From nobody Wed Jun 17 05:10:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6955038E129; Mon, 27 Apr 2026 20:50:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777323037; cv=none; b=Vf26AFXaqtiP6Xq8/dCZ9wNl0sk0OOUu8LbHQtJFHGIdBav1gJI58paUBMMyhHKmKgscf1GfsXNGkexmddAtDBa7/xAXWGi5GvQ2DTIi9sLEegpV27Why18ArunMQ+g4PcaJwxqhYHUZ0LglSOs4A8ZoPhLEJgtGbI92BPZzYoY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777323037; c=relaxed/simple; bh=I1l9YPP/ComIPE00fpuZz1ejIB5bhQV2RMeVzSfSA8A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KzSCuy+fEiI2IN4zCxgnDTuEjzBloLnXFDpN1nFLvq9g73eH98+nyQekem0U9oLHybr1A6TziefoZQKjKMGjZ96Kr/BahDIECmtjjmohUZ6UraPl7V/ZzbJouKppJDd/junsJdOo4uU/nDzW4eMOVxBMKgBBD+IeRSDOJ2HsvtY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=oW8fBl2p; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="oW8fBl2p" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C7CCC2BCB7; Mon, 27 Apr 2026 20:50:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777323035; bh=I1l9YPP/ComIPE00fpuZz1ejIB5bhQV2RMeVzSfSA8A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oW8fBl2pQCUd/SMtbsCIN9u/gRCSHrn4tkurhXz+veaW68ZIOIRt1H9eXktvNXJew jDCO1x9y36KUTmMuJddOXGul1pj17MIUsv9rwdW6JOrRgCkdARyz5WF5eH93Gwjf8L cMrzGVDqIDm141XzaUNp0V/tlzK9K+QkP6hmc/IpecIIcA6xrkzB+XaQsWFxOx6kE/ KgRzJfDt2OVlNOwlBdn7yHHgYv28UgfVBX7qCJDplogv/wE/0Q9NGhC5ifqXpX8K+P R7fSyiW1LT0r2fGoe/g/yN/jGwAfnAVPS2yIvIdKli1ssGXh4pNpD2Sh9wua2D9NoI L3Tm1A7c3nSdg== From: Tycho Andersen To: Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Jonathan Corbet , Shuah Khan , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Kim Phillips , Alexey Kardashevskiy , "Tycho Andersen (AMD)" , Nikunj A Dadhania , Andrew Morton , Randy Dunlap , Dapeng Mi , Kees Cook , Marco Elver , Jakub Kicinski , Li RongQing , Eric Biggers , "Paul E. McKenney" , linux-doc@vger.kernel.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH v2 1/4] crypto/ccp: Pass init_args to __sev_snp_init_locked() Date: Mon, 27 Apr 2026 14:48:44 -0600 Message-ID: <20260427204847.112899-2-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260427204847.112899-1-tycho@kernel.org> References: <20260427204847.112899-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" Rather than splitting this off, pass the whole struct so that __sev_snp_init_locked() will have access to any other structure members that are added in the future. No functional change intended. Signed-off-by: Tycho Andersen (AMD) --- drivers/crypto/ccp/sev-dev.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index d1e9e0ac63b6..bf54a3fadb28 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1351,7 +1351,7 @@ static int snp_filter_reserved_mem_regions(struct res= ource *rs, void *arg) return 0; } =20 -static int __sev_snp_init_locked(int *error, unsigned int max_snp_asid) +static int __sev_snp_init_locked(struct sev_platform_init_args *args) { struct sev_data_range_list *snp_range_list __free(kfree) =3D NULL; struct psp_device *psp =3D psp_master; @@ -1421,9 +1421,9 @@ static int __sev_snp_init_locked(int *error, unsigned= int max_snp_asid) =20 memset(&data, 0, sizeof(data)); =20 - if (max_snp_asid) { + if (args->max_snp_asid) { data.ciphertext_hiding_en =3D 1; - data.max_snp_asid =3D max_snp_asid; + data.max_snp_asid =3D args->max_snp_asid; } =20 data.init_rmp =3D 1; @@ -1458,20 +1458,20 @@ static int __sev_snp_init_locked(int *error, unsign= ed int max_snp_asid) */ wbinvd_on_all_cpus(); =20 - rc =3D __sev_do_cmd_locked(cmd, arg, error); + rc =3D __sev_do_cmd_locked(cmd, arg, &args->error); if (rc) { dev_err(sev->dev, "SEV-SNP: %s failed rc %d, error %#x\n", cmd =3D=3D SEV_CMD_SNP_INIT_EX ? "SNP_INIT_EX" : "SNP_INIT", - rc, *error); + rc, args->error); return rc; } =20 /* Prepare for first SNP guest launch after INIT. */ wbinvd_on_all_cpus(); - rc =3D __sev_do_cmd_locked(SEV_CMD_SNP_DF_FLUSH, NULL, error); + rc =3D __sev_do_cmd_locked(SEV_CMD_SNP_DF_FLUSH, NULL, &args->error); if (rc) { dev_err(sev->dev, "SEV-SNP: SNP_DF_FLUSH failed rc %d, error %#x\n", - rc, *error); + rc, args->error); return rc; } =20 @@ -1651,7 +1651,7 @@ static int _sev_platform_init_locked(struct sev_platf= orm_init_args *args) if (sev->sev_plat_status.state =3D=3D SEV_STATE_INIT) return 0; =20 - rc =3D __sev_snp_init_locked(&args->error, args->max_snp_asid); + rc =3D __sev_snp_init_locked(args); if (rc && rc !=3D -ENODEV) return rc; =20 @@ -1732,9 +1732,10 @@ static int sev_move_to_init_state(struct sev_issue_c= md *argp, bool *shutdown