 =?utf-8?B?RitOaTdtckYybkdBaUlFYTM0Yk9lZzB0eTVObHp0QjNQRVJSUDMvc0h0WkQr?=
 =?utf-8?B?OW1FVXVNNytXVDJGL1Z2ZDZDbXFjSWx2ZkpFVU1Tb3pnb1pjYllDS3lzdzc4?=
 =?utf-8?B?a1plU2xNNzdCQ1NFVlI0eEtYL3hwM1BlVUkzSE9aTnlrSDNVUTJnenZTdFpy?=
 =?utf-8?B?dEhBY0ROTXkvR2U4TUJtUGU1aVh5UmZ3SHpmdmV2c2c1a0Y3YUpGRTR1UFBq?=
 =?utf-8?B?dzVzWE1kRVlBbWoyNmprWE4zK0ZmZWw3anp2WFg3N2tvQktiL0JUNSsxM3FK?=
 =?utf-8?B?V3Y2MUwvUVAxa3JpR3pwNVV1RC95cjd2VXFwSkpBWnBkNjJHVUNteGRoTGIz?=
 =?utf-8?B?dG9hMzBqM1JySjVFeFVWcVlSbFAxdWtrMy9ydHMwTnVVUG03M3o5ZmpwZW4r?=
 =?utf-8?B?OEVScS9PR2VsbStsK2tTOXlTVks2Lzd1L1B4REovOUF3dzJrK3pydC9hZFNS?=
 =?utf-8?B?c0ZVQ2VKOVoxVHF0WS9XTjFMM0dudFR0eFBETzNYY3FLRzZPN3VFRU9zTnF4?=
 =?utf-8?B?aXY5bDZYOU94dUkxY2J5WVZCMTdFYXMySTlxdVNFSjZUOE9qcXhYR3k2bVZw?=
 =?utf-8?B?eEdZSGw1WjVjSXZtTUtDV3JHZ0pxWXhLczQ4WTNuLzFkVWkxeUxqcFFIYjRB?=
 =?utf-8?B?Z1U3aHpVcW01aHROcnN2VHR4MkJnWXhoNit4dGdYQjdwdi9hSnhwNFAxRnZh?=
 =?utf-8?B?KzhMUVE3cUxtWEg1RTQzamZLRzEwUmVVN3I0aHVyTUJYNmFNSDlHejBEVXpD?=
 =?utf-8?B?VzNGZ01Od0owWkJOVUdZU0IzcHMwOWt3V09jQzN5MU84WFRvanJrbGcvQStp?=
 =?utf-8?B?a0gra216V2xMMHh6VWwyemlac283d0ZOenB6bGJjQkZtZTdrMlNZaVJhOFFZ?=
 =?utf-8?B?Ynl6THFRTGxtTmNGUWw1emdNMENXYVVKZ2dqSkFibjVVRmRRcVd6Qy9NSy85?=
 =?utf-8?B?czVqd3hRV1FLSFc1VzI4b2hJOEVqcEdkQmRyYXZvbGxPMG93TW5pS3BhWTAw?=
 =?utf-8?B?cnhEa1h5UERhc2h3TWVkczV1WFlYL2sxYVl6cWN1dGF5VXRWcTdxMm5hKzVm?=
 =?utf-8?B?RTJyL1lYcVdEUUhXL2o2VkhwYzFqNVc1N0RNR3RpcjJMU3VIcExQam9oVnFr?=
 =?utf-8?B?em02emZJVXZwQ0ZwZnBRQkRGeVRYc01xK01YSEM2UDdqVHVzeEJVRG1oOS9y?=
 =?utf-8?B?Vlg1YTdBSm4xTWV6ZUZsSjF1WDJlQ2UrRXVzMWQzMDlLdkNGbnhNWFp4R3l2?=
 =?utf-8?B?Q2lNZGtaeitWNW5ML29vVWZmTWxBQnpRQWwrM2liTUdvS3lKOFY5SUtISnJa?=
 =?utf-8?Q?5cTqn3iARgYWbBsEU/hIJfDOn?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 25bf153e-08ef-47d6-3230-08dbd9869339
X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 20:27:02.3205
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 6qEbQKdxJXOGJFxHRHgm1v3nxp4paV+oPB0Wbg70tmymwGh9b++UTbgWCxbMEcY2DGRQ57dHS+GK1PvwoE1WHg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7133
X-Spam-Status: No, score=-6.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,
        NICE_REPLY_A,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 30 Oct 2023 13:27:13 -0700 (PDT)

