diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 4894535cbd0bd4eb843962f4335934504e470490..4caef8c0858a05ffa0245b6d2113332721b47d8d 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -2150,6 +2150,9 @@ int kvm_pv_send_ipi(struct kvm *kvm, unsigned long ipi_bitmap_low,
 		    unsigned long ipi_bitmap_high, u32 min,
 		    unsigned long icr, int op_64_bit);
 
+void kvm_arch_hypercall_init(void *func);
+void kvm_arch_hypercall_exit(void);
+
 int kvm_add_user_return_msr(u32 msr);
 int kvm_find_user_return_msr(u32 msr);
 int kvm_set_user_return_msr(unsigned index, u64 val, u64 mask);
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 8b7736d096c32d3dfb23dcdcfe5fd046c401b14a..2bbeaa220802eaf1db921e89b4228c3e241dae37 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -22,6 +22,7 @@
 #include <linux/hashtable.h>
 #include <linux/objtool.h>
 #include <linux/psp-sev.h>
+#include <linux/psp-hygon.h>
 #include <linux/file.h>
 #include <linux/pagemap.h>
 #include <linux/swap.h>
@@ -1140,6 +1141,9 @@ static void svm_hardware_unsetup(void)
 	__free_pages(pfn_to_page(iopm_base >> PAGE_SHIFT),
 	get_order(IOPM_SIZE));
 	iopm_base = 0;
+
+	if (boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)
+		kvm_arch_hypercall_exit();
 }
 
 static void init_seg(struct vmcb_seg *seg)
@@ -5194,6 +5198,26 @@ static __init void svm_set_cpu_caps(void)
 	sev_set_cpu_caps();
 }
 
+static int kvm_hygon_arch_hypercall(struct kvm *kvm, u64 nr, u64 a0, u64 a1, u64 a2, u64 a3)
+{
+	int ret = 0;
+	struct kvm_vpsp vpsp = {
+		.kvm = kvm,
+		.write_guest = kvm_write_guest,
+		.read_guest = kvm_read_guest
+	};
+	switch (nr) {
+	case KVM_HC_PSP_OP:
+		ret = kvm_pv_psp_op(&vpsp, a0, a1, a2, a3);
+		break;
+
+	default:
+		ret = -KVM_ENOSYS;
+		break;
+	}
+	return ret;
+}
+
 static __init int svm_hardware_setup(void)
 {
 	int cpu;
@@ -5362,6 +5386,9 @@ static __init int svm_hardware_setup(void)
 	 */
 	allow_smaller_maxphyaddr = !npt_enabled;
 
+	if (boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)
+		kvm_arch_hypercall_init(kvm_hygon_arch_hypercall);
+
 	return 0;
 
 err:
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 7b78155b3610601f6d6f91b16776e39bab224f7d..77d2c6caa6e554277865f6967464e187492ac637 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -320,6 +320,8 @@ u64 __read_mostly host_xcr0;
 
 static struct kmem_cache *x86_emulator_cache;
 
+static int (*kvm_arch_hypercall)(struct kvm *kvm, u64 nr, u64 a0, u64 a1, u64 a2, u64 a3);
+
 /*
  * When called, it means the previous get/set msr reached an invalid msr.
  * Return true if we want to ignore/silent this failed msr access.
@@ -9891,7 +9893,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
 	}
 
 	if (static_call(kvm_x86_get_cpl)(vcpu) != 0 &&
-	    !(is_x86_vendor_hygon() && nr == KVM_HC_VM_ATTESTATION)) {
+	    !(is_x86_vendor_hygon() && (nr == KVM_HC_VM_ATTESTATION || nr == KVM_HC_PSP_OP))) {
 		ret = -KVM_EPERM;
 		goto out;
 	}
@@ -9928,6 +9930,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
 		kvm_sched_yield(vcpu, a0);
 		ret = 0;
 		break;
+	case KVM_HC_PSP_OP:
+		ret = -KVM_ENOSYS;
+		if (kvm_arch_hypercall)
+			ret = kvm_arch_hypercall(vcpu->kvm, nr, a0, a1, a2, a3);
+		break;
 	case KVM_HC_MAP_GPA_RANGE: {
 		u64 gpa = a0, npages = a1, attrs = a2;
 
@@ -13711,6 +13718,18 @@ int kvm_sev_es_string_io(struct kvm_vcpu *vcpu, unsigned int size,
 }
 EXPORT_SYMBOL_GPL(kvm_sev_es_string_io);
 
+void kvm_arch_hypercall_init(void *func)
+{
+	kvm_arch_hypercall = func;
+}
+EXPORT_SYMBOL_GPL(kvm_arch_hypercall_init);
+
+void kvm_arch_hypercall_exit(void)
+{
+	kvm_arch_hypercall = NULL;
+}
+EXPORT_SYMBOL_GPL(kvm_arch_hypercall_exit);
+
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_entry);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_fast_mmio);
diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile
index c4b02a03380adabc969ce44d9e150eee80b67cba..8bc2b02352832a633e72b01546498f55e1c53e52 100644
--- a/drivers/crypto/ccp/Makefile
+++ b/drivers/crypto/ccp/Makefile
@@ -17,7 +17,8 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += psp-dev.o \
                                    dbc.o \
                                    hygon/psp-dev.o \
                                    hygon/csv-dev.o \
-                                   hygon/ring-buffer.o
+                                   hygon/ring-buffer.o \
+                                   hygon/vpsp.o
 
 ccp-$(CONFIG_TDM_DEV_HYGON) += hygon/tdm-dev.o
 
diff --git a/drivers/crypto/ccp/hygon/csv-dev.c b/drivers/crypto/ccp/hygon/csv-dev.c
index 2bf6d1801650c5a9c8dd954b3c618a16240a663b..93c17faef3e78ad93cf7c2a5c9a1ca1921f850bf 100644
--- a/drivers/crypto/ccp/hygon/csv-dev.c
+++ b/drivers/crypto/ccp/hygon/csv-dev.c
@@ -30,6 +30,20 @@ u32 hygon_csv_build;
 
 int csv_comm_mode = CSV_COMM_MAILBOX_ON;
 
+/* defination of variabled used by virtual psp */
+enum VPSP_RB_CHECK_STATUS {
+	RB_NOT_CHECK = 0,
+	RB_CHECKING,
+	RB_CHECKED,
+	RB_CHECK_MAX
+};
+#define VPSP_RB_IS_SUPPORTED(buildid)	(buildid >= 1913)
+#define VPSP_CMD_STATUS_RUNNING		0xffff
+static DEFINE_MUTEX(vpsp_rb_mutex);
+struct csv_ringbuffer_queue vpsp_ring_buffer[CSV_COMMAND_PRIORITY_NUM];
+static uint8_t vpsp_rb_supported;
+static atomic_t vpsp_rb_check_status = ATOMIC_INIT(RB_NOT_CHECK);
+
 /*
  * csv_update_api_version used to update the api version of HYGON CSV
  * firmwareat driver side.
@@ -179,6 +193,7 @@ static long csv_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 	void __user *argp = (void __user *)arg;
 	struct sev_issue_cmd input;
 	int ret = -EFAULT;
+	int mutex_enabled = READ_ONCE(hygon_psp_hooks.psp_mutex_enabled);
 
 	if (!hygon_psp_hooks.sev_dev_hooks_installed)
 		return -ENODEV;
@@ -195,7 +210,13 @@ static long csv_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 	if (input.cmd > CSV_MAX)
 		return -EINVAL;
 
-	mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled) {
+		if (psp_mutex_lock_timeout(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex,
+					   PSP_MUTEX_TIMEOUT) != 1)
+			return -EBUSY;
+	} else {
+		mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	}
 
 	switch (input.cmd) {
 	case CSV_HGSC_CERT_IMPORT:
@@ -217,14 +238,20 @@ static long csv_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 		 * Release the mutex before calling the native ioctl function
 		 * because it will acquires the mutex.
 		 */
-		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
+		if (is_vendor_hygon() && mutex_enabled)
+			psp_mutex_unlock(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex);
+		else
+			mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
 		return hygon_psp_hooks.sev_ioctl(file, ioctl, arg);
 	}
 
 	if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
 		ret = -EFAULT;
 
-	mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled)
+		psp_mutex_unlock(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex);
+	else
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
 
 	return ret;
 }
@@ -379,11 +406,18 @@ static int csv_do_ringbuf_cmds(int *psp_ret)
 {
 	struct sev_user_data_status data;
 	int rc;
+	int mutex_enabled = READ_ONCE(hygon_psp_hooks.psp_mutex_enabled);
 
 	if (!hygon_psp_hooks.sev_dev_hooks_installed)
 		return -ENODEV;
 
-	mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled) {
+		if (psp_mutex_lock_timeout(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex,
+					   PSP_MUTEX_TIMEOUT) != 1)
+			return -EBUSY;
+	} else {
+		mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	}
 
 	rc = __csv_ring_buffer_enter_locked(psp_ret);
 	if (rc)
@@ -396,7 +430,10 @@ static int csv_do_ringbuf_cmds(int *psp_ret)
 	csv_comm_mode = CSV_COMM_MAILBOX_ON;
 
 cmd_unlock:
-	mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled)
+		psp_mutex_unlock(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex);
+	else
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
 
 	return rc;
 }
@@ -442,7 +479,7 @@ static int __csv_ring_buffer_queue_init(struct csv_ringbuffer_queue *ring_buffer
 
 	/* the command queue will points to @cmd_ptr_buffer */
 	csv_queue_init(&ring_buffer->cmd_ptr, cmd_ptr_buffer,
-		       CSV_RING_BUFFER_LEN, CSV_RING_BUFFER_ESIZE);
+		       CSV_RING_BUFFER_SIZE, CSV_RING_BUFFER_ESIZE);
 
 	stat_val_buffer = kzalloc(CSV_RING_BUFFER_LEN, GFP_KERNEL);
 	if (!stat_val_buffer)
@@ -450,7 +487,7 @@ static int __csv_ring_buffer_queue_init(struct csv_ringbuffer_queue *ring_buffer
 
 	/* the status queue will points to @stat_val_buffer */
 	csv_queue_init(&ring_buffer->stat_val, stat_val_buffer,
-		       CSV_RING_BUFFER_LEN, CSV_RING_BUFFER_ESIZE);
+		       CSV_RING_BUFFER_SIZE, CSV_RING_BUFFER_ESIZE);
 	return 0;
 }
 
@@ -653,7 +690,6 @@ int csv_platform_cmd_set_secure_memory_region(struct sev_device *sev, int *error
 	if (ret)
 		dev_warn(sev->dev,
 			 "CSV3: fail to set secure memory region, CSV3 support unavailable\n");
-
 	return ret;
 }
 
@@ -667,3 +703,471 @@ int csv_platform_cmd_set_secure_memory_region(struct sev_device *sev, int *error
 }
 
