Received: by 2002:a05:7412:b795:b0:e2:908c:2ebd with SMTP id iv21csp164337rdb;
        Wed, 1 Nov 2023 22:37:56 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGLfiKLyjOPKvfncz1nWsxZ7/3kmjwdi925N0K5OHZOvEJ9UYki42AGf8SDU3GQsg+xseAe
X-Received: by 2002:a05:6358:904c:b0:168:e452:c163 with SMTP id f12-20020a056358904c00b00168e452c163mr21775372rwf.17.1698903476634;
        Wed, 01 Nov 2023 22:37:56 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1698903476; cv=pass;
        d=google.com; s=arc-20160816;
        b=UfdQiiQ7pfltIRFAcEfD7+O7k8+4dQo5j21ULxsWAi2yomQPUtLZVjjniXNa1i9FKc
         QlPr79J+kdXLb9sW0M3wUBF6vLa6h264t2xuG4v8MraOKDVR0A/A0uQWpM1uK20+YALO
         OlexzIlnjvI694HL4fF9hMQE2etCNpFwxoOVTOnHwe6dMGI3luyfguLiDOUY2jZbJGQg
         lSmR3BhkTIdOgYF7VLHA1PYfq9l5Q4cxLSU8lxbbVqI01adN7+aao1YQNjrn5Y+wA5bh
         kSxsfEPSG9PDm0JNG57Tn/4ZkaSB7xyDIcrY1yWdA0Rkc5bRr19jAkZ18OhG0+FNHQYS
         8JKw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:content-transfer-encoding
         :in-reply-to:from:references:cc:to:content-language:subject:reply-to
         :user-agent:date:message-id:dkim-signature;
        bh=Kl3TXlO8JkmT5hdOkzsd6YwiudfH7D3pmYlY2sr7ccg=;
        fh=0NazDwdTVG0yMF+3yaLUaOQrtjMqKAq3pFuat6DKlzc=;
        b=QNsocQICUTMf2BMA1mSWHgmlRWzCscoswwDO/wYDgLDb/Y68k8MIy1VVp/3VnLz42H
         6k7Y4eFvaYQmZrBrs1dvI3jft7QGJGIDKyqdMOTDXZ5PabrJmInXxpEAFrgc2NXOpm93
         SG08K2doHujVov/Kzd1NltXy/5g1RcCFlfq1DhKAR4TcsAFvCcd3+ls5WpnulyElmihB
         mQksjkj7RNEFj5t0ibhUPGnJIpjKXcWi1B8JrMSVIk2IWpiUP7ALMkqdKDLMCHYPBI+h
         HdUMo5TthSOjwACbrX51+joaOPZRVAxUTLCkqoSowW0df+/pUsmiZPvYwA2dQsPwM8Tm
         C5WA==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@amd.com header.s=selector1 header.b=n4T13gB1;
       arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8])
        by mx.google.com with ESMTPS id p29-20020a63741d000000b005b8f9dbbd5fsi1191049pgc.409.2023.11.01.22.37.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 01 Nov 2023 22:37:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amd.com header.s=selector1 header.b=n4T13gB1;
       arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by fry.vger.email (Postfix) with ESMTP id AE755811679A;
	Wed,  1 Nov 2023 22:37:51 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1348519AbjKBFhB (ORCPT <rfc822;gvb.lkml@gmail.com> + 99 others);
        Thu, 2 Nov 2023 01:37:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55776 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229505AbjKBFhA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 2 Nov 2023 01:37:00 -0400
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2044.outbound.protection.outlook.com [40.107.243.44])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 80027112;
        Wed,  1 Nov 2023 22:36:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=D3dHqqaANL/hjN893dTL47gKVPfEUhu4GHUhJY9AMoDf5VQOMofjI/9SqdJk5Kl/g9+6RrK1COBxZXgFsOW3aV9RSjOBJz9QJOWPchOc2vRWUeszdqc2wj+PWLHn1B//3VpMKoAPoGY8c2tBkpG6DXwTViqEiwrF9cY2QXOy20DhTu4hr3im5xG8NKQoix8SfYfaEbeyh5UiKiwYiYwR3r9tQVEU0x8TchrTQ5uoj0r5Vo7CgTtexLSVi1FUN26ff+b/gmyt0IH3LbW+7J6c1PRAvEA4UNb9Bm5qCzmSUhEAluXRD7L8epama3kdtv+shnA0RCjlDcgWDln/M6KqlA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=Kl3TXlO8JkmT5hdOkzsd6YwiudfH7D3pmYlY2sr7ccg=;
 b=NkOpdAWC1EmvaTZCVhp9alXiDav4i/G0MpK8mbgNm/EA+TWBQBQknj19bzZ3u8XA+p6KxkJ5RFrFanvk8e9VLma60+tuSNEffSl+oc0SVqaDqpZiWJaWXYrUGeW3n6zWZvsk2b753VKk7D412FlIj9IZdVr3aTe7lXpBZfzJOREmAvXTiUuZG08cM+Paojs5ALUw+lgQj9J0JF1wjlOX2wkjHPfLlr1PAvTwxtxduMYDOblULSPgZAzNOikdyj+jI+CK5sFtN/yVxZyR4dHpnMgv/X2Nk/Lon+LxNkKVOCikx07P0AXezTKrdu/lVvW5ClJv4+Rc7Ty8aJGl/ZU19g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Kl3TXlO8JkmT5hdOkzsd6YwiudfH7D3pmYlY2sr7ccg=;
 b=n4T13gB1+SkWcNElFe4kJseqSVTyVSXyk5OsGaw6zzN5K5YiHvmu1MDxAfmfW7e4cMc368aWYp99szhsrPA09maptC6sD5jMdkryX9vrUg78nqWrxy4yGE2B+KAYvwCXCxDXwGJO2SCv2CP3Spl/FfUdxexO+L2btkn7GHyk45s=
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=amd.com;
Received: from DS7PR12MB6309.namprd12.prod.outlook.com (2603:10b6:8:96::19) by
 MN2PR12MB4440.namprd12.prod.outlook.com (2603:10b6:208:26e::14) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.21; Thu, 2 Nov
 2023 05:36:51 +0000
Received: from DS7PR12MB6309.namprd12.prod.outlook.com
 ([fe80::93cc:c27:4af6:b78c]) by DS7PR12MB6309.namprd12.prod.outlook.com
 ([fe80::93cc:c27:4af6:b78c%2]) with mapi id 15.20.6954.019; Thu, 2 Nov 2023
 05:36:51 +0000
Message-ID: <60e5b46c-7e4b-44bb-a76f-a4b30b154d4a@amd.com>
Date:   Thu, 2 Nov 2023 11:06:40 +0530
User-Agent: Mozilla Thunderbird
Reply-To: nikunj@amd.com
Subject: Re: [PATCH v5 09/14] x86/sev: Add Secure TSC support for SNP guests
Content-Language: en-US
To:     Tom Lendacky <thomas.lendacky@amd.com>,
        linux-kernel@vger.kernel.org, x86@kernel.org, kvm@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc:     bp@alien8.de, mingo@redhat.com, tglx@linutronix.de,
        dave.hansen@linux.intel.com, dionnaglaze@google.com,
        pgonda@google.com, seanjc@google.com, pbonzini@redhat.com
References: <20231030063652.68675-1-nikunj@amd.com>
 <20231030063652.68675-10-nikunj@amd.com>
 <b5e71977-abf6-aa27-3a7b-37230b014724@amd.com>
From:   "Nikunj A. Dadhania" <nikunj@amd.com>
In-Reply-To: <b5e71977-abf6-aa27-3a7b-37230b014724@amd.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: PN3PR01CA0163.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:c01:de::7) To DS7PR12MB6309.namprd12.prod.outlook.com
 (2603:10b6:8:96::19)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS7PR12MB6309:EE_|MN2PR12MB4440:EE_
X-MS-Office365-Filtering-Correlation-Id: 0353618b-cbd3-4969-67e8-08dbdb65b6d5
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: yahw6ECp0cGeyIWLNojX0XAL1wmR864xAh0wdjffIi9ZI4xig7u/bTUknWkkrXIvZeSX/fwFOYXp10e4UFsHi5zR5Bq/AeEvVjuuiJ/oKb5pZ9fDTeF9Ldj00GMIy6xoU76d9asfHNrBTwg6W9fNpfrl9a9ojr02aau8abCjoXhnIC4Tg2BmHDEcG5qJ+dHOtkzEjHi9gKAU0PWmrYSP8oOZdlQDI/sQ9TxcLfc7qXKi6MzSOstP5QY1gFvbTLTjieVoxDtkqHXmnW2xC6HaX72jPAYSzppcqBeRNArTXV0malr+MTTxR+DeGxFS/iV184lxO0tucjiEE1RM3FA3ToOXkFdLfVmx8myzXMIPqAlNZ/kZHWwJv+S9Xc62ltALYjaPlwd9oQz8u4Dj9PZNI4bylXOWveakIZoNMnHSXC6TV7v3Ar3hZx6dWbmq1tXJhsFUL7ryCj5O+tOjX/mRC2FHhFqZa8Bi/PpwjyOLUgrrIq//RjXkJ5aCDjiCVjYM9UgzGSh6EyX6ic45Pr0OVnAlSh2Xcdx8s4DxBHsH4+VBDdQIQ563XdtiNafAPzX3FJWokXO0IE0ZkAPKITfti64a307vH2mbITAOJj98zpKcBHCfMyDB369AfJID99psEcywuoCN+tXM7mP2R8wdOQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR12MB6309.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(136003)(366004)(346002)(39860400002)(376002)(396003)(230922051799003)(1800799009)(451199024)(64100799003)(186009)(30864003)(3450700001)(7416002)(5660300002)(53546011)(36756003)(26005)(6506007)(6512007)(31696002)(2616005)(6666004)(38100700002)(83380400001)(2906002)(6486002)(478600001)(110136005)(41300700001)(66556008)(316002)(66946007)(66476007)(31686004)(4326008)(8676002)(8936002)(43740500002)(45980500001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?bXdFaFp1cTF0QnhlSTAxSkVxTUZHVVpzRHBvN3BWOUV0dDFyNktFOEEwQ2gv?=
 =?utf-8?B?eTMrOVh1NTY4aFRCL2U4ajlRN21KT1lTREVpRFFaQUFCKzc1Z2M4UU1KRmVH?=
 =?utf-8?B?Y29UVURCK3N2TnVWQUZlL2wwdGEraVMxSjJPU2F5Ny82L0h4MjlZYnczZmcv?=
 =?utf-8?B?RzVoSmdrbUFoL0k3TVZoOVZwc055THVDS2E2MktrQnZxdGJWRzcrVmNZZlBa?=
 =?utf-8?B?eWtDVnFCN1ZpazMvUlREZkdNbVRxc24xenhSemdya0xYSXFGMjJNc0JJak00?=
 =?utf-8?B?SjBKaCtTcnpzcGFmV05HbWd4Q09PdHlLbC9VR2YrNExQV3FGeEJZZk1WTmxF?=
 =?utf-8?B?UnJDU2N0MW9oRUVTR3kzZ2x4N1ZuTUdHUUE1YlJMYlpIS3I0aFpiMi8xUC82?=
 =?utf-8?B?cnMwQ0hQTGNvUmszTWNNTmYzNEUzTjdqUnZtUW9BRHRVanNCYVNaMUdkNjZF?=
 =?utf-8?B?ZkZabHpOQWI2SEZxVmpnM3B5NEo0dWVja1pvOUhyOVRkdFJSQ2dQa0VPaVQ5?=
 =?utf-8?B?UW1NVExMeEsrYTNwWkVYdGJTQ0lZa0UvSnMvTkNJRjZqVlJyU0dzb3N3VzFh?=
 =?utf-8?B?OXRhendIWVV4aEIvWUdTWEtsZHFHeEFja2s5VXNrcGVYdDU2NmRaTnlvWE8v?=
 =?utf-8?B?WEpXem5vK21PQm91V0pEa3JodnlocW9FcElRRjNzZXhVdWtQY3RyQzRJYzhn?=
 =?utf-8?B?ZHNFOGR4WkFQZ0xlT0dpQkprVldoRlNZU2VRb2xFZDc4RmZuZHVYLzFkQUNM?=
 =?utf-8?B?bUQzVWZHSDdta1V2SE9zOVVwWWdWaXlhcSszTmg0Z0dzU0kxWEJTNXlORGhD?=
 =?utf-8?B?TUFmZkMvSzBsZ2lNWFNPcEQzUEpKMUpBUkhZL2pLbnptWTA2S0ZtV01MRFpH?=
 =?utf-8?B?ZnFwM1hTbkRvaWc3T0loM3pueFpUdityOGdNYVhGeTJLdytlelh1ZkVjZjNU?=
 =?utf-8?B?M0pmeVhQUjNCTzl1ZFU3UDN4Z3dacXJoRHRQaVhnMkMyMlRIcll1ZW1Uc1FC?=
 =?utf-8?B?VGROK3lQc3l1NW9WMFRUQlBCRTZLRHErL2dxeWRsNy9PcDI3RVpsekdNemtl?=
 =?utf-8?B?L3Vja0trVTg0Q2RhamZMREo3QitJM0dFQ1pFdGRCcHYzQWpHaFBYQkQwQmMw?=
 =?utf-8?B?VGdHSUVGdTJXSGZkbVN1ZGREV3hobWE5NHhTdWlONGl5YlNNR0plZHpFejF0?=
 =?utf-8?B?Wnh2NVU3VG1KOXFDN1pWTFBJRVBjdWNZNDFlZUFwc2ZTSlV6SzFYQUhDL3RM?=
 =?utf-8?B?M1dUamtNREZZQTJyN09CK1dXNzF4SjNXUEVwRG5iWE8zOFNWQlJoS0lXelBt?=
 =?utf-8?B?NExwQmJSRnMzc2NXSm9FZ093YVIxaHdYZjFUZGZnMjVlV1g4YXcxL3Zha2Vw?=
 =?utf-8?B?YVFET3NWS21MbUFaMjNpQnQxTnNaSWRBY1I1YnJRdUhhcmZLM3lud2NMRXF6?=
 =?utf-8?B?YTN4U2V6UVUzRW1NTFo5U3dabTNpdUdaSG8xL3pXZWdpVFFVV09aM2EwdXlt?=
 =?utf-8?B?SDVOVVFHR2RPWFN2MmlGMm1ZaElyR1lmY2wxRFlkbjZpZjZuYmY0WW9Idmkv?=
 =?utf-8?B?RDVvK0ZRdXQ0VDJNc0dUNko3UFBremxiMk0yWnVGUnQ3eWJwWUhCY1puZjk5?=
 =?utf-8?B?QXNHUm9iY3BSUXpkTHZPQUEvUVZkZHFjUHpCUFJjWW40WGJrU09MNGxqMWt0?=
 =?utf-8?B?cXV5WklrSVFlQXc3L2xmazB6S2oxUlc5blJ1djd2aW16ak9NUGV4RDRHWWhN?=
 =?utf-8?B?a0hPZ2JBR2hvRk1GMjhWOFlBTlFhbVZ5SWJWempYckk2a21aR0ViTy9KVHZ0?=
 =?utf-8?B?L3k3YkdGUGVCQ3E5eS9BYjgwSWJFODFLQjQ3UUdlOWZxNmQ0M2FSZVlTMnZW?=
 =?utf-8?B?d3YwZ1dUaytzcUlYUDBTL05jMm1LZWpRNzUrdDg5cnc1R2FMYkJpelhkRXFB?=
 =?utf-8?B?Rmd4WDA2TlhYMmZrV1VUVGVhcnpoU25tTHlQZkZFMmQ5Y0RkS3lyUjZLeCtz?=
 =?utf-8?B?dTZiSlBSR0xtYVRObXlUZWFsQkcyU3JYZ1ZiYWd4QmNMazZDMkFvY3FmUXBq?=
 =?utf-8?B?bnZzMVY4UStSMThRYTBPWEpuZlFuMG93WkJYY0hWSTdBM1c4N1lQWDBrVk40?=
 =?utf-8?Q?g86q80N9ldBK0p7QAFKYF53MG?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0353618b-cbd3-4969-67e8-08dbdb65b6d5
X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB6309.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2023 05:36:51.1991
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: PM78wfLS37vMPMqTJUlgJ1+V4EkgB/wIEguQCcFtB2EIsLcg/lXg9ZnWW2efeRleFHjlST+GRSn9S64WS5M04A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4440
X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,
	URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 01 Nov 2023 22:37:51 -0700 (PDT)

On 10/31/2023 1:56 AM, Tom Lendacky wrote:
> On 10/30/23 01:36, Nikunj A Dadhania wrote:
>> Add support for Secure TSC in SNP enabled guests. Secure TSC allows
>> guest to securely use RDTSC/RDTSCP instructions as the parameters
>> being used cannot be changed by hypervisor once the guest is launched.
>>
>> During the boot-up of the secondary cpus, SecureTSC enabled guests
>> need to query TSC info from AMD Security Processor. This communication
>> channel is encrypted between the AMD Security Processor and the guest,
>> the hypervisor is just the conduit to deliver the guest messages to
>> the AMD Security Processor. Each message is protected with an
>> AEAD (AES-256 GCM). Use minimal AES GCM library to encrypt/decrypt SNP
>> Guest messages to communicate with the PSP.
> 
> Add to this commit message that you're using the enc_init hook to perform some Secure TSC initialization and why you have to do that.

Sure, will add.
 
>>
>> Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
>> ---
>>   arch/x86/coco/core.c             |  3 ++
>>   arch/x86/include/asm/sev-guest.h | 18 +++++++
>>   arch/x86/include/asm/sev.h       |  2 +
>>   arch/x86/include/asm/svm.h       |  6 ++-
>>   arch/x86/kernel/sev.c            | 82 ++++++++++++++++++++++++++++++++
>>   arch/x86/mm/mem_encrypt_amd.c    |  6 +++
>>   include/linux/cc_platform.h      |  8 ++++
>>   7 files changed, 123 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c
>> index eeec9986570e..5d5d4d03c543 100644
>> --- a/arch/x86/coco/core.c
>> +++ b/arch/x86/coco/core.c
>> @@ -89,6 +89,9 @@ static bool noinstr amd_cc_platform_has(enum cc_attr attr)
>>       case CC_ATTR_GUEST_SEV_SNP:
>>           return sev_status & MSR_AMD64_SEV_SNP_ENABLED;
>>   +    case CC_ATTR_GUEST_SECURE_TSC:
>> +        return sev_status & MSR_AMD64_SNP_SECURE_TSC;
>> +
>>       default:
>>           return false;
>>       }
>> diff --git a/arch/x86/include/asm/sev-guest.h b/arch/x86/include/asm/sev-guest.h
>> index e6f94208173d..58739173eba9 100644
>> --- a/arch/x86/include/asm/sev-guest.h
>> +++ b/arch/x86/include/asm/sev-guest.h
>> @@ -39,6 +39,8 @@ enum msg_type {
>>       SNP_MSG_ABSORB_RSP,
>>       SNP_MSG_VMRK_REQ,
>>       SNP_MSG_VMRK_RSP,
>> +    SNP_MSG_TSC_INFO_REQ = 17,
>> +    SNP_MSG_TSC_INFO_RSP,
>>         SNP_MSG_TYPE_MAX
>>   };
>> @@ -111,6 +113,22 @@ struct snp_guest_req {
>>       u8 msg_type;
>>   };
>>   +struct snp_tsc_info_req {
>> +#define SNP_TSC_INFO_REQ_SZ 128
> 
> Please move this to before the struct definition.
> 
>> +    /* Must be zero filled */
>> +    u8 rsvd[SNP_TSC_INFO_REQ_SZ];
>> +} __packed;
>> +
>> +struct snp_tsc_info_resp {
>> +    /* Status of TSC_INFO message */
>> +    u32 status;
>> +    u32 rsvd1;
>> +    u64 tsc_scale;
>> +    u64 tsc_offset;
>> +    u32 tsc_factor;
>> +    u8 rsvd2[100];
>> +} __packed;
>> +
>>   int snp_setup_psp_messaging(struct snp_guest_dev *snp_dev);
>>   int snp_send_guest_request(struct snp_guest_dev *dev, struct snp_guest_req *req,
>>                  struct snp_guest_request_ioctl *rio);
>> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
>> index 783150458864..038a5a15d937 100644
>> --- a/arch/x86/include/asm/sev.h
>> +++ b/arch/x86/include/asm/sev.h
>> @@ -200,6 +200,7 @@ void __init __noreturn snp_abort(void);
>>   void snp_accept_memory(phys_addr_t start, phys_addr_t end);
>>   u64 snp_get_unsupported_features(u64 status);
>>   u64 sev_get_status(void);
>> +void __init snp_secure_tsc_prepare(void);
>>   #else
>>   static inline void sev_es_ist_enter(struct pt_regs *regs) { }
>>   static inline void sev_es_ist_exit(void) { }
>> @@ -223,6 +224,7 @@ static inline void snp_abort(void) { }
>>   static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { }
>>   static inline u64 snp_get_unsupported_features(u64 status) { return 0; }
>>   static inline u64 sev_get_status(void) { return 0; }
>> +static inline void __init snp_secure_tsc_prepare(void) { }
>>   #endif
>>     #endif
>> diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
>> index 3ac0ffc4f3e2..ee35c0488f56 100644
>> --- a/arch/x86/include/asm/svm.h
>> +++ b/arch/x86/include/asm/svm.h
>> @@ -414,7 +414,9 @@ struct sev_es_save_area {
>>       u8 reserved_0x298[80];
>>       u32 pkru;
>>       u32 tsc_aux;
>> -    u8 reserved_0x2f0[24];
>> +    u64 tsc_scale;
>> +    u64 tsc_offset;
>> +    u8 reserved_0x300[8];
>>       u64 rcx;
>>       u64 rdx;
>>       u64 rbx;
>> @@ -546,7 +548,7 @@ static inline void __unused_size_checks(void)
>>       BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x1c0);
>>       BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x248);
>>       BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x298);
>> -    BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x2f0);
>> +    BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x300);
>>       BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x320);
>>       BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x380);
>>       BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x3f0);
>> diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
>> index fb3b1feb1b84..9468809d02c7 100644
>> --- a/arch/x86/kernel/sev.c
>> +++ b/arch/x86/kernel/sev.c
>> @@ -76,6 +76,10 @@ static u64 sev_hv_features __ro_after_init;
>>   /* Secrets page physical address from the CC blob */
>>   static u64 secrets_pa __ro_after_init;
>>   +/* Secure TSC values read using TSC_INFO SNP Guest request */
>> +static u64 guest_tsc_scale __ro_after_init;
>> +static u64 guest_tsc_offset __ro_after_init;
> 
> s/guest_/snp_/
> 
>> +
>>   /* #VC handler runtime per-CPU data */
>>   struct sev_es_runtime_data {
>>       struct ghcb ghcb_page;
>> @@ -1393,6 +1397,78 @@ bool snp_assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id)
>>   }
>>   EXPORT_SYMBOL_GPL(snp_assign_vmpck);
>>   +static struct snp_guest_dev tsc_snp_dev __initdata;
>> +
>> +static int __init snp_get_tsc_info(void)
>> +{
>> +    static u8 buf[SNP_TSC_INFO_REQ_SZ + AUTHTAG_LEN];
>> +    struct snp_guest_request_ioctl rio;
>> +    struct snp_tsc_info_resp tsc_resp;
>> +    struct snp_tsc_info_req tsc_req;
>> +    struct snp_guest_req req;
>> +    int rc, resp_len;
>> +
>> +    /*
>> +     * The intermediate response buffer is used while decrypting the
>> +     * response payload. Make sure that it has enough space to cover the
>> +     * authtag.
>> +     */
>> +    resp_len = sizeof(tsc_resp) + AUTHTAG_LEN;
>> +    if (sizeof(buf) < resp_len)
>> +        return -EINVAL;
>> +
>> +    memset(&tsc_req, 0, sizeof(tsc_req));
>> +    memset(&req, 0, sizeof(req));
>> +    memset(&rio, 0, sizeof(rio));
>> +    memset(buf, 0, sizeof(buf));
>> +
>> +    if (!snp_assign_vmpck(&tsc_snp_dev, 0))
>> +        return -EINVAL;
>> +
>> +    /* Initialize the PSP channel to send snp messages */
>> +    if (snp_setup_psp_messaging(&tsc_snp_dev))
>> +        sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
> 
> This should just return the non-zero return code from snp_setup_psp_messaging(), no?
> 
>     rc = snp_setup_psp_messaging(&tsc_snp_dev);
>     if (rc)
>         return rc;

Yes, that will also have the same behaviour, snp_get_tsc_info() will send the termination request. 

>> +
>> +    req.msg_version = MSG_HDR_VER;
>> +    req.msg_type = SNP_MSG_TSC_INFO_REQ;
>> +    req.vmpck_id = tsc_snp_dev.vmpck_id;
>> +    req.req_buf = &tsc_req;
>> +    req.req_sz = sizeof(tsc_req);
>> +    req.resp_buf = buf;
>> +    req.resp_sz = resp_len;
>> +    req.exit_code = SVM_VMGEXIT_GUEST_REQUEST;
>> +    rc = snp_send_guest_request(&tsc_snp_dev, &req, &rio);
> 
> Aren't you supposed to hold a mutex before calling this since it will eventually call the message sequence number functions?

Yes, I will need to otherwise lockdep will complain. This is being called from boot processor, so there is no parallel execution.

>> +    if (rc)
>> +        goto err_req;
>> +
>> +    memcpy(&tsc_resp, buf, sizeof(tsc_resp));
>> +    pr_debug("%s: Valid response status %x scale %llx offset %llx factor %x\n",
>> +         __func__, tsc_resp.status, tsc_resp.tsc_scale, tsc_resp.tsc_offset,
>> +         tsc_resp.tsc_factor);
>> +
>> +    guest_tsc_scale = tsc_resp.tsc_scale;
>> +    guest_tsc_offset = tsc_resp.tsc_offset;
>> +
>> +err_req:
>> +    /* The response buffer contains the sensitive data, explicitly clear it. */
>> +    memzero_explicit(buf, sizeof(buf));
>> +    memzero_explicit(&tsc_resp, sizeof(tsc_resp));
>> +    memzero_explicit(&req, sizeof(req));
>> +
>> +    return rc;
>> +}
>> +
>> +void __init snp_secure_tsc_prepare(void)
>> +{
>> +    if (!cc_platform_has(CC_ATTR_GUEST_SECURE_TSC))
>> +        return;
>> +
>> +    if (snp_get_tsc_info())
>> +        sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
> 
> How about using SEV_TERM_SET_LINUX and a new GHCB_TERM_SECURE_TSC_INFO.

Yes, we can do that, I remember you had said this will required GHCB spec change and then thought of sticking with the current return code.

> 
>> +
>> +    pr_debug("SecureTSC enabled\n");
>> +}
>> +
>>   static int wakeup_cpu_via_vmgexit(int apic_id, unsigned long start_ip)
>>   {
>>       struct sev_es_save_area *cur_vmsa, *vmsa;
>> @@ -1493,6 +1569,12 @@ static int wakeup_cpu_via_vmgexit(int apic_id, unsigned long start_ip)
>>       vmsa->vmpl        = 0;
>>       vmsa->sev_features    = sev_status >> 2;
>>   +    /* Setting Secure TSC parameters */
>> +    if (cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) {
>> +        vmsa->tsc_scale = guest_tsc_scale;
>> +        vmsa->tsc_offset = guest_tsc_offset;
>> +    }
>> +
>>       /* Switch the page over to a VMSA page now that it is initialized */
>>       ret = snp_set_vmsa(vmsa, true);
>>       if (ret) {
>> diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
>> index 6faea41e99b6..9935fc506e99 100644
>> --- a/arch/x86/mm/mem_encrypt_amd.c
>> +++ b/arch/x86/mm/mem_encrypt_amd.c
>> @@ -215,6 +215,11 @@ void __init sme_map_bootdata(char *real_mode_data)
>>       __sme_early_map_unmap_mem(__va(cmdline_paddr), COMMAND_LINE_SIZE, true);
>>   }
>>   +void __init amd_enc_init(void)
>> +{
>> +    snp_secure_tsc_prepare();
>> +}
>> +
>>   void __init sev_setup_arch(void)
>>   {
>>       phys_addr_t total_mem = memblock_phys_mem_size();
>> @@ -502,6 +507,7 @@ void __init sme_early_init(void)
>>       x86_platform.guest.enc_status_change_finish  = amd_enc_status_change_finish;
>>       x86_platform.guest.enc_tlb_flush_required    = amd_enc_tlb_flush_required;
>>       x86_platform.guest.enc_cache_flush_required  = amd_enc_cache_flush_required;
>> +    x86_platform.guest.enc_init                  = amd_enc_init;
>>         /*
>>        * AMD-SEV-ES intercepts the RDMSR to read the X2APIC ID in the

Regards
Nikunj