Add support for configuring the TSC frequency when Secure TSC is enabled
in SEV-SNP guests through a new "tsc-frequency" property on SEV-SNP
guest objects, similar to the vCPU-specific property used by regular
guests and TDX. A new property is needed since SEV-SNP guests require
the TSC frequency to be specified during early SNP_LAUNCH_START command
before any vCPUs are created.
The user-provided TSC frequency is set through KVM_SET_TSC_KHZ before
issuing KVM_SEV_SNP_LAUNCH_START.
Attempts to set TSC frequency on both the SEV_SNP object and the cpu
object result in an error from KVM (on the vCPU ioctl), so do not add
separate checks for the same.
Sample command-line:
-machine q35,confidential-guest-support=sev0 \
-object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on,tsc-frequency=2500000000
Co-developed-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com>
Signed-off-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com>
Co-developed-by: Nikunj A Dadhania <nikunj@amd.com>
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org>
---
target/i386/sev.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
qapi/qom.json | 6 +++++-
2 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index af8222b8ceb3..56d7cc9e6901 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -178,6 +178,7 @@ struct SevSnpGuestState {
char *id_auth_base64;
uint8_t *id_auth;
char *host_data;
+ uint32_t tsc_khz;
struct kvm_sev_snp_launch_start kvm_start_conf;
struct kvm_sev_snp_launch_finish kvm_finish_conf;
@@ -536,6 +537,13 @@ static int check_sev_features(SevCommonState *sev_common, uint64_t sev_features,
__func__, sev_features, sev_common->supported_sev_features);
return -1;
}
+ if (sev_snp_enabled() && SEV_SNP_GUEST(sev_common)->tsc_khz &&
+ !(sev_features & SVM_SEV_FEAT_SECURE_TSC)) {
+ error_setg(errp,
+ "%s: TSC frequency can only be set if Secure TSC is enabled",
+ __func__);
+ return -1;
+ }
return 0;
}
@@ -1085,6 +1093,19 @@ sev_snp_launch_start(SevCommonState *sev_common)
return 1;
}
+ if (is_sev_feature_set(sev_common, SVM_SEV_FEAT_SECURE_TSC) &&
+ sev_snp_guest->tsc_khz) {
+ rc = -EINVAL;
+ if (kvm_check_extension(kvm_state, KVM_CAP_VM_TSC_CONTROL)) {
+ rc = kvm_vm_ioctl(kvm_state, KVM_SET_TSC_KHZ, sev_snp_guest->tsc_khz);
+ }
+ if (rc < 0) {
+ error_report("%s: Unable to set Secure TSC frequency to %u kHz ret=%d",
+ __func__, sev_snp_guest->tsc_khz, rc);
+ return 1;
+ }
+ }
+
rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_START,
start, &fw_error);
if (rc < 0) {
@@ -3132,6 +3153,28 @@ static void sev_snp_guest_set_secure_tsc(Object *obj, bool value, Error **errp)
sev_set_feature(SEV_COMMON(obj), SVM_SEV_FEAT_SECURE_TSC, value);
}
+static void
+sev_snp_guest_get_tsc_frequency(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ uint32_t value = SEV_SNP_GUEST(obj)->tsc_khz * 1000;
+
+ visit_type_uint32(v, name, &value, errp);
+}
+
+static void
+sev_snp_guest_set_tsc_frequency(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ uint32_t value;
+
+ if (!visit_type_uint32(v, name, &value, errp)) {
+ return;
+ }
+
+ SEV_SNP_GUEST(obj)->tsc_khz = value / 1000;
+}
+
static void
sev_snp_guest_class_init(ObjectClass *oc, const void *data)
{
@@ -3170,6 +3213,9 @@ sev_snp_guest_class_init(ObjectClass *oc, const void *data)
object_class_property_add_bool(oc, "secure-tsc",
sev_snp_guest_get_secure_tsc,
sev_snp_guest_set_secure_tsc);
+ object_class_property_add(oc, "tsc-frequency", "uint32",
+ sev_snp_guest_get_tsc_frequency,
+ sev_snp_guest_set_tsc_frequency, NULL, NULL);
}
static void
diff --git a/qapi/qom.json b/qapi/qom.json
index c7dd2dd1b095..5daaf065b6b7 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -1104,6 +1104,9 @@
# @secure-tsc: enable Secure TSC
# (default: false) (since 10.2)
#
+# @tsc-frequency: set secure TSC frequency. Only valid if Secure TSC
+# is enabled (default: zero) (since 10.2)
+#
# Since: 9.1
##
{ 'struct': 'SevSnpGuestProperties',
@@ -1116,7 +1119,8 @@
'*author-key-enabled': 'bool',
'*host-data': 'str',
'*vcek-disabled': 'bool',
- '*secure-tsc': 'bool' } }
+ '*secure-tsc': 'bool',
+ '*tsc-frequency': 'uint32' } }
##
# @TdxGuestProperties:
--
2.51.0Pardon my ignorance...
"Naveen N Rao (AMD)" <naveen@kernel.org> writes:
> Add support for configuring the TSC frequency when Secure TSC is enabled
> in SEV-SNP guests through a new "tsc-frequency" property on SEV-SNP
> guest objects, similar to the vCPU-specific property used by regular
> guests and TDX.
Which property exactly?
> A new property is needed since SEV-SNP guests require
> the TSC frequency to be specified during early SNP_LAUNCH_START command
> before any vCPUs are created.
Sounds awkward.
Do the two properties set the same thing at different times?
> The user-provided TSC frequency is set through KVM_SET_TSC_KHZ before
> issuing KVM_SEV_SNP_LAUNCH_START.
>
> Attempts to set TSC frequency on both the SEV_SNP object and the cpu
> object result in an error from KVM (on the vCPU ioctl), so do not add
> separate checks for the same.
>
> Sample command-line:
> -machine q35,confidential-guest-support=sev0 \
> -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on,tsc-frequency=2500000000
>
> Co-developed-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com>
> Signed-off-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com>
> Co-developed-by: Nikunj A Dadhania <nikunj@amd.com>
> Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
> Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org>
[...]
> diff --git a/qapi/qom.json b/qapi/qom.json
> index c7dd2dd1b095..5daaf065b6b7 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -1104,6 +1104,9 @@
> # @secure-tsc: enable Secure TSC
> # (default: false) (since 10.2)
> #
> +# @tsc-frequency: set secure TSC frequency. Only valid if Secure TSC
> +# is enabled (default: zero) (since 10.2)
Is this likely to remain the only property that's only valied when
@secure-tsc is true?
> +#
> # Since: 9.1
> ##
> { 'struct': 'SevSnpGuestProperties',
> @@ -1116,7 +1119,8 @@
> '*author-key-enabled': 'bool',
> '*host-data': 'str',
> '*vcek-disabled': 'bool',
> - '*secure-tsc': 'bool' } }
> + '*secure-tsc': 'bool',
> + '*tsc-frequency': 'uint32' } }
>
> ##
> # @TdxGuestProperties:
On Thu, Nov 06, 2025 at 01:09:37PM +0100, Markus Armbruster wrote: > Pardon my ignorance... > > "Naveen N Rao (AMD)" <naveen@kernel.org> writes: > > > Add support for configuring the TSC frequency when Secure TSC is enabled > > in SEV-SNP guests through a new "tsc-frequency" property on SEV-SNP > > guest objects, similar to the vCPU-specific property used by regular > > guests and TDX. > > Which property exactly? Same name: tsc-frequency specified with '-cpu' > > > A new property is needed since SEV-SNP guests require > > the TSC frequency to be specified during early SNP_LAUNCH_START command > > before any vCPUs are created. > > Sounds awkward. > > Do the two properties set the same thing at different times? Yes. For regular guests, TSC frequency is set using a vCPU ioctl. However, TDX and SEV-SNP (with Secure TSC) require the TSC frequency to be set as a VM property (there is a VM ioctl for this purpose). This was Tom's question too (see v2): is there any way to re-use 'tsc-frequency' specified with '-cpu' for Secure TSC. > > > The user-provided TSC frequency is set through KVM_SET_TSC_KHZ before > > issuing KVM_SEV_SNP_LAUNCH_START. > > > > Attempts to set TSC frequency on both the SEV_SNP object and the cpu > > object result in an error from KVM (on the vCPU ioctl), so do not add > > separate checks for the same. > > > > Sample command-line: > > -machine q35,confidential-guest-support=sev0 \ > > -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on,tsc-frequency=2500000000 > > > > Co-developed-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com> > > Signed-off-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com> > > Co-developed-by: Nikunj A Dadhania <nikunj@amd.com> > > Signed-off-by: Nikunj A Dadhania <nikunj@amd.com> > > Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org> > > [...] > > > diff --git a/qapi/qom.json b/qapi/qom.json > > index c7dd2dd1b095..5daaf065b6b7 100644 > > --- a/qapi/qom.json > > +++ b/qapi/qom.json > > @@ -1104,6 +1104,9 @@ > > # @secure-tsc: enable Secure TSC > > # (default: false) (since 10.2) > > # > > +# @tsc-frequency: set secure TSC frequency. Only valid if Secure TSC > > +# is enabled (default: zero) (since 10.2) > > Is this likely to remain the only property that's only valied when > @secure-tsc is true? At this stage, yes. I am not aware of anything else that is specific to Secure TSC. - Naveen
On Fri, Nov 07, 2025 at 02:21:24PM +0530, Naveen N Rao wrote: > On Thu, Nov 06, 2025 at 01:09:37PM +0100, Markus Armbruster wrote: > > Pardon my ignorance... > > > > "Naveen N Rao (AMD)" <naveen@kernel.org> writes: > > > > > Add support for configuring the TSC frequency when Secure TSC is enabled > > > in SEV-SNP guests through a new "tsc-frequency" property on SEV-SNP > > > guest objects, similar to the vCPU-specific property used by regular > > > guests and TDX. > > > > Which property exactly? > > Same name: tsc-frequency specified with '-cpu' > > > > > > A new property is needed since SEV-SNP guests require > > > the TSC frequency to be specified during early SNP_LAUNCH_START command > > > before any vCPUs are created. > > > > Sounds awkward. > > > > Do the two properties set the same thing at different times? > > Yes. For regular guests, TSC frequency is set using a vCPU ioctl. > However, TDX and SEV-SNP (with Secure TSC) require the TSC frequency to > be set as a VM property (there is a VM ioctl for this purpose). The '-cpu' arg is global to the VM, so even though the ioctl is per-VCPU, a single '-cpu ...,tsc-frequency=NNN' argument applies universally to all the vCPUs in regular guests. > This was Tom's question too (see v2): is there any way to re-use > 'tsc-frequency' specified with '-cpu' for Secure TSC. I see no reason why we can't simply use the existing '-cpu tsc-frequency' value. Fetch the CPU 0 object and query its "tsc-frequency" property, and just assume all non-0 CPUs have the same tsc-frequency, since we don't provide a way to set it differently per-CPU IIUC. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Fri, Nov 07, 2025 at 09:59:46AM +0000, Daniel P. Berrangé wrote: > On Fri, Nov 07, 2025 at 02:21:24PM +0530, Naveen N Rao wrote: > > On Thu, Nov 06, 2025 at 01:09:37PM +0100, Markus Armbruster wrote: > > > Pardon my ignorance... > > > > > > "Naveen N Rao (AMD)" <naveen@kernel.org> writes: > > > > > > > Add support for configuring the TSC frequency when Secure TSC is enabled > > > > in SEV-SNP guests through a new "tsc-frequency" property on SEV-SNP > > > > guest objects, similar to the vCPU-specific property used by regular > > > > guests and TDX. > > > > > > Which property exactly? > > > > Same name: tsc-frequency specified with '-cpu' > > > > > > > > > A new property is needed since SEV-SNP guests require > > > > the TSC frequency to be specified during early SNP_LAUNCH_START command > > > > before any vCPUs are created. > > > > > > Sounds awkward. > > > > > > Do the two properties set the same thing at different times? > > > > Yes. For regular guests, TSC frequency is set using a vCPU ioctl. > > However, TDX and SEV-SNP (with Secure TSC) require the TSC frequency to > > be set as a VM property (there is a VM ioctl for this purpose). > > The '-cpu' arg is global to the VM, so even though the ioctl is per-VCPU, > a single '-cpu ...,tsc-frequency=NNN' argument applies universally to all > the vCPUs in regular guests. > > > This was Tom's question too (see v2): is there any way to re-use > > 'tsc-frequency' specified with '-cpu' for Secure TSC. > > I see no reason why we can't simply use the existing '-cpu tsc-frequency' > value. Fetch the CPU 0 object and query its "tsc-frequency" property, > and just assume all non-0 CPUs have the same tsc-frequency, since we > don't provide a way to set it differently per-CPU IIUC. I might be missing something obvious, but did you mean using 'qemu_get_cpu(0)' or 'first_cpu' in sev_snp_launch_start()? That doesn't seem to work (both are NULL). Thanks, Naveen
Naveen N Rao <naveen@kernel.org> writes: > On Thu, Nov 06, 2025 at 01:09:37PM +0100, Markus Armbruster wrote: >> Pardon my ignorance... >> >> "Naveen N Rao (AMD)" <naveen@kernel.org> writes: >> >> > Add support for configuring the TSC frequency when Secure TSC is enabled >> > in SEV-SNP guests through a new "tsc-frequency" property on SEV-SNP >> > guest objects, similar to the vCPU-specific property used by regular >> > guests and TDX. >> >> Which property exactly? > > Same name: tsc-frequency specified with '-cpu' Thanks. It's x86_64-cpu property tsc-frequency. >> >> > A new property is needed since SEV-SNP guests require >> > the TSC frequency to be specified during early SNP_LAUNCH_START command >> > before any vCPUs are created. >> >> Sounds awkward. >> >> Do the two properties set the same thing at different times? > > Yes. For regular guests, TSC frequency is set using a vCPU ioctl. > However, TDX and SEV-SNP (with Secure TSC) require the TSC frequency to > be set as a VM property (there is a VM ioctl for this purpose). > > This was Tom's question too (see v2): is there any way to re-use > 'tsc-frequency' specified with '-cpu' for Secure TSC. Hmm, let's see whether I can guess how this stuff works. Please correct my misunderstandings. When machine property confidential-guest-support is null, it's a regular guest. If it points to a sev-guest object, it's SEV. If it points to a sev-snp-guest object, it's SEV-SNP. If it points to a tdx-guest object, it's TDX. Normally, the TSC frequency is specified with x86_64-cpu property tsc-frequency. Can different CPUs have different frequencies? In certain cases (SEV-SNP or TDX guest with Secure TSC), tsc-frequency needs to be configured before any CPUs are created. You're implementing this for SEV-SNP, and you chose to create a sev-snp property tsc-frequency for this. What happens when I enable Secure TSC with sev-snp property "secure-tsc": true, but don't set property tsc-frequency? What happens when I do set it, and then also set the CPU property? To the same frequency? To a different frequency? >> > The user-provided TSC frequency is set through KVM_SET_TSC_KHZ before >> > issuing KVM_SEV_SNP_LAUNCH_START. >> > >> > Attempts to set TSC frequency on both the SEV_SNP object and the cpu >> > object result in an error from KVM (on the vCPU ioctl), so do not add >> > separate checks for the same. >> > >> > Sample command-line: >> > -machine q35,confidential-guest-support=sev0 \ >> > -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on,tsc-frequency=2500000000 >> > >> > Co-developed-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com> >> > Signed-off-by: Ketan Chaturvedi <Ketan.Chaturvedi@amd.com> >> > Co-developed-by: Nikunj A Dadhania <nikunj@amd.com> >> > Signed-off-by: Nikunj A Dadhania <nikunj@amd.com> >> > Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org> >> >> [...] >> >> > diff --git a/qapi/qom.json b/qapi/qom.json >> > index c7dd2dd1b095..5daaf065b6b7 100644 >> > --- a/qapi/qom.json >> > +++ b/qapi/qom.json >> > @@ -1104,6 +1104,9 @@ >> > # @secure-tsc: enable Secure TSC >> > # (default: false) (since 10.2) >> > # >> > +# @tsc-frequency: set secure TSC frequency. Only valid if Secure TSC >> > +# is enabled (default: zero) (since 10.2) >> >> Is this likely to remain the only property that's only valied when >> @secure-tsc is true? > > At this stage, yes. I am not aware of anything else that is specific to > Secure TSC. Alright, this makes "only valid if" reasonable.
On Fri, Nov 07, 2025 at 10:49:30AM +0100, Markus Armbruster wrote: > Naveen N Rao <naveen@kernel.org> writes: > > > On Thu, Nov 06, 2025 at 01:09:37PM +0100, Markus Armbruster wrote: > >> Pardon my ignorance... > >> > >> "Naveen N Rao (AMD)" <naveen@kernel.org> writes: > >> > >> > Add support for configuring the TSC frequency when Secure TSC is enabled > >> > in SEV-SNP guests through a new "tsc-frequency" property on SEV-SNP > >> > guest objects, similar to the vCPU-specific property used by regular > >> > guests and TDX. > >> > >> Which property exactly? > > > > Same name: tsc-frequency specified with '-cpu' > > Thanks. It's x86_64-cpu property tsc-frequency. Ok. > > >> > >> > A new property is needed since SEV-SNP guests require > >> > the TSC frequency to be specified during early SNP_LAUNCH_START command > >> > before any vCPUs are created. > >> > >> Sounds awkward. > >> > >> Do the two properties set the same thing at different times? > > > > Yes. For regular guests, TSC frequency is set using a vCPU ioctl. > > However, TDX and SEV-SNP (with Secure TSC) require the TSC frequency to > > be set as a VM property (there is a VM ioctl for this purpose). > > > > This was Tom's question too (see v2): is there any way to re-use > > 'tsc-frequency' specified with '-cpu' for Secure TSC. > > Hmm, let's see whether I can guess how this stuff works. Please correct > my misunderstandings. > > When machine property confidential-guest-support is null, it's a regular > guest. > > If it points to a sev-guest object, it's SEV. Yes, or a SEV-ES guest. > > If it points to a sev-snp-guest object, it's SEV-SNP. > > If it points to a tdx-guest object, it's TDX. > > Normally, the TSC frequency is specified with x86_64-cpu property > tsc-frequency. > > Can different CPUs have different frequencies? I believe Daniel has answered this in his reply. > > In certain cases (SEV-SNP or TDX guest with Secure TSC), tsc-frequency nit: TDX guest, or SEV-SNP with Secure TSC. > needs to be configured before any CPUs are created. You're implementing > this for SEV-SNP, and you chose to create a sev-snp property > tsc-frequency for this. > > What happens when I enable Secure TSC with sev-snp property > "secure-tsc": true, but don't set property tsc-frequency? KVM uses the host default if tsc-frequency is not explicitly specified. > > What happens when I do set it, and then also set the CPU property? To > the same frequency? To a different frequency? From the commit log: Attempts to set TSC frequency on both the SEV_SNP object and the cpu object result in an error from KVM (on the vCPU ioctl), so do not add separate checks for the same. If the same frequency is specified in both places, then no error is thrown. Thanks, Naveen
© 2016 - 2025 Red Hat, Inc.