 #endif	/* CONFIG_HYGON_CSV */
+
+static int get_queue_tail(struct csv_ringbuffer_queue *ringbuffer)
+{
+	return ringbuffer->cmd_ptr.tail & ringbuffer->cmd_ptr.mask;
+}
+
+static int get_queue_head(struct csv_ringbuffer_queue *ringbuffer)
+{
+	return ringbuffer->cmd_ptr.head & ringbuffer->cmd_ptr.mask;
+}
+
+static void vpsp_set_cmd_status(int prio, int index, int status)
+{
+	struct csv_queue *ringbuf = &vpsp_ring_buffer[prio].stat_val;
+	struct csv_statval_entry *statval = (struct csv_statval_entry *)ringbuf->data;
+
+	statval[index].status = status;
+}
+
+static int vpsp_get_cmd_status(int prio, int index)
+{
+	struct csv_queue *ringbuf = &vpsp_ring_buffer[prio].stat_val;
+	struct csv_statval_entry *statval = (struct csv_statval_entry *)ringbuf->data;
+
+	return statval[index].status;
+}
+
+static unsigned int vpsp_queue_cmd_size(int prio)
+{
+	return csv_cmd_queue_size(&vpsp_ring_buffer[prio].cmd_ptr);
+}
+
+static int vpsp_dequeue_cmd(int prio, int index,
+		struct csv_cmdptr_entry *cmd_ptr)
+{
+	mutex_lock(&vpsp_rb_mutex);
+
+	/* The status update must be before the head update */
+	vpsp_set_cmd_status(prio, index, 0);
+	csv_dequeue_cmd(&vpsp_ring_buffer[prio].cmd_ptr, (void *)cmd_ptr, 1);
+
+	mutex_unlock(&vpsp_rb_mutex);
+
+	return 0;
+}
+
+/*
+ * Populate the command from the virtual machine to the queue to
+ * support execution in ringbuffer mode
+ */
+static int vpsp_fill_cmd_queue(uint32_t vid, int prio, int cmd, void *data, uint16_t flags)
+{
+	struct csv_cmdptr_entry cmdptr = { };
+	int index = -1;
+
+	cmdptr.cmd_buf_ptr = PUT_PSP_VID(__psp_pa(data), vid);
+	cmdptr.cmd_id = cmd;
+	cmdptr.cmd_flags = flags;
+
+	mutex_lock(&vpsp_rb_mutex);
+	index = get_queue_tail(&vpsp_ring_buffer[prio]);
+
+	/* If status is equal to VPSP_CMD_STATUS_RUNNING, then the queue is full */
+	if (vpsp_get_cmd_status(prio, index) == VPSP_CMD_STATUS_RUNNING) {
+		index = -1;
+		goto out;
+	}
+
+	/* The status must be written first, and then the cmd can be enqueued */
+	vpsp_set_cmd_status(prio, index, VPSP_CMD_STATUS_RUNNING);
+	if (csv_enqueue_cmd(&vpsp_ring_buffer[prio].cmd_ptr, &cmdptr, 1) != 1) {
+		vpsp_set_cmd_status(prio, index, 0);
+		index = -1;
+		goto out;
+	}
+
+out:
+	mutex_unlock(&vpsp_rb_mutex);
+	return index;
+}
+
+static void vpsp_ring_update_head(struct csv_ringbuffer_queue *ring_buffer,
+		uint32_t new_head)
+{
+	uint32_t orig_head = get_queue_head(ring_buffer);
+	uint32_t comple_num = 0;
+
+	if (new_head >= orig_head)
+		comple_num = new_head - orig_head;
+	else
+		comple_num = ring_buffer->cmd_ptr.mask - (orig_head - new_head)
+			+ 1;
+
+	ring_buffer->cmd_ptr.head += comple_num;
+}
+
+static int vpsp_ring_buffer_queue_init(void)
+{
+	int i;
+	int ret;
+
+	for (i = CSV_COMMAND_PRIORITY_HIGH; i < CSV_COMMAND_PRIORITY_NUM; i++) {
+		ret = __csv_ring_buffer_queue_init(&vpsp_ring_buffer[i]);
+		if (ret)
+			return ret;
+	}
+
+	return 0;
+}
+
+static int vpsp_psp_mutex_trylock(void)
+{
+	int mutex_enabled = READ_ONCE(hygon_psp_hooks.psp_mutex_enabled);
+
+	if (is_vendor_hygon() && mutex_enabled)
+		return psp_mutex_trylock(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex);
+	else
+		return mutex_trylock(hygon_psp_hooks.sev_cmd_mutex);
+}
+
+static int vpsp_psp_mutex_unlock(void)
+{
+	int mutex_enabled = READ_ONCE(hygon_psp_hooks.psp_mutex_enabled);
+
+	if (is_vendor_hygon() && mutex_enabled)
+		psp_mutex_unlock(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex);
+	else
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
+
+	return 0;
+}
+
+static int __vpsp_ring_buffer_enter_locked(int *error)
+{
+	int ret;
+	struct csv_data_ring_buffer *data;
+	struct csv_ringbuffer_queue *low_queue;
+	struct csv_ringbuffer_queue *hi_queue;
+	struct sev_device *sev = psp_master->sev_data;
+
+	if (csv_comm_mode == CSV_COMM_RINGBUFFER_ON)
+		return -EEXIST;
+
+	data = kzalloc(sizeof(*data), GFP_KERNEL);
+	if (!data)
+		return -ENOMEM;
+
+	low_queue = &vpsp_ring_buffer[CSV_COMMAND_PRIORITY_LOW];
+	hi_queue = &vpsp_ring_buffer[CSV_COMMAND_PRIORITY_HIGH];
+
+	data->queue_lo_cmdptr_address = __psp_pa(low_queue->cmd_ptr.data_align);
+	data->queue_lo_statval_address = __psp_pa(low_queue->stat_val.data_align);
+	data->queue_hi_cmdptr_address = __psp_pa(hi_queue->cmd_ptr.data_align);
+	data->queue_hi_statval_address = __psp_pa(hi_queue->stat_val.data_align);
+	data->queue_lo_size = 1;
+	data->queue_hi_size = 1;
+	data->int_on_empty = 1;
+
+	ret = hygon_psp_hooks.__sev_do_cmd_locked(CSV_CMD_RING_BUFFER, data, error);
+	if (!ret) {
+		iowrite32(0, sev->io_regs + sev->vdata->cmdbuff_addr_hi_reg);
+		csv_comm_mode = CSV_COMM_RINGBUFFER_ON;
+	}
+
+	kfree(data);
+	return ret;
+}
+
+static int __vpsp_do_ringbuf_cmds_locked(int *psp_ret, uint8_t prio, int index)
+{
+	struct psp_device *psp = psp_master;
+	unsigned int reg, ret = 0;
+	unsigned int rb_tail, rb_head;
+	unsigned int rb_ctl;
+	struct sev_device *sev;
+
+	if (!psp)
+		return -ENODEV;
+
+	if (*hygon_psp_hooks.psp_dead)
+		return -EBUSY;
+
+	sev = psp->sev_data;
+
+	/* update rb tail */
+	rb_tail = ioread32(sev->io_regs + sev->vdata->cmdbuff_addr_hi_reg);
+	rb_tail &= (~PSP_RBTAIL_QHI_TAIL_MASK);
+	rb_tail |= (get_queue_tail(&vpsp_ring_buffer[CSV_COMMAND_PRIORITY_HIGH])
+					<< PSP_RBTAIL_QHI_TAIL_SHIFT);
+	rb_tail &= (~PSP_RBTAIL_QLO_TAIL_MASK);
+	rb_tail |= get_queue_tail(&vpsp_ring_buffer[CSV_COMMAND_PRIORITY_LOW]);
+	iowrite32(rb_tail, sev->io_regs + sev->vdata->cmdbuff_addr_hi_reg);
+
+	/* update rb head */
+	rb_head = ioread32(sev->io_regs + sev->vdata->cmdbuff_addr_lo_reg);
+	rb_head &= (~PSP_RBHEAD_QHI_HEAD_MASK);
+	rb_head |= (get_queue_head(&vpsp_ring_buffer[CSV_COMMAND_PRIORITY_HIGH])
+					<< PSP_RBHEAD_QHI_HEAD_SHIFT);
+	rb_head &= (~PSP_RBHEAD_QLO_HEAD_MASK);
+	rb_head |= get_queue_head(&vpsp_ring_buffer[CSV_COMMAND_PRIORITY_LOW]);
+	iowrite32(rb_head, sev->io_regs + sev->vdata->cmdbuff_addr_lo_reg);
+
+	/* update rb ctl to trigger psp irq */
+	sev->int_rcvd = 0;
+	/* PSP response to x86 only when all queue is empty or error happends */
+	rb_ctl = (PSP_RBCTL_X86_WRITES | PSP_RBCTL_RBMODE_ACT | PSP_RBCTL_CLR_INTSTAT);
+	iowrite32(rb_ctl, sev->io_regs + sev->vdata->cmdresp_reg);
+
+	/* wait for all commands in ring buffer completed */
+	ret = csv_wait_cmd_ioc_ring_buffer(sev, &reg, (*hygon_psp_hooks.psp_timeout)*10);
+	if (ret) {
+		if (psp_ret)
+			*psp_ret = 0;
+
+		dev_err(psp->dev, "csv command in ringbuffer mode timed out, disabling PSP\n");
+		*hygon_psp_hooks.psp_dead = true;
+		return ret;
+	}
+	/* cmd error happends */
+	if (reg & PSP_RBHEAD_QPAUSE_INT_STAT)
+		ret = -EFAULT;
+
+	/* update head */
+	vpsp_ring_update_head(&vpsp_ring_buffer[CSV_COMMAND_PRIORITY_HIGH],
+			(reg & PSP_RBHEAD_QHI_HEAD_MASK) >> PSP_RBHEAD_QHI_HEAD_SHIFT);
+	vpsp_ring_update_head(&vpsp_ring_buffer[CSV_COMMAND_PRIORITY_LOW],
+			reg & PSP_RBHEAD_QLO_HEAD_MASK);
+
+	if (psp_ret)
+		*psp_ret = vpsp_get_cmd_status(prio, index);
+
+	return ret;
+}
+
+static int vpsp_do_ringbuf_cmds_locked(int *psp_ret, uint8_t prio, int index)
+{