On 10/30/23 01:36, Nikunj A Dadhania wrote:
> Add support for Secure TSC in SNP enabled guests. Secure TSC allows
> guest to securely use RDTSC/RDTSCP instructions as the parameters
> being used cannot be changed by hypervisor once the guest is launched.
> 
> During the boot-up of the secondary cpus, SecureTSC enabled guests
> need to query TSC info from AMD Security Processor. This communication
> channel is encrypted between the AMD Security Processor and the guest,
> the hypervisor is just the conduit to deliver the guest messages to
> the AMD Security Processor. Each message is protected with an
> AEAD (AES-256 GCM). Use minimal AES GCM library to encrypt/decrypt SNP
> Guest messages to communicate with the PSP.

Add to this commit message that you're using the enc_init hook to perform 
some Secure TSC initialization and why you have to do that.

> 
> Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
> ---
>   arch/x86/coco/core.c             |  3 ++
>   arch/x86/include/asm/sev-guest.h | 18 +++++++
>   arch/x86/include/asm/sev.h       |  2 +
>   arch/x86/include/asm/svm.h       |  6 ++-
>   arch/x86/kernel/sev.c            | 82 ++++++++++++++++++++++++++++++++
>   arch/x86/mm/mem_encrypt_amd.c    |  6 +++
>   include/linux/cc_platform.h      |  8 ++++
>   7 files changed, 123 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c
> index eeec9986570e..5d5d4d03c543 100644
> --- a/arch/x86/coco/core.c
> +++ b/arch/x86/coco/core.c
> @@ -89,6 +89,9 @@ static bool noinstr amd_cc_platform_has(enum cc_attr attr)
>   	case CC_ATTR_GUEST_SEV_SNP:
>   		return sev_status & MSR_AMD64_SEV_SNP_ENABLED;
>   
> +	case CC_ATTR_GUEST_SECURE_TSC:
> +		return sev_status & MSR_AMD64_SNP_SECURE_TSC;
> +
>   	default:
>   		return false;
>   	}
> diff --git a/arch/x86/include/asm/sev-guest.h b/arch/x86/include/asm/sev-guest.h
> index e6f94208173d..58739173eba9 100644
> --- a/arch/x86/include/asm/sev-guest.h
> +++ b/arch/x86/include/asm/sev-guest.h
> @@ -39,6 +39,8 @@ enum msg_type {
>   	SNP_MSG_ABSORB_RSP,
>   	SNP_MSG_VMRK_REQ,
>   	SNP_MSG_VMRK_RSP,
> +	SNP_MSG_TSC_INFO_REQ = 17,
> +	SNP_MSG_TSC_INFO_RSP,
>   
>   	SNP_MSG_TYPE_MAX
>   };
> @@ -111,6 +113,22 @@ struct snp_guest_req {
>   	u8 msg_type;
>   };
>   
> +struct snp_tsc_info_req {
> +#define SNP_TSC_INFO_REQ_SZ 128

Please move this to before the struct definition.

> +	/* Must be zero filled */
> +	u8 rsvd[SNP_TSC_INFO_REQ_SZ];
> +} __packed;
> +
> +struct snp_tsc_info_resp {
> +	/* Status of TSC_INFO message */
> +	u32 status;
> +	u32 rsvd1;
> +	u64 tsc_scale;
> +	u64 tsc_offset;
> +	u32 tsc_factor;
> +	u8 rsvd2[100];
> +} __packed;
> +
>   int snp_setup_psp_messaging(struct snp_guest_dev *snp_dev);
>   int snp_send_guest_request(struct snp_guest_dev *dev, struct snp_guest_req *req,
>   			   struct snp_guest_request_ioctl *rio);
> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
> index 783150458864..038a5a15d937 100644
> --- a/arch/x86/include/asm/sev.h
> +++ b/arch/x86/include/asm/sev.h
> @@ -200,6 +200,7 @@ void __init __noreturn snp_abort(void);
>   void snp_accept_memory(phys_addr_t start, phys_addr_t end);
>   u64 snp_get_unsupported_features(u64 status);
>   u64 sev_get_status(void);
> +void __init snp_secure_tsc_prepare(void);
>   #else
>   static inline void sev_es_ist_enter(struct pt_regs *regs) { }
>   static inline void sev_es_ist_exit(void) { }
> @@ -223,6 +224,7 @@ static inline void snp_abort(void) { }
>   static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { }
>   static inline u64 snp_get_unsupported_features(u64 status) { return 0; }
>   static inline u64 sev_get_status(void) { return 0; }
> +static inline void __init snp_secure_tsc_prepare(void) { }
>   #endif
>   
>   #endif
> diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
> index 3ac0ffc4f3e2..ee35c0488f56 100644
> --- a/arch/x86/include/asm/svm.h
> +++ b/arch/x86/include/asm/svm.h
> @@ -414,7 +414,9 @@ struct sev_es_save_area {
>   	u8 reserved_0x298[80];
>   	u32 pkru;
>   	u32 tsc_aux;
> -	u8 reserved_0x2f0[24];
> +	u64 tsc_scale;
> +	u64 tsc_offset;
> +	u8 reserved_0x300[8];
>   	u64 rcx;
>   	u64 rdx;
>   	u64 rbx;
> @@ -546,7 +548,7 @@ static inline void __unused_size_checks(void)
>   	BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x1c0);
>   	BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x248);
>   	BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x298);
> -	BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x2f0);
> +	BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x300);
>   	BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x320);
>   	BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x380);
>   	BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x3f0);
> diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
> index fb3b1feb1b84..9468809d02c7 100644
> --- a/arch/x86/kernel/sev.c
> +++ b/arch/x86/kernel/sev.c
> @@ -76,6 +76,10 @@ static u64 sev_hv_features __ro_after_init;
>   /* Secrets page physical address from the CC blob */
>   static u64 secrets_pa __ro_after_init;
>   
> +/* Secure TSC values read using TSC_INFO SNP Guest request */
> +static u64 guest_tsc_scale __ro_after_init;
> +static u64 guest_tsc_offset __ro_after_init;

s/guest_/snp_/

> +
>   /* #VC handler runtime per-CPU data */
>   struct sev_es_runtime_data {
>   	struct ghcb ghcb_page;
> @@ -1393,6 +1397,78 @@ bool snp_assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id)
>   }
>   EXPORT_SYMBOL_GPL(snp_assign_vmpck);
>   
> +static struct snp_guest_dev tsc_snp_dev __initdata;
> +
> +static int __init snp_get_tsc_info(void)
> +{
> +	static u8 buf[SNP_TSC_INFO_REQ_SZ + AUTHTAG_LEN];
> +	struct snp_guest_request_ioctl rio;
> +	struct snp_tsc_info_resp tsc_resp;
> +	struct snp_tsc_info_req tsc_req;
> +	struct snp_guest_req req;
> +	int rc, resp_len;
> +
> +	/*
> +	 * The intermediate response buffer is used while decrypting the
> +	 * response payload. Make sure that it has enough space to cover the
> +	 * authtag.
> +	 */
> +	resp_len = sizeof(tsc_resp) + AUTHTAG_LEN;
> +	if (sizeof(buf) < resp_len)
> +		return -EINVAL;
> +
> +	memset(&tsc_req, 0, sizeof(tsc_req));
> +	memset(&req, 0, sizeof(req));
> +	memset(&rio, 0, sizeof(rio));
> +	memset(buf, 0, sizeof(buf));
> +
> +	if (!snp_assign_vmpck(&tsc_snp_dev, 0))
> +		return -EINVAL;
> +
> +	/* Initialize the PSP channel to send snp messages */
> +	if (snp_setup_psp_messaging(&tsc_snp_dev))
> +		sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);

This should just return the non-zero return code from 
snp_setup_psp_messaging(), no?

	rc = snp_setup_psp_messaging(&tsc_snp_dev);
	if (rc)
		return rc;

> +
> +	req.msg_version = MSG_HDR_VER;
> +	req.msg_type = SNP_MSG_TSC_INFO_REQ;
> +	req.vmpck_id = tsc_snp_dev.vmpck_id;
> +	req.req_buf = &tsc_req;
> +	req.req_sz = sizeof(tsc_req);
> +	req.resp_buf = buf;
> +	req.resp_sz = resp_len;
> +	req.exit_code = SVM_VMGEXIT_GUEST_REQUEST;
> +	rc = snp_send_guest_request(&tsc_snp_dev, &req, &rio);

Aren't you supposed to hold a mutex before calling this since it will 
eventually call the message sequence number functions?

> +	if (rc)
> +		goto err_req;
> +
> +	memcpy(&tsc_resp, buf, sizeof(tsc_resp));
> +	pr_debug("%s: Valid response status %x scale %llx offset %llx factor %x\n",
> +		 __func__, tsc_resp.status, tsc_resp.tsc_scale, tsc_resp.tsc_offset,
> +		 tsc_resp.tsc_factor);
> +
> +	guest_tsc_scale = tsc_resp.tsc_scale;
> +	guest_tsc_offset = tsc_resp.tsc_offset;
> +
> +err_req:
> +	/* The response buffer contains the sensitive data, explicitly clear it. */
> +	memzero_explicit(buf, sizeof(buf));
> +	memzero_explicit(&tsc_resp, sizeof(tsc_resp));
> +	memzero_explicit(&req, sizeof(req));
> +
> +	return rc;
> +}
> +
> +void __init snp_secure_tsc_prepare(void)
> +{
> +	if (!cc_platform_has(CC_ATTR_GUEST_SECURE_TSC))
> +		return;
> +
> +	if (snp_get_tsc_info())
> +		sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);

How about using SEV_TERM_SET_LINUX and a new GHCB_TERM_SECURE_TSC_INFO.

> +
> +	pr_debug("SecureTSC enabled\n");
> +}
> +
>   static int wakeup_cpu_via_vmgexit(int apic_id, unsigned long start_ip)
>   {
>   	struct sev_es_save_area *cur_vmsa, *vmsa;
> @@ -1493,6 +1569,12 @@ static int wakeup_cpu_via_vmgexit(int apic_id, unsigned long start_ip)
>   	vmsa->vmpl		= 0;
>   	vmsa->sev_features	= sev_status >> 2;
>   
> +	/* Setting Secure TSC parameters */
> +	if (cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) {
> +		vmsa->tsc_scale = guest_tsc_scale;
> +		vmsa->tsc_offset = guest_tsc_offset;
> +	}
> +
>   	/* Switch the page over to a VMSA page now that it is initialized */
>   	ret = snp_set_vmsa(vmsa, true);
>   	if (ret) {
> diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
> index 6faea41e99b6..9935fc506e99 100644
> --- a/arch/x86/mm/mem_encrypt_amd.c
> +++ b/arch/x86/mm/mem_encrypt_amd.c
> @@ -215,6 +215,11 @@ void __init sme_map_bootdata(char *real_mode_data)
>   	__sme_early_map_unmap_mem(__va(cmdline_paddr), COMMAND_LINE_SIZE, true);
>   }
>   
> +void __init amd_enc_init(void)
> +{
> +	snp_secure_tsc_prepare();
> +}
> +
>   void __init sev_setup_arch(void)
>   {
>   	phys_addr_t total_mem = memblock_phys_mem_size();
> @@ -502,6 +507,7 @@ void __init sme_early_init(void)
>   	x86_platform.guest.enc_status_change_finish  = amd_enc_status_change_finish;
>   	x86_platform.guest.enc_tlb_flush_required    = amd_enc_tlb_flush_required;
>   	x86_platform.guest.enc_cache_flush_required  = amd_enc_cache_flush_required;
> +	x86_platform.guest.enc_init                  = amd_enc_init;
>   
>   	/*
>   	 * AMD-SEV-ES intercepts the RDMSR to read the X2APIC ID in the
> diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h
> index cb0d6cd1c12f..e081ca4d5da2 100644
> --- a/include/linux/cc_platform.h
> +++ b/include/linux/cc_platform.h
> @@ -90,6 +90,14 @@ enum cc_attr {
>   	 * Examples include TDX Guest.
>   	 */
>   	CC_ATTR_HOTPLUG_DISABLED,
> +
> +	/**
> +	 * @CC_ATTR_GUEST_SECURE_TSC: Secure TSC is active.
> +	 *
> +	 * The platform/OS is running as a guest/virtual machine and actively
> +	 * using AMD SEV-SNP Secure TSC feature.

I think TDX also has a secure TSC like feature, so can this be generic?

Thanks,
Tom

> +	 */
> +	CC_ATTR_GUEST_SECURE_TSC,
>   };
>   
>   #ifdef CONFIG_ARCH_HAS_CC_PLATFORM