+	struct sev_user_data_status data;
+	int rc;
+
+	rc = __vpsp_ring_buffer_enter_locked(psp_ret);
+	if (rc)
+		goto end;
+
+	rc = __vpsp_do_ringbuf_cmds_locked(psp_ret, prio, index);
+
+	/* exit ringbuf mode by send CMD in mailbox mode */
+	hygon_psp_hooks.__sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,
+					&data, NULL);
+	csv_comm_mode = CSV_COMM_MAILBOX_ON;
+
+end:
+	return rc;
+}
+
+/**
+ * struct user_data_status - PLATFORM_STATUS command parameters
+ *
+ * @major: major API version
+ * @minor: minor API version
+ * @state: platform state
+ * @owner: self-owned or externally owned
+ * @chip_secure: ES or MP chip
+ * @fw_enc: is this FW is encrypted
+ * @fw_sign: is this FW is signed
+ * @config_es: platform config flags for csv-es
+ * @build: Firmware Build ID for this API version
+ * @bl_version_debug: Bootloader VERSION_DEBUG field
+ * @bl_version_minor: Bootloader VERSION_MINOR field
+ * @bl_version_major: Bootloader VERSION_MAJOR field
+ * @guest_count: number of active guests
+ * @reserved: should set to zero
+ */
+struct user_data_status {
+	uint8_t api_major;		/* Out */
+	uint8_t api_minor;		/* Out */
+	uint8_t state;			/* Out */
+	uint8_t owner : 1,		/* Out */
+		chip_secure : 1,	/* Out */
+		fw_enc : 1,		/* Out */
+		fw_sign : 1,		/* Out */
+		reserved1 : 4;		/*reserved*/
+	uint32_t config_es : 1,		/* Out */
+		build : 31;		/* Out */
+	uint32_t guest_count;		/* Out */
+} __packed;
+
+/*
+ * Check whether the firmware supports ringbuffer mode and parse
+ * commands from the virtual machine
+ */
+static int vpsp_rb_check_and_cmd_prio_parse(uint8_t *prio,
+		struct vpsp_cmd *vcmd)
+{
+	int ret, error;
+	int rb_supported;
+	int rb_check_old = RB_NOT_CHECK;
+	struct user_data_status *status = NULL;
+
+	if (atomic_try_cmpxchg(&vpsp_rb_check_status, &rb_check_old,
+				RB_CHECKING)) {
+		/* get buildid to check if the firmware supports ringbuffer mode */
+		status = kzalloc(sizeof(*status), GFP_KERNEL);
+		if (!status) {
+			atomic_set(&vpsp_rb_check_status, RB_CHECKED);
+			goto end;
+		}
+		ret = sev_platform_status((struct sev_user_data_status *)status,
+				&error);
+		if (ret) {
+			pr_warn("failed to get status[%#x], use default command mode.\n", error);
+			atomic_set(&vpsp_rb_check_status, RB_CHECKED);
+			kfree(status);
+			goto end;
+		}
+
+		/* check if the firmware supports the ringbuffer mode */
+		if (VPSP_RB_IS_SUPPORTED(status->build)) {
+			if (vpsp_ring_buffer_queue_init()) {
+				pr_warn("vpsp_ring_buffer_queue_init fail, use default command mode\n");
+				atomic_set(&vpsp_rb_check_status, RB_CHECKED);
+				kfree(status);
+				goto end;
+			}
+			WRITE_ONCE(vpsp_rb_supported, 1);
+		}
+
+		atomic_set(&vpsp_rb_check_status, RB_CHECKED);
+		kfree(status);
+	}
+
+end:
+	rb_supported = READ_ONCE(vpsp_rb_supported);
+	/* parse prio by vcmd */
+	if (rb_supported && vcmd->is_high_rb)
+		*prio = CSV_COMMAND_PRIORITY_HIGH;
+	else
+		*prio = CSV_COMMAND_PRIORITY_LOW;
+	/* clear rb level bit in vcmd */
+	vcmd->is_high_rb = 0;
+
+	return rb_supported;
+}
+
+int __vpsp_do_cmd_locked(uint32_t vid, int cmd, void *data, int *psp_ret);
+/*
+ * Try to obtain the result again by the command index, this
+ * interface is used in ringbuffer mode
+ */
+int vpsp_try_get_result(uint32_t vid, uint8_t prio, uint32_t index, void *data,
+		struct vpsp_ret *psp_ret)
+{
+	int ret = 0;
+	struct csv_cmdptr_entry cmd = {0};
+
+	/* Get the retult directly if the command has been executed */
+	if (index >= 0 && vpsp_get_cmd_status(prio, index) !=
+			VPSP_CMD_STATUS_RUNNING) {
+		psp_ret->pret = vpsp_get_cmd_status(prio, index);
+		psp_ret->status = VPSP_FINISH;
+		return 0;
+	}
+
+	if (vpsp_psp_mutex_trylock()) {
+		/* Use mailbox mode to execute a command if there is only one command */
+		if (vpsp_queue_cmd_size(prio) == 1) {
+			/* dequeue command from queue*/
+			vpsp_dequeue_cmd(prio, index, &cmd);
+
+			ret = __vpsp_do_cmd_locked(vid, cmd.cmd_id, data,
+					(int *)psp_ret);
+			psp_ret->status = VPSP_FINISH;
+			vpsp_psp_mutex_unlock();
+			if (unlikely(ret)) {
+				if (ret == -EIO) {
+					ret = 0;
+				} else {
+					pr_err("[%s]: psp do cmd error, %d\n",
+						__func__, psp_ret->pret);
+					ret = -EIO;
+					goto end;
+				}
+			}
+		} else {
+			ret = vpsp_do_ringbuf_cmds_locked((int *)psp_ret, prio,
+					index);
+			psp_ret->status = VPSP_FINISH;
+			vpsp_psp_mutex_unlock();
+			if (unlikely(ret)) {
+				pr_err("[%s]: vpsp_do_ringbuf_cmds_locked failed %d\n",
+						__func__, ret);
+				goto end;
+			}
+		}
+	} else {
+		/* Change the command to the running state if getting the mutex fails */
+		psp_ret->index = index;
+		psp_ret->status = VPSP_RUNNING;
+		return 0;
+	}
+end:
+	return ret;
+}
+EXPORT_SYMBOL_GPL(vpsp_try_get_result);
+
+/*
+ * Send the virtual psp command to the PSP device and try to get the
+ * execution result, the interface and the vpsp_try_get_result
+ * interface are executed asynchronously. If the execution succeeds,
+ * the result is returned to the VM. If the execution fails, the
+ * vpsp_try_get_result interface will be used to obtain the result
+ * later again
+ */
+int vpsp_try_do_cmd(uint32_t vid, int cmd, void *data, struct vpsp_ret *psp_ret)
+{
+	int ret = 0;
+	int rb_supported;
+	int index = -1;
+	uint8_t prio = CSV_COMMAND_PRIORITY_LOW;
+
+	/* ringbuffer mode check and parse command prio*/
+	rb_supported = vpsp_rb_check_and_cmd_prio_parse(&prio,
+			(struct vpsp_cmd *)&cmd);
+	if (rb_supported) {
+		/* fill command in ringbuffer's queue and get index */
+		index = vpsp_fill_cmd_queue(vid, prio, cmd, data, 0);
+		if (unlikely(index < 0)) {
+			/* do mailbox command if queuing failed*/
+			ret = vpsp_do_cmd(vid, cmd, data, (int *)psp_ret);
+			if (unlikely(ret)) {
+				if (ret == -EIO) {
+					ret = 0;
+				} else {
+					pr_err("[%s]: psp do cmd error, %d\n",
+						__func__, psp_ret->pret);
+					ret = -EIO;
+					goto end;
+				}
+			}
+			psp_ret->status = VPSP_FINISH;
+			goto end;
+		}
+
+		/* try to get result from the ringbuffer command */
+		ret = vpsp_try_get_result(vid, prio, index, data, psp_ret);
+		if (unlikely(ret)) {
+			pr_err("[%s]: vpsp_try_get_result failed %d\n", __func__, ret);
+			goto end;
+		}
+	} else {
+		/* mailbox mode */
+		ret = vpsp_do_cmd(vid, cmd, data, (int *)psp_ret);
+		if (unlikely(ret)) {
+			if (ret == -EIO) {
+				ret = 0;
+			} else {
+				pr_err("[%s]: psp do cmd error, %d\n",
+						__func__, psp_ret->pret);
+				ret = -EIO;
+				goto end;
+			}
+		}
+		psp_ret->status = VPSP_FINISH;
+	}
+
+end:
+	return ret;
+}
+EXPORT_SYMBOL_GPL(vpsp_try_do_cmd);
diff --git a/drivers/crypto/ccp/hygon/psp-dev.c b/drivers/crypto/ccp/hygon/psp-dev.c
index 7fb2b2e368eb9e1dd7c4f207dccd9b689354ca27..aff04b77477d8065800ae39989bd2c8a7538f8a2 100644
--- a/drivers/crypto/ccp/hygon/psp-dev.c
+++ b/drivers/crypto/ccp/hygon/psp-dev.c
@@ -14,12 +14,420 @@
 #include <linux/psp.h>
 #include <linux/psp-hygon.h>
 #include <linux/bitfield.h>
+#include <linux/delay.h>
+#include <linux/sort.h>
+#include <linux/bsearch.h>
+#include <linux/rwlock.h>
 
 #include "psp-dev.h"
 
 /* Function and variable pointers for hooks */
 struct hygon_psp_hooks_table hygon_psp_hooks;
 
+static struct psp_misc_dev *psp_misc;
+#define HYGON_PSP_IOC_TYPE 'H'
+enum HYGON_PSP_OPCODE {
+	HYGON_PSP_MUTEX_ENABLE = 1,
+	HYGON_PSP_MUTEX_DISABLE,
+	HYGON_VPSP_CTRL_OPT,
+	HYGON_PSP_OPCODE_MAX_NR,
+};
+
+enum VPSP_DEV_CTRL_OPCODE {
+	VPSP_OP_VID_ADD,
+	VPSP_OP_VID_DEL,
+	VPSP_OP_SET_DEFAULT_VID_PERMISSION,
+	VPSP_OP_GET_DEFAULT_VID_PERMISSION,
+};
+
+struct vpsp_dev_ctrl {
+	unsigned char op;
+	union {
+		unsigned int vid;
+		// Set or check the permissions for the default VID
+		unsigned int def_vid_perm;
+		unsigned char reserved[128];
+	} data;
+};
+
+uint64_t atomic64_exchange(volatile uint64_t *dst, uint64_t val)
+{
+#if 0
+	asm volatile(
+			"lock ; "
+			"xchgq %0, %1;"
+			: "=r" (val), "=m" (*dst)
+			: "0" (val),  "m" (*dst)
+			: "memory");         /* no-clobber list */
+	return val;
+#endif
+	return xchg(dst, val);
+}
+
+int psp_mutex_init(struct psp_mutex *mutex)
+{
+	if (!mutex)
+		return -1;
+	mutex->locked = 0;
+	return 0;
+}
+
+int psp_mutex_trylock(struct psp_mutex *mutex)
+{
+	if (atomic64_exchange(&mutex->locked, 1))
+		return 0;
+	else
+		return 1;
+}
+
+int psp_mutex_lock_timeout(struct psp_mutex *mutex, uint64_t ms)
+{
+	int ret = 0;
+	unsigned long je;
+
+	je = jiffies + msecs_to_jiffies(ms);
+	do {
+		if (psp_mutex_trylock(mutex)) {
+			ret = 1;
+			break;
+		}
+	} while ((ms == 0) || time_before(jiffies, je));
+
+	return ret;
+}
+EXPORT_SYMBOL_GPL(psp_mutex_lock_timeout);
+
+int psp_mutex_unlock(struct psp_mutex *mutex)
+{
+	if (!mutex)
+		return -1;
+
+	atomic64_exchange(&mutex->locked, 0);
+	return 0;
+}
+EXPORT_SYMBOL_GPL(psp_mutex_unlock);
+
+static int mmap_psp(struct file *filp, struct vm_area_struct *vma)
+{
+	unsigned long page;
+
+	page = virt_to_phys((void *)psp_misc->data_pg_aligned) >> PAGE_SHIFT;
+
+	if (remap_pfn_range(vma, vma->vm_start, page, (vma->vm_end - vma->vm_start),
+				vma->vm_page_prot)) {
+		printk(KERN_INFO "remap failed...");
+		return -1;
+	}
+	vm_flags_mod(vma, VM_DONTDUMP|VM_DONTEXPAND, 0);
+	printk(KERN_INFO "remap_pfn_rang page:[%lu] ok.\n", page);
+	return 0;
+}
+
+static ssize_t read_psp(struct file *file, char __user *buf, size_t count, loff_t *ppos)
+{
+	ssize_t remaining;
+
+	if ((*ppos + count) > PAGE_SIZE) {
+		printk(KERN_INFO "%s: invalid address range, pos %llx, count %lx\n",
+			__func__, *ppos, count);
+		return -EFAULT;
+	}
+
+	remaining = copy_to_user(buf, (char *)psp_misc->data_pg_aligned + *ppos, count);
+	if (remaining)
+		return -EFAULT;
+	*ppos += count;
+
+	return count;
+}
+
+static ssize_t write_psp(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
+{
+	ssize_t remaining, written;
+
+	if ((*ppos + count) > PAGE_SIZE) {
+		printk(KERN_INFO "%s: invalid address range, pos %llx, count %lx\n",
+			__func__, *ppos, count);
+		return -EFAULT;
+	}
+
+	remaining = copy_from_user((char *)psp_misc->data_pg_aligned + *ppos, buf, count);
+	written = count - remaining;
+	if (!written)
+		return -EFAULT;
+
+	*ppos += written;
+
+	return written;
+}
+DEFINE_RWLOCK(vpsp_rwlock);
+
+/* VPSP_VID_MAX_ENTRIES determines the maximum number of vms that can set vid.
+ * but, the performance of finding vid is determined by g_vpsp_vid_num,
+ * so VPSP_VID_MAX_ENTRIES can be set larger.
+ */
+#define VPSP_VID_MAX_ENTRIES    2048
+#define VPSP_VID_NUM_MAX        64
+
+struct vpsp_vid_entry {
+	uint32_t vid;
+	pid_t pid;
+};
+static struct vpsp_vid_entry g_vpsp_vid_array[VPSP_VID_MAX_ENTRIES];
+static uint32_t g_vpsp_vid_num;
+static int compare_vid_entries(const void *a, const void *b)
+{
+	return ((struct vpsp_vid_entry *)a)->pid - ((struct vpsp_vid_entry *)b)->pid;
+}
+static void swap_vid_entries(void *a, void *b, int size)
+{
+	struct vpsp_vid_entry entry;
+
+	memcpy(&entry, a, size);
+	memcpy(a, b, size);
+	memcpy(b, &entry, size);
+}
+
+/**
+ * When 'allow_default_vid' is set to 1,
+ * QEMU is allowed to use 'vid 0' by default
+ * in the absence of a valid 'vid' setting.
+ */
+uint32_t allow_default_vid = 1;
+void vpsp_set_default_vid_permission(uint32_t is_allow)
+{
+	allow_default_vid = is_allow;
+}
+
+int vpsp_get_default_vid_permission(void)
+{
+	return allow_default_vid;
+}
+EXPORT_SYMBOL_GPL(vpsp_get_default_vid_permission);
+
+/**
+ * When the virtual machine executes the 'tkm' command,
+ * it needs to retrieve the corresponding 'vid'
+ * by performing a binary search using 'kvm->userspace_pid'.
+ */
+int vpsp_get_vid(uint32_t *vid, pid_t pid)
+{
+	struct vpsp_vid_entry new_entry = {.pid = pid};
+	struct vpsp_vid_entry *existing_entry = NULL;
+
+	read_lock(&vpsp_rwlock);
+	existing_entry = bsearch(&new_entry, g_vpsp_vid_array, g_vpsp_vid_num,
+				sizeof(struct vpsp_vid_entry), compare_vid_entries);
+	read_unlock(&vpsp_rwlock);
+
+	if (!existing_entry)
+		return -ENOENT;
+	if (vid) {
+		*vid = existing_entry->vid;
+		pr_debug("PSP: %s %d, by pid %d\n", __func__, *vid, pid);
+	}
+	return 0;
+}
+EXPORT_SYMBOL_GPL(vpsp_get_vid);
+
+/**
+ * Upon qemu startup, this section checks whether
+ * the '-device psp,vid' parameter is specified.
+ * If set, it utilizes the 'vpsp_add_vid' function
+ * to insert the 'vid' and 'pid' values into the 'g_vpsp_vid_array'.
+ * The insertion is done in ascending order of 'pid'.
+ */
+static int vpsp_add_vid(uint32_t vid)
+{
+	pid_t cur_pid = task_pid_nr(current);
+	struct vpsp_vid_entry new_entry = {.vid = vid, .pid = cur_pid};
+
+	if (vpsp_get_vid(NULL, cur_pid) == 0)
+		return -EEXIST;
+	if (g_vpsp_vid_num == VPSP_VID_MAX_ENTRIES)
+		return -ENOMEM;
+	if (vid >= VPSP_VID_NUM_MAX)
+		return -EINVAL;
+
+	write_lock(&vpsp_rwlock);
+	memcpy(&g_vpsp_vid_array[g_vpsp_vid_num++], &new_entry, sizeof(struct vpsp_vid_entry));
+	sort(g_vpsp_vid_array, g_vpsp_vid_num, sizeof(struct vpsp_vid_entry),
+				compare_vid_entries, swap_vid_entries);
+	pr_info("PSP: add vid %d, by pid %d, total vid num is %d\n", vid, cur_pid, g_vpsp_vid_num);
+	write_unlock(&vpsp_rwlock);
+	return 0;
+}
+
+/**
+ * Upon the virtual machine is shut down,
+ * the 'vpsp_del_vid' function is employed to remove
+ * the 'vid' associated with the current 'pid'.
+ */
+static int vpsp_del_vid(void)
+{
+	pid_t cur_pid = task_pid_nr(current);
+	int i, ret = -ENOENT;
+
+	write_lock(&vpsp_rwlock);
+	for (i = 0; i < g_vpsp_vid_num; ++i) {
+		if (g_vpsp_vid_array[i].pid == cur_pid) {
+			--g_vpsp_vid_num;
+			pr_info("PSP: delete vid %d, by pid %d, total vid num is %d\n",
+				g_vpsp_vid_array[i].vid, cur_pid, g_vpsp_vid_num);
+			memcpy(&g_vpsp_vid_array[i], &g_vpsp_vid_array[i + 1],
+				sizeof(struct vpsp_vid_entry) * (g_vpsp_vid_num - i));
+			ret = 0;
+			goto end;
+		}
+	}
+
+end:
+	write_unlock(&vpsp_rwlock);
+	return ret;
+}
+
+static int do_vpsp_op_ioctl(struct vpsp_dev_ctrl *ctrl)
+{
+	int ret = 0;
+	unsigned char op = ctrl->op;
+
+	switch (op) {
+	case VPSP_OP_VID_ADD:
+		ret = vpsp_add_vid(ctrl->data.vid);
+		break;
+
+	case VPSP_OP_VID_DEL:
+		ret = vpsp_del_vid();
+		break;
+
+	case VPSP_OP_SET_DEFAULT_VID_PERMISSION:
+		vpsp_set_default_vid_permission(ctrl->data.def_vid_perm);
+		break;
+
+	case VPSP_OP_GET_DEFAULT_VID_PERMISSION:
+		ctrl->data.def_vid_perm = vpsp_get_default_vid_permission();
+		break;
+
+	default:
+		ret = -EINVAL;
+		break;
+	}
+	return ret;
+}
+
+static long ioctl_psp(struct file *file, unsigned int ioctl, unsigned long arg)
+{
+	unsigned int opcode = 0;
+	struct vpsp_dev_ctrl vpsp_ctrl_op;
+	int ret = -EFAULT;
+
+	if (_IOC_TYPE(ioctl) != HYGON_PSP_IOC_TYPE) {
+		printk(KERN_INFO "%s: invalid ioctl type: 0x%x\n", __func__, _IOC_TYPE(ioctl));
+		return -EINVAL;
+	}
+	opcode = _IOC_NR(ioctl);
+	switch (opcode) {
+	case HYGON_PSP_MUTEX_ENABLE:
+		psp_mutex_lock_timeout(&psp_misc->data_pg_aligned->mb_mutex, 0);
+		// And get the sev lock to make sure no one is using it now.
+		mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+		hygon_psp_hooks.psp_mutex_enabled = 1;
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
+		// Wait 10ms just in case someone is right before getting the psp lock.
+		mdelay(10);
+		psp_mutex_unlock(&psp_misc->data_pg_aligned->mb_mutex);
+		ret = 0;
+		break;
+
+	case HYGON_PSP_MUTEX_DISABLE:
+		mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+		// And get the psp lock to make sure no one is using it now.
+		psp_mutex_lock_timeout(&psp_misc->data_pg_aligned->mb_mutex, 0);
+		hygon_psp_hooks.psp_mutex_enabled = 0;
+		psp_mutex_unlock(&psp_misc->data_pg_aligned->mb_mutex);
+		// Wait 10ms just in case someone is right before getting the sev lock.
+		mdelay(10);
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
+		ret = 0;
+		break;
+
+	case HYGON_VPSP_CTRL_OPT:
+		if (copy_from_user(&vpsp_ctrl_op, (void __user *)arg,
+			sizeof(struct vpsp_dev_ctrl)))
+			return -EFAULT;
+		ret = do_vpsp_op_ioctl(&vpsp_ctrl_op);
+		if (!ret && copy_to_user((void __user *)arg, &vpsp_ctrl_op,
+				sizeof(struct vpsp_dev_ctrl)))
+			return -EFAULT;
+		break;
+
+	default:
+		printk(KERN_INFO "%s: invalid ioctl number: %d\n", __func__, opcode);
+		return -EINVAL;
+	}
+	return ret;
+}
+
+static const struct file_operations psp_fops = {
+	.owner          = THIS_MODULE,
+	.mmap		= mmap_psp,
+	.read		= read_psp,
+	.write		= write_psp,
+	.unlocked_ioctl = ioctl_psp,
+};
+
+int hygon_psp_additional_setup(struct sp_device *sp)
+{
+	struct device *dev = sp->dev;
+	int ret = 0;
+
+	if (!psp_misc) {
+		struct miscdevice *misc;
+
+		psp_misc = devm_kzalloc(dev, sizeof(*psp_misc), GFP_KERNEL);
+		if (!psp_misc)
+			return -ENOMEM;
+		psp_misc->data_pg_aligned = (struct psp_dev_data *)get_zeroed_page(GFP_KERNEL);
+		if (!psp_misc->data_pg_aligned) {
+			dev_err(dev, "alloc psp data page failed\n");
+			devm_kfree(dev, psp_misc);
+			psp_misc = NULL;
+			return -ENOMEM;
+		}
+		SetPageReserved(virt_to_page(psp_misc->data_pg_aligned));
+		psp_mutex_init(&psp_misc->data_pg_aligned->mb_mutex);
+
+		*(uint32_t *)((void *)psp_misc->data_pg_aligned + 8) = 0xdeadbeef;
+		misc = &psp_misc->misc;
+		misc->minor = MISC_DYNAMIC_MINOR;
+		misc->name = "hygon_psp_config";
+		misc->fops = &psp_fops;
+
+		ret = misc_register(misc);
+		if (ret)
+			return ret;
+		kref_init(&psp_misc->refcount);
+		hygon_psp_hooks.psp_misc = psp_misc;
+	} else {
+		kref_get(&psp_misc->refcount);
+	}
+
+	return ret;
+}
+EXPORT_SYMBOL_GPL(hygon_psp_additional_setup);
+
+void hygon_psp_exit(struct kref *ref)
+{
+	struct psp_misc_dev *misc_dev = container_of(ref, struct psp_misc_dev, refcount);
+
+	misc_deregister(&misc_dev->misc);
+	ClearPageReserved(virt_to_page(misc_dev->data_pg_aligned));
+	free_page((unsigned long)misc_dev->data_pg_aligned);
+	psp_misc = NULL;
+	hygon_psp_hooks.psp_misc = NULL;
+}
+EXPORT_SYMBOL_GPL(hygon_psp_exit);
+
 int fixup_hygon_psp_caps(struct psp_device *psp)
 {
 	/* the hygon psp is unavailable if bit0 is cleared in feature reg */
@@ -93,13 +501,114 @@ static int __psp_do_cmd_locked(int cmd, void *data, int *psp_ret)
 	return ret;
 }
 
-int psp_do_cmd(int cmd, void *data, int *psp_ret)
+int __vpsp_do_cmd_locked(uint32_t vid, int cmd, void *data, int *psp_ret)
+{
+	struct psp_device *psp = psp_master;
+	struct sev_device *sev;
+	phys_addr_t phys_addr;
+	unsigned int phys_lsb, phys_msb;
+	unsigned int reg, ret = 0;
+
+	if (!psp || !psp->sev_data)
+		return -ENODEV;
+
+	if (*hygon_psp_hooks.psp_dead)
+		return -EBUSY;
+
+	sev = psp->sev_data;
+
+	if (data && WARN_ON_ONCE(!virt_addr_valid(data)))
+		return -EINVAL;
+
+	/* Get the physical address of the command buffer */
+	phys_addr = PUT_PSP_VID(__psp_pa(data), vid);
+	phys_lsb = data ? lower_32_bits(phys_addr) : 0;
+	phys_msb = data ? upper_32_bits(phys_addr) : 0;
+
+	dev_dbg(sev->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n",
+		cmd, phys_msb, phys_lsb, *hygon_psp_hooks.psp_timeout);
+
+	print_hex_dump_debug("(in):  ", DUMP_PREFIX_OFFSET, 16, 2, data,
+			     hygon_psp_hooks.sev_cmd_buffer_len(cmd), false);
+
+	iowrite32(phys_lsb, sev->io_regs + sev->vdata->cmdbuff_addr_lo_reg);
+	iowrite32(phys_msb, sev->io_regs + sev->vdata->cmdbuff_addr_hi_reg);
+
+	sev->int_rcvd = 0;
+
+	reg = FIELD_PREP(SEV_CMDRESP_CMD, cmd) | SEV_CMDRESP_IOC;
+	iowrite32(reg, sev->io_regs + sev->vdata->cmdresp_reg);
+
+	/* wait for command completion */
+	ret = hygon_psp_hooks.sev_wait_cmd_ioc(sev, &reg, *hygon_psp_hooks.psp_timeout);
+	if (ret) {
+		if (psp_ret)
+			*psp_ret = 0;
+
+		dev_err(sev->dev, "sev command %#x timed out, disabling PSP\n", cmd);
+		*hygon_psp_hooks.psp_dead = true;
+
+		return ret;
+	}
+
+	*hygon_psp_hooks.psp_timeout = *hygon_psp_hooks.psp_cmd_timeout;
+
+	if (psp_ret)
+		*psp_ret = FIELD_GET(PSP_CMDRESP_STS, reg);
+
+	if (FIELD_GET(PSP_CMDRESP_STS, reg)) {
+		dev_dbg(sev->dev, "sev command %#x failed (%#010lx)\n",
+			cmd, FIELD_GET(PSP_CMDRESP_STS, reg));
+		ret = -EIO;
+	}
+
+	print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
+			     hygon_psp_hooks.sev_cmd_buffer_len(cmd), false);
+
+	return ret;
+}
+
+int vpsp_do_cmd(uint32_t vid, int cmd, void *data, int *psp_ret)
 {
 	int rc;
+	int mutex_enabled = READ_ONCE(hygon_psp_hooks.psp_mutex_enabled);
+
+	if (is_vendor_hygon() && mutex_enabled) {
+		if (psp_mutex_lock_timeout(&psp_misc->data_pg_aligned->mb_mutex,
+					PSP_MUTEX_TIMEOUT) != 1) {
+			return -EBUSY;
+		}
+	} else {
+		mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	}
+
+	rc = __vpsp_do_cmd_locked(vid, cmd, data, psp_ret);
 
-	mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled)
+		psp_mutex_unlock(&psp_misc->data_pg_aligned->mb_mutex);
+	else
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
+
+	return rc;
+}
+
+int psp_do_cmd(int cmd, void *data, int *psp_ret)
+{
+	int rc;
+	int mutex_enabled = READ_ONCE(hygon_psp_hooks.psp_mutex_enabled);
+
+	if (is_vendor_hygon() && mutex_enabled) {
+		if (psp_mutex_lock_timeout(&psp_misc->data_pg_aligned->mb_mutex,
+					   PSP_MUTEX_TIMEOUT) != 1)
+			return -EBUSY;
+	} else {
+		mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	}
 	rc = __psp_do_cmd_locked(cmd, data, psp_ret);
-	mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled)
+		psp_mutex_unlock(&psp_misc->data_pg_aligned->mb_mutex);
+	else
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
 
 	return rc;
 }
diff --git a/drivers/crypto/ccp/hygon/psp-dev.h b/drivers/crypto/ccp/hygon/psp-dev.h
index 480b3c36a002ea561a5110f4ae6a3dcc786abc4e..abfc8fcb29c7b0d591ce07b37743a777283c8dfc 100644
--- a/drivers/crypto/ccp/hygon/psp-dev.h
+++ b/drivers/crypto/ccp/hygon/psp-dev.h
@@ -12,6 +12,7 @@
 
 #include <linux/mutex.h>
 #include <linux/bits.h>
+#include <linux/miscdevice.h>
 
 #include "sp-dev.h"
 
@@ -30,6 +31,8 @@
 extern struct hygon_psp_hooks_table {
 	bool sev_dev_hooks_installed;
 	struct mutex *sev_cmd_mutex;
+	struct psp_misc_dev *psp_misc;
+	bool psp_mutex_enabled;
 	bool *psp_dead;
 	int *psp_timeout;
 	int *psp_cmd_timeout;
@@ -43,6 +46,27 @@ extern struct hygon_psp_hooks_table {
 	long (*sev_ioctl)(struct file *file, unsigned int ioctl, unsigned long arg);
 } hygon_psp_hooks;
 
+#define PSP_MUTEX_TIMEOUT 60000
+struct psp_mutex {
+	volatile uint64_t locked;
+};
+
+struct psp_dev_data {
+	struct psp_mutex mb_mutex;
+};
+
+struct psp_misc_dev {
+	struct kref refcount;
+	struct psp_dev_data *data_pg_aligned;
+	struct miscdevice misc;
+};
+
+extern int psp_mutex_trylock(struct psp_mutex *mutex);
+
+int hygon_psp_additional_setup(struct sp_device *sp);
+void hygon_psp_exit(struct kref *ref);
+int psp_mutex_lock_timeout(struct psp_mutex *mutex, uint64_t ms);
+int psp_mutex_unlock(struct psp_mutex *mutex);
 int fixup_hygon_psp_caps(struct psp_device *psp);
 int sp_request_hygon_psp_irq(struct sp_device *sp, irq_handler_t handler,
 			     const char *name, void *data);
diff --git a/drivers/crypto/ccp/hygon/ring-buffer.c b/drivers/crypto/ccp/hygon/ring-buffer.c
index 93402b13b93a3d6b75f5d0dd519f26f31b4699cb..0c9ea0217b2ea1a39e2b02030af0e293e8f13790 100644
--- a/drivers/crypto/ccp/hygon/ring-buffer.c
+++ b/drivers/crypto/ccp/hygon/ring-buffer.c
@@ -28,6 +28,7 @@ static void enqueue_data(struct csv_queue *queue,
 	unsigned int l;
 	void *data;
 
+	off &= queue->mask;
 	if (esize != 1) {
 		off *= esize;
 		size *= esize;
@@ -128,3 +129,25 @@ unsigned int csv_dequeue_stat(struct csv_queue *queue,
 	queue->head += len;
 	return len;
 }
+
+unsigned int csv_dequeue_cmd(struct csv_queue *ring_buf,
+	void *buf, unsigned int len)
+{
+	unsigned int size;
+
+	size = ring_buf->tail - ring_buf->head;
+	if (len > size)
+		len = size;
+
+	dequeue_data(ring_buf, buf, len, ring_buf->head);
+	ring_buf->head += len;
+	return len;
+}
+
+unsigned int csv_cmd_queue_size(struct csv_queue *ring_buf)
+{
+	unsigned int free_size;
+
+	free_size = queue_avail_size(ring_buf);
+	return ring_buf->mask - free_size;
+}
diff --git a/drivers/crypto/ccp/hygon/ring-buffer.h b/drivers/crypto/ccp/hygon/ring-buffer.h
index 2c99ade0251291ef017c28640a255cb92d64b55b..bf97aa6df36a2e66b4e306dc1bf253b73a07ce70 100644
--- a/drivers/crypto/ccp/hygon/ring-buffer.h
+++ b/drivers/crypto/ccp/hygon/ring-buffer.h
@@ -19,5 +19,9 @@ unsigned int csv_enqueue_cmd(struct csv_queue *queue,
 			     const void *buf, unsigned int len);
 unsigned int csv_dequeue_stat(struct csv_queue *queue,
 			      void *buf, unsigned int len);
+unsigned int csv_dequeue_cmd(struct csv_queue *ring_buf,
+	void *buf, unsigned int len);
+
+unsigned int csv_cmd_queue_size(struct csv_queue *ring_buf);
 
 #endif /* __CCP_HYGON_RINGBUF_H__ */
diff --git a/drivers/crypto/ccp/hygon/vpsp.c b/drivers/crypto/ccp/hygon/vpsp.c
new file mode 100644
index 0000000000000000000000000000000000000000..13208fe2c4b3d37acb4af0cf06d5ddb27cdbc86e
--- /dev/null
+++ b/drivers/crypto/ccp/hygon/vpsp.c
@@ -0,0 +1,641 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * PSP virtualization
+ *
+ * Copyright (c) 2023, HYGON CORPORATION. All rights reserved.
+ *     Author: Ge Yang <yangge@hygon.cn>
+ *
+ */
+
+#include <linux/kvm_types.h>
+#include <linux/slab.h>
+#include <linux/kvm_host.h>
+#include <linux/psp-sev.h>
+#include <linux/psp.h>
+#include <linux/psp-hygon.h>
+
+#ifdef pr_fmt
+#undef pr_fmt
+#endif
+#define pr_fmt(fmt) "vpsp: " fmt
+
+/*
+ * The file mainly implements the base execution
+ * logic of virtual PSP in kernel mode, which mainly includes:
+ *	(1) Obtain the VM command and preprocess the pointer
+ *		mapping table information in the command buffer
+ *	(2) The command that has been converted will interact
+ *		with the channel of the psp through the driver and
+ *		try to obtain the execution result
+ *	(3) The executed command data is recovered according to
+ *		the multilevel pointer of the mapping table, and then returned to the VM
+ *
+ * The primary implementation logic of virtual PSP in kernel mode
+ * call trace:
+ * guest command(vmmcall)
+ *	|
+ *	|	   |-> kvm_pv_psp_cmd_pre_op
+ *		   |		|
+ *		   |		| -> guest_addr_map_table_op
+ *		   |				|
+ *		   |				| -> guest_multiple_level_gpa_replace
+ *		   |
+ *  kvm_pv_psp_op->|-> vpsp_try_do_cmd/vpsp_try_get_result <====> psp device driver
+ *		   |
+ *		   |
+ *		   |-> kvm_pv_psp_cmd_post_op
+ *				|
+ *				| -> guest_addr_map_table_op
+ *						|
+ *						| -> guest_multiple_level_gpa_restore
+ */
+
+#define TKM_CMD_ID_MIN  0x120
+#define TKM_CMD_ID_MAX  0x12f
+
+struct psp_cmdresp_head {
+	uint32_t buf_size;
+	uint32_t cmdresp_size;
+	uint32_t cmdresp_code;
+} __packed;
+
+/**
+ * struct map_tbl - multilevel pointer address mapping table
+ *
+ * @parent_pa: parent address block's physics address
+ * @offset: offset in parent address block
+ * @size: submemory size
+ * @align: submemory align size, hva need to keep size alignment in kernel
+ * @hva: submemory copy block in kernel virtual address
+ */
+struct map_tbl {
+	uint64_t parent_pa;
+	uint32_t offset;
+	uint32_t size;
+	uint32_t align;
+	uint64_t hva;
+} __packed;
+
+struct addr_map_tbls {
+	uint32_t tbl_nums;
+	struct map_tbl tbl[];
+} __packed;
+
+/* gpa and hva conversion maintenance table for internal use */
+struct gpa2hva_t {
+	void *hva;
+	gpa_t gpa;
+};
+
+struct gpa2hva_tbls {
+	uint32_t max_nums;
+	uint32_t tbl_nums;
+	struct gpa2hva_t tbl[];
+};
+
+/* save command data for restoring later */
+struct vpsp_hbuf_wrapper {
+	void *data;
+	uint32_t data_size;
+	struct addr_map_tbls *map_tbls;
+	struct gpa2hva_tbls *g2h_tbls;
+};
+
+/* Virtual PSP host memory information maintenance, used in ringbuffer mode */
+struct vpsp_hbuf_wrapper
+g_hbuf_wrap[CSV_COMMAND_PRIORITY_NUM][CSV_RING_BUFFER_SIZE / CSV_RING_BUFFER_ESIZE] = {0};
+
+void __maybe_unused map_tbl_dump(const char *title, struct addr_map_tbls *tbls)
+{
+	int i;
+
+	pr_info("[%s]-> map_tbl_nums: %d", title, tbls->tbl_nums);
+	for (i = 0; i < tbls->tbl_nums; i++) {
+		pr_info("\t[%d]: parent_pa: 0x%llx, offset: 0x%x, size: 0x%x, align: 0x%x hva: 0x%llx",
+			i, tbls->tbl[i].parent_pa, tbls->tbl[i].offset,
+			tbls->tbl[i].size, tbls->tbl[i].align, tbls->tbl[i].hva);
+	}
+	pr_info("\n");
+}
+
+void __maybe_unused g2h_tbl_dump(const char *title, struct gpa2hva_tbls *tbls)
+{
+	int i;
+
+	pr_info("[%s]-> g2h_tbl_nums: %d, max_nums: %d", title, tbls->tbl_nums,
+		tbls->max_nums);
+	for (i = 0; i < tbls->tbl_nums; i++)
+		pr_info("\t[%d]: hva: 0x%llx, gpa: 0x%llx", i,
+			(uint64_t)tbls->tbl[i].hva, tbls->tbl[i].gpa);
+	pr_info("\n");
+}
+
+static int gpa2hva_tbl_fill(struct gpa2hva_tbls *tbls, void *hva, gpa_t gpa)
+{
+	uint32_t fill_idx = tbls->tbl_nums;
+
+	if (fill_idx >= tbls->max_nums)
+		return -EFAULT;
+
+	tbls->tbl[fill_idx].hva = hva;
+	tbls->tbl[fill_idx].gpa = gpa;
+	tbls->tbl_nums = fill_idx + 1;
+
+	return 0;
+}
+
+static void clear_hva_in_g2h_tbls(struct gpa2hva_tbls *g2h, void *hva)
+{
+	int i;
+
+	for (i = 0; i < g2h->tbl_nums; i++) {
+		if (g2h->tbl[i].hva == hva)
+			g2h->tbl[i].hva = NULL;
+	}
+}
+
+static void *get_hva_from_gpa(struct gpa2hva_tbls *g2h, gpa_t gpa)
+{
+	int i;
+
+	for (i = 0; i < g2h->tbl_nums; i++) {
+		if (g2h->tbl[i].gpa == gpa)
+			return (void *)g2h->tbl[i].hva;
+	}
+
+	return NULL;
+}
+
+static gpa_t get_gpa_from_hva(struct gpa2hva_tbls *g2h, void *hva)
+{
+	int i;
+
+	for (i = 0; i < g2h->tbl_nums; i++) {
+		if (g2h->tbl[i].hva == hva)
+			return g2h->tbl[i].gpa;
+	}
+
+	return 0;
+}
+
+/*
+ * The virtual machine multilevel pointer command buffer handles the
+ * execution entity, synchronizes the data in the original gpa to the
+ * newly allocated hva(host virtual address) and updates the mapping
+ * relationship in the parent memory
+ */
+static int guest_multiple_level_gpa_replace(struct kvm_vpsp *vpsp,
+		struct map_tbl *tbl, struct gpa2hva_tbls *g2h)
+{
+	int ret = 0;
+	uint32_t sub_block_size;
+	uint64_t sub_paddr;
+	void *parent_kva = NULL;
+
+	/* kmalloc memory for child block */
+	sub_block_size = max(tbl->size, tbl->align);
+	tbl->hva = (uint64_t)kzalloc(sub_block_size, GFP_KERNEL);
+	if (!tbl->hva)
+		return -ENOMEM;
+
+	/* get child gpa from parent gpa */
+	if (unlikely(vpsp->read_guest(vpsp->kvm, tbl->parent_pa + tbl->offset,
+		&sub_paddr, sizeof(sub_paddr)))) {
+		pr_err("[%s]: kvm_read_guest for parent gpa failed\n",
+			__func__);
+		ret = -EFAULT;
+		goto e_free;
+	}
+
+	/* copy child block data from gpa to hva */
+	if (unlikely(vpsp->read_guest(vpsp->kvm, sub_paddr, (void *)tbl->hva,
+		tbl->size))) {
+		pr_err("[%s]: kvm_read_guest for sub_data failed\n",
+			__func__);
+		ret = -EFAULT;
+		goto e_free;
+	}
+
+	/* get hva from gpa */
+	parent_kva = get_hva_from_gpa(g2h, tbl->parent_pa);
+	if (unlikely(!parent_kva)) {
+		pr_err("[%s]: get_hva_from_gpa for parent_pa failed\n",
+			__func__);
+		ret = -EFAULT;
+		goto e_free;
+	}
+
+	/* replace pa of hva from gpa */
+	*(uint64_t *)((uint8_t *)parent_kva + tbl->offset) = __psp_pa(tbl->hva);
+
+	/* fill in gpa and hva to map table for restoring later */
+	if (unlikely(gpa2hva_tbl_fill(g2h, (void *)tbl->hva, sub_paddr))) {
+		pr_err("[%s]: gpa2hva_tbl_fill for sub_addr failed\n",
+			__func__);
+		ret = -EFAULT;
+		goto e_free;
+	}
+
+	return ret;
+
+e_free:
+	kfree((const void *)tbl->hva);
+	return ret;
+}
+
+/* The virtual machine multi-level pointer command memory handles the
+ * execution entity, synchronizes the data in the hva(host virtual
+ * address) back to the memory corresponding to the gpa, and restores
+ * the mapping relationship in the original parent memory
+ */
+static int guest_multiple_level_gpa_restore(struct kvm_vpsp *vpsp,
+		struct map_tbl *tbl, struct gpa2hva_tbls *g2h)
+{
+	int ret = 0;
+	gpa_t sub_gpa;
+	void *parent_hva = NULL;
+
+	/* get gpa from hva */
+	sub_gpa = get_gpa_from_hva(g2h, (void *)tbl->hva);
+	if (unlikely(!sub_gpa)) {
+		pr_err("[%s]: get_gpa_from_hva for sub_gpa failed\n",
+			__func__);
+		ret = -EFAULT;
+		goto end;
+	}
+
+	/* copy child block data from hva to gpa */
+	if (unlikely(vpsp->write_guest(vpsp->kvm, sub_gpa, (void *)tbl->hva,
+				tbl->size))) {
+		pr_err("[%s]: kvm_write_guest for sub_gpa failed\n",
+			__func__);
+		ret = -EFAULT;
+		goto end;
+	}
+
+	/* get parent hva from parent gpa  */
+	parent_hva = get_hva_from_gpa(g2h, tbl->parent_pa);
+	if (unlikely(!parent_hva)) {
+		pr_err("[%s]: get_hva_from_gpa for parent_pa failed\n",
+			__func__);
+		ret = -EFAULT;
+		goto end;
+	}
+
+	/* restore gpa from pa of hva in parent block  */
+	*(uint64_t *)((uint8_t *)parent_hva + tbl->offset) = sub_gpa;
+
+	/* free child block memory  */
+	clear_hva_in_g2h_tbls(g2h, (void *)tbl->hva);
+	kfree((const void *)tbl->hva);
+	tbl->hva = 0;
+
+end:
+	return ret;
+}
+
+/*
+ * The virtual machine multilevel pointer command memory processing
+ * executes upper-layer abstract interfaces, including replacing and
+ * restoring two sub-processing functions
+ */
+static int guest_addr_map_table_op(struct kvm_vpsp *vpsp, struct gpa2hva_tbls *g2h,
+	struct addr_map_tbls *map_tbls, int op)
+{
+	int ret = 0;
+	int i;
+	uint64_t *sub_paddr_ptr;
+
+	if (op) {
+		for (i = map_tbls->tbl_nums - 1; i >= 0; i--) {
+			/* check if the gpa of root points to itself */
+			if (map_tbls->tbl[i].parent_pa == g2h->tbl[0].gpa) {
+				sub_paddr_ptr = (uint64_t *)((uint8_t *)g2h->tbl[0].hva
+						+ map_tbls->tbl[i].offset);
+				/* if the child paddr is equal to the parent paddr */
+				if ((uint64_t)g2h->tbl[0].hva == map_tbls->tbl[i].hva) {
+					*sub_paddr_ptr = g2h->tbl[0].gpa;
+					continue;
+				}
+			}
+
+			/* restore new pa of kva with the gpa from guest */
+			if (unlikely(guest_multiple_level_gpa_restore(vpsp,
+				&map_tbls->tbl[i], g2h))) {
+				pr_err("[%s]: guest_multiple_level_gpa_restore failed\n",
+					__func__);
+				ret = -EFAULT;
+				goto end;
+			}
+		}
+	} else {
+		for (i = 0; i < map_tbls->tbl_nums; i++) {
+			/* check if the gpa of root points to itself */
+			if (map_tbls->tbl[i].parent_pa == g2h->tbl[0].gpa) {
+				sub_paddr_ptr = (uint64_t *)((uint8_t *)g2h->tbl[0].hva
+							+ map_tbls->tbl[i].offset);
+				/* if the child paddr is equal to the parent paddr */
+				if (*sub_paddr_ptr == map_tbls->tbl[i].parent_pa) {
+					*sub_paddr_ptr = __psp_pa(g2h->tbl[0].hva);
+					map_tbls->tbl[i].hva = (uint64_t)g2h->tbl[0].hva;
+					continue;
+				}
+			}
+
+			/* check if parent_pa is valid */
+			if (unlikely(!get_hva_from_gpa(g2h, map_tbls->tbl[i].parent_pa))) {
+				pr_err("[%s]: g2h->tbl[%d].parent_pa: 0x%llx is invalid\n",
+					__func__, i, map_tbls->tbl[i].parent_pa);
+				ret = -EFAULT;
+				goto end;
+			}
+
+			/* replace the gpa from guest with the new pa of kva */
+			if (unlikely(guest_multiple_level_gpa_replace(vpsp,
+				&map_tbls->tbl[i], g2h))) {
+				pr_err("[%s]: guest_multiple_level_gpa_replace failed\n",
+					__func__);
+				ret = -EFAULT;
+				goto end;
+			}
+		}
+	}
+
+end:
+	return ret;
+}
+
+static void kvm_pv_psp_mem_free(struct gpa2hva_tbls *g2h, struct addr_map_tbls
+	*map_tbl, void *data)
+{
+	int i;
+
+	if (g2h) {
+		for (i = 0; i < g2h->tbl_nums; i++) {
+			if (g2h->tbl[i].hva && (g2h->tbl[i].hva != data)) {
+				kfree(g2h->tbl[i].hva);
+				g2h->tbl[i].hva = NULL;
+			}
+		}
+		kfree(g2h);
+	}
+
+	kfree(map_tbl);
+	kfree(data);
+}
+
+/*
+ * Obtain the VM command and preprocess the pointer mapping table
+ * information in the command buffer, the processed data will be
+ * used to interact with the psp device
+ */
+static int kvm_pv_psp_cmd_pre_op(struct kvm_vpsp *vpsp, gpa_t data_gpa,
+		gpa_t table_gpa, struct vpsp_hbuf_wrapper *hbuf)
+{
+	int ret = 0;
+	void *data = NULL;
+	struct psp_cmdresp_head psp_head;
+	uint32_t data_size;
+	struct addr_map_tbls map_head, *map_tbls = NULL;
+	uint32_t map_tbl_size;
+	struct gpa2hva_tbls *g2h = NULL;
+	uint32_t g2h_tbl_size;
+
+	if (unlikely(vpsp->read_guest(vpsp->kvm, data_gpa, &psp_head,
+					sizeof(struct psp_cmdresp_head))))
+		return -EFAULT;
+
+	data_size = psp_head.buf_size;
+	data = kzalloc(data_size, GFP_KERNEL);
+	if (!data)
+		return -ENOMEM;
+
+	if (unlikely(vpsp->read_guest(vpsp->kvm, data_gpa, data, data_size))) {
+		ret = -EFAULT;
+		goto end;
+	}
+
+	if (table_gpa) {
+		/* parse address map table from guest */
+		if (unlikely(vpsp->read_guest(vpsp->kvm, table_gpa, &map_head,
+			sizeof(struct addr_map_tbls)))) {
+			pr_err("[%s]: kvm_read_guest for map_head failed\n",
+				__func__);
+			ret = -EFAULT;
+			goto end;
+		}
+
+		map_tbl_size = sizeof(struct addr_map_tbls) + map_head.tbl_nums
+			* sizeof(struct map_tbl);
+		map_tbls = kzalloc(map_tbl_size, GFP_KERNEL);
+		if (!map_tbls) {
+			ret = -ENOMEM;
+			goto end;
+		}
+
+		if (unlikely(vpsp->read_guest(vpsp->kvm, table_gpa, map_tbls,
+			map_tbl_size))) {
+			pr_err("[%s]: kvm_read_guest for map_tbls failed\n",
+				__func__);
+			ret = -EFAULT;
+			goto end;
+		}
+
+		/* init for gpa2hva table*/
+		g2h_tbl_size = sizeof(struct gpa2hva_tbls) + (map_head.tbl_nums
+			+ 1) * sizeof(struct gpa2hva_t);
+		g2h = kzalloc(g2h_tbl_size, GFP_KERNEL);
+		if (!g2h) {
+			ret = -ENOMEM;
+			goto end;
+		}
+		g2h->max_nums = map_head.tbl_nums + 1;
+
+		/* fill the root parent address */
+		if (gpa2hva_tbl_fill(g2h, data, data_gpa)) {
+			pr_err("[%s]: gpa2hva_tbl_fill for root data address failed\n",
+				__func__);
+			ret = -EFAULT;
+			goto end;
+		}
+
+		if (guest_addr_map_table_op(vpsp, g2h, map_tbls, 0)) {
+			pr_err("[%s]: guest_addr_map_table_op for replacing failed\n",
+				__func__);
+			ret = -EFAULT;
+			goto end;
+		}
+	}
+
+	hbuf->data = data;
+	hbuf->data_size = data_size;
+	hbuf->map_tbls = map_tbls;
+	hbuf->g2h_tbls = g2h;
+
+end:
+	return ret;
+}
+
+/*
+ * The executed command data is recovered according to the multilevel
+ * pointer of the mapping table when the command has finished
+ * interacting with the psp device
+ */
+static int kvm_pv_psp_cmd_post_op(struct kvm_vpsp *vpsp, gpa_t data_gpa,
+		struct vpsp_hbuf_wrapper *hbuf)
+{
+	int ret = 0;
+
+	if (hbuf->map_tbls) {
+		if (guest_addr_map_table_op(vpsp, hbuf->g2h_tbls,
+					hbuf->map_tbls, 1)) {
+			pr_err("[%s]: guest_addr_map_table_op for restoring failed\n",
+				__func__);
+			ret = -EFAULT;
+			goto end;
+		}
+	}
+
+	/* restore cmdresp's buffer from context */
+	if (unlikely(vpsp->write_guest(vpsp->kvm, data_gpa, hbuf->data,
+					hbuf->data_size))) {
+		pr_err("[%s]: kvm_write_guest for cmdresp data failed\n",
+			__func__);
+		ret = -EFAULT;
+		goto end;
+	}
+
+end:
+	/* release memory and clear hbuf */
+	kvm_pv_psp_mem_free(hbuf->g2h_tbls, hbuf->map_tbls, hbuf->data);
+	memset(hbuf, 0, sizeof(*hbuf));
+
+	return ret;
+}
+
+static int cmd_type_is_tkm(int cmd)
+{
+	if (cmd >= TKM_CMD_ID_MIN && cmd <= TKM_CMD_ID_MAX)
+		return 1;
+	return 0;
+}
+
+/*
+ * The primary implementation interface of virtual PSP in kernel mode
+ */
+int kvm_pv_psp_op(struct kvm_vpsp *vpsp, int cmd, gpa_t data_gpa, gpa_t psp_ret_gpa,
+		gpa_t table_gpa)
+{
+	int ret = 0;
+	struct vpsp_ret psp_ret = {0};
+	struct vpsp_hbuf_wrapper hbuf = {0};
+	struct vpsp_cmd *vcmd = (struct vpsp_cmd *)&cmd;
+	uint8_t prio = CSV_COMMAND_PRIORITY_LOW;
+	uint32_t index = 0;
+	uint32_t vid = 0;
+
+	// only tkm cmd need vid
+	if (cmd_type_is_tkm(vcmd->cmd_id)) {
+		// check the permission to use the default vid when no vid is set
+		ret = vpsp_get_vid(&vid, vpsp->kvm->userspace_pid);
+		if (ret && !vpsp_get_default_vid_permission()) {
+			pr_err("[%s]: not allowed tkm command without vid\n", __func__);
+			return -EFAULT;
+		}
+	}
+
+	if (unlikely(vpsp->read_guest(vpsp->kvm, psp_ret_gpa, &psp_ret,
+					sizeof(psp_ret))))
+		return -EFAULT;
+
+	switch (psp_ret.status) {
+	case VPSP_INIT:
+		/* multilevel pointer replace*/
+		ret = kvm_pv_psp_cmd_pre_op(vpsp, data_gpa, table_gpa, &hbuf);
+		if (unlikely(ret)) {
+			psp_ret.status = VPSP_FINISH;
+			pr_err("[%s]: kvm_pv_psp_cmd_pre_op failed\n",
+					__func__);
+			ret = -EFAULT;
+			goto end;
+		}
+
+		/* try to send command to the device for execution*/
+		ret = vpsp_try_do_cmd(vid, cmd, (void *)hbuf.data,
+				(struct vpsp_ret *)&psp_ret);
+		if (unlikely(ret)) {
+			pr_err("[%s]: vpsp_do_cmd failed\n", __func__);
+			ret = -EFAULT;
+			goto end;
+		}
+
+		switch (psp_ret.status) {
+		case VPSP_RUNNING:
+			/* backup host memory message for restoring later*/
+			prio = vcmd->is_high_rb ? CSV_COMMAND_PRIORITY_HIGH :
+				CSV_COMMAND_PRIORITY_LOW;
+			g_hbuf_wrap[prio][psp_ret.index] = hbuf;
+			break;
+
+		case VPSP_FINISH:
+			/* restore multilevel pointer data */
+			ret = kvm_pv_psp_cmd_post_op(vpsp, data_gpa, &hbuf);
+			if (unlikely(ret)) {
+				pr_err("[%s]: kvm_pv_psp_cmd_post_op failed\n",
+						__func__);
+				ret = -EFAULT;
+				goto end;
+			}
+			break;
+
+		default:
+			ret = -EFAULT;
+			break;
+		}
+		break;
+
+	case VPSP_RUNNING:
+		prio = vcmd->is_high_rb ? CSV_COMMAND_PRIORITY_HIGH :
+			CSV_COMMAND_PRIORITY_LOW;
+		index = psp_ret.index;
+		/* try to get the execution result from ringbuffer*/
+		ret = vpsp_try_get_result(vid, prio, index, g_hbuf_wrap[prio][index].data,
+				(struct vpsp_ret *)&psp_ret);
+		if (unlikely(ret)) {
+			pr_err("[%s]: vpsp_try_get_result failed\n", __func__);
+			ret = -EFAULT;
+			goto end;
+		}
+
+		switch (psp_ret.status) {
+		case VPSP_RUNNING:
+			break;
+
+		case VPSP_FINISH:
+			/* restore multilevel pointer data */
+			ret = kvm_pv_psp_cmd_post_op(vpsp, data_gpa,
+					&g_hbuf_wrap[prio][index]);
+			if (unlikely(ret)) {
+				pr_err("[%s]: kvm_pv_psp_cmd_post_op failed\n",
+						__func__);
+				ret = -EFAULT;
+				goto end;
+			}
+			break;
+
+		default:
+			ret = -EFAULT;
+			break;
+		}
+		break;
+
+	default:
+		pr_err("[%s]: invalid command status\n", __func__);
+		ret = -EFAULT;
+		break;
+	}
+end:
+	/* return psp_ret to guest */
+	vpsp->write_guest(vpsp->kvm, psp_ret_gpa, &psp_ret, sizeof(psp_ret));
+	return ret;
+} EXPORT_SYMBOL_GPL(kvm_pv_psp_op);
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 86065c771d9e4f6a0c9f2da3b31d4520a63780bc..49dde0baae4178f06bd6b5d3357b2db7f4bd2f76 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -199,6 +199,11 @@ int psp_dev_init(struct sp_device *sp)
 
 	/* Request an irq */
 	if (is_vendor_hygon()) {
+		ret = hygon_psp_additional_setup(sp);
+		if (ret) {
+			dev_err(dev, "psp: unable to do additional setup\n");
+			goto e_err;
+		}
 		ret = sp_request_hygon_psp_irq(psp->sp, psp_irq_handler, psp->name, psp);
 	} else {
 		ret = sp_request_psp_irq(psp->sp, psp_irq_handler, psp->name, psp);
@@ -263,6 +268,9 @@ void psp_dev_destroy(struct sp_device *sp)
 
 	sp_free_psp_irq(sp, psp);
 
+	if (is_vendor_hygon() && hygon_psp_hooks.psp_misc)
+		kref_put(&hygon_psp_hooks.psp_misc->refcount, hygon_psp_exit);
+
 	if (sp->clear_psp_master_device)
 		sp->clear_psp_master_device(sp);
 }
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index f0fc57bdff0492cb9e98856605b4d259d0e9cae5..8231b88663ccbff70c9fd208f62476c0d8f9e62e 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -408,10 +408,20 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
 static int sev_do_cmd(int cmd, void *data, int *psp_ret)
 {
 	int rc;
+	int mutex_enabled = READ_ONCE(hygon_psp_hooks.psp_mutex_enabled);
 
-	mutex_lock(&sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled) {
+		if (psp_mutex_lock_timeout(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex,
+					   PSP_MUTEX_TIMEOUT) != 1)
+			return -EBUSY;
+	} else {
+		mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	}
 	rc = __sev_do_cmd_locked(cmd, data, psp_ret);
-	mutex_unlock(&sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled)
+		psp_mutex_unlock(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex);
+	else
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
 
 	return rc;
 }
@@ -529,10 +539,20 @@ static int __sev_platform_init_locked(int *error)
 int sev_platform_init(int *error)
 {
 	int rc;
+	int mutex_enabled = READ_ONCE(hygon_psp_hooks.psp_mutex_enabled);
 
-	mutex_lock(&sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled) {
+		if (psp_mutex_lock_timeout(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex,
+					   PSP_MUTEX_TIMEOUT) != 1)
+			return -EBUSY;
+	} else {
+		mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	}
 	rc = __sev_platform_init_locked(error);
-	mutex_unlock(&sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled)
+		psp_mutex_unlock(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex);
+	else
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
 
 	return rc;
 }
@@ -569,10 +589,20 @@ static int __sev_platform_shutdown_locked(int *error)
 static int sev_platform_shutdown(int *error)
 {
 	int rc;
+	int mutex_enabled = READ_ONCE(hygon_psp_hooks.psp_mutex_enabled);
 
-	mutex_lock(&sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled) {
+		if (psp_mutex_lock_timeout(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex,
+					   PSP_MUTEX_TIMEOUT) != 1)
+			return -EBUSY;
+	} else {
+		mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	}
 	rc = __sev_platform_shutdown_locked(NULL);
-	mutex_unlock(&sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled)
+		psp_mutex_unlock(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex);
+	else
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
 
 	return rc;
 }
@@ -1119,6 +1149,7 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 	struct sev_issue_cmd input;
 	int ret = -EFAULT;
 	bool writable = file->f_mode & FMODE_WRITE;
+	int mutex_enabled = READ_ONCE(hygon_psp_hooks.psp_mutex_enabled);
 
 	if (!psp_master || !psp_master->sev_data)
 		return -ENODEV;
@@ -1132,7 +1163,13 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 	if (input.cmd > SEV_MAX)
 		return -EINVAL;
 
-	mutex_lock(&sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled) {
+		if (psp_mutex_lock_timeout(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex,
+					   PSP_MUTEX_TIMEOUT) != 1)
+			return -EBUSY;
+	} else {
+		mutex_lock(hygon_psp_hooks.sev_cmd_mutex);
+	}
 
 	switch (input.cmd) {
 
@@ -1172,7 +1209,10 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 	if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
 		ret = -EFAULT;
 out:
-	mutex_unlock(&sev_cmd_mutex);
+	if (is_vendor_hygon() && mutex_enabled)
+		psp_mutex_unlock(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex);
+	else
+		mutex_unlock(hygon_psp_hooks.sev_cmd_mutex);
 
 	return ret;
 }
diff --git a/include/linux/psp-hygon.h b/include/linux/psp-hygon.h
index efb618a0eb6e8443b08d4ad0dd1cdc8a84275d14..41308eed5a277384ca46d0f87da77cda4cf93924 100644
--- a/include/linux/psp-hygon.h
+++ b/include/linux/psp-hygon.h
@@ -12,6 +12,7 @@
 
 #include <linux/types.h>
 #include <linux/fs.h>
+#include <linux/kvm_types.h>
 
 /*****************************************************************************/
 /***************************** CSV interface *********************************/
@@ -305,8 +306,62 @@ struct csv3_data_dbg_read_mem {
 	u32 size;			/* In */
 } __packed;
 
+/*
+ * enum VPSP_CMD_STATUS - virtual psp command status
+ *
+ * @VPSP_INIT: the initial command from guest
+ * @VPSP_RUNNING: the middle command to check and run ringbuffer command
+ * @VPSP_FINISH: inform the guest that the command ran successfully
+ */
+enum VPSP_CMD_STATUS {
+	VPSP_INIT = 0,
+	VPSP_RUNNING,
+	VPSP_FINISH,
+	VPSP_MAX
+};
+
+/**
+ * struct vpsp_cmd - virtual psp command
+ *
+ * @cmd_id: the command id is used to distinguish different commands
+ * @is_high_rb: indicates the ringbuffer level in which the command is placed
+ */
+struct vpsp_cmd {
+	u32 cmd_id	:	31;
+	u32 is_high_rb	:	1;
+};
+
+/**
+ * struct vpsp_ret - virtual psp return result
+ *
+ * @pret: the return code from device
+ * @resv: reserved bits
+ * @index: used to distinguish the position of command in the ringbuffer
+ * @status: indicates the current status of the related command
+ */
+struct vpsp_ret {
+	u32 pret	:	16;
+	u32 resv	:	2;
+	u32 index	:	12;
+	u32 status	:	2;
+};
+
+struct kvm_vpsp {
+	struct kvm *kvm;
+	int (*write_guest)(struct kvm *kvm, gpa_t gpa, const void *data, unsigned long len);
+	int (*read_guest)(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len);
+};
+
+#define PSP_VID_MASK            0xff
+#define PSP_VID_SHIFT           56
+#define PUT_PSP_VID(hpa, vid)   ((__u64)(hpa) | ((__u64)(PSP_VID_MASK & vid) << PSP_VID_SHIFT))
+#define GET_PSP_VID(hpa)        ((__u16)((__u64)(hpa) >> PSP_VID_SHIFT) & PSP_VID_MASK)
+#define CLEAR_PSP_VID(hpa)      ((__u64)(hpa) & ~((__u64)PSP_VID_MASK << PSP_VID_SHIFT))
+
 #ifdef CONFIG_CRYPTO_DEV_SP_PSP
 
+int vpsp_do_cmd(uint32_t vid, int cmd, void *data, int *psp_ret);
+
 int psp_do_cmd(int cmd, void *data, int *psp_ret);
 
 int csv_ring_buffer_queue_init(void);
@@ -320,8 +375,21 @@ int csv_check_stat_queue_status(int *psp_ret);
  */
 int csv_issue_ringbuf_cmds_external_user(struct file *filep, int *psp_ret);
 
+int vpsp_try_get_result(uint32_t vid, uint8_t prio, uint32_t index,
+			void *data, struct vpsp_ret *psp_ret);
+
+int vpsp_try_do_cmd(uint32_t vid, int cmd, void *data, struct vpsp_ret *psp_ret);
+
+int vpsp_get_vid(uint32_t *vid, pid_t pid);
+
+int vpsp_get_default_vid_permission(void);
+
+int kvm_pv_psp_op(struct kvm_vpsp *vpsp, int cmd, gpa_t data_gpa, gpa_t psp_ret_gpa,
+		gpa_t table_gpa);
 #else	/* !CONFIG_CRYPTO_DEV_SP_PSP */
 
+static inline int vpsp_do_cmd(uint32_t vid, int cmd, void *data, int *psp_ret) { return -ENODEV; }
+
 static inline int psp_do_cmd(int cmd, void *data, int *psp_ret) { return -ENODEV; }
 
 static inline int csv_ring_buffer_queue_init(void) { return -ENODEV; }
@@ -332,6 +400,23 @@ static inline int csv_check_stat_queue_status(int *psp_ret) { return -ENODEV; }
 static inline int
 csv_issue_ringbuf_cmds_external_user(struct file *filep, int *psp_ret) { return -ENODEV; }
 
+static inline int
+vpsp_try_get_result(uint32_t vid, uint8_t prio,
+		uint32_t index, void *data, struct vpsp_ret *psp_ret) { return -ENODEV; }
+
+static inline int
+vpsp_try_do_cmd(uint32_t vid, int cmd,
+		void *data, struct vpsp_ret *psp_ret) { return -ENODEV; }
+
+static inline int
+vpsp_get_vid(uint32_t *vid, pid_t pid) { return -ENODEV; }
+
+static inline int
+vpsp_get_default_vid_permission(void) { return -ENODEV; }
+
+static inline int
+kvm_pv_psp_op(struct kvm_vpsp *vpsp, int cmd, gpa_t data_gpa,
+	      gpa_t psp_ret_gpa, gpa_t table_gpa) { return -ENODEV; }
 #endif	/* CONFIG_CRYPTO_DEV_SP_PSP */
 
 typedef int (*p2c_notifier_t)(uint32_t id, uint64_t data);
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index 76ee067a962c93ed72c1c207393673532fe4def6..a2a4e975fb0cbc437620cec29b8c10777c569cf2 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -13,6 +13,7 @@
 #define __PSP_SEV_H__
 
 #include <uapi/linux/psp-sev.h>
+#include <linux/kvm_types.h>
 
 #define SEV_FW_BLOB_MAX_SIZE	0x4000	/* 16KB */
 
diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h
index 67192835455e0707993d021f38991803bce2c550..86369b7a573397a66e4b371c5e21a32c7fac5ccc 100644
--- a/include/uapi/linux/kvm_para.h
+++ b/include/uapi/linux/kvm_para.h
@@ -31,6 +31,7 @@
 #define KVM_HC_SCHED_YIELD		11
 #define KVM_HC_MAP_GPA_RANGE		12
 #define KVM_HC_VM_ATTESTATION		100	/* Specific to Hygon CPU */
+#define KVM_HC_PSP_OP			101	/* Specific to Hygon platform */
 
 /*
  * hypercalls use architecture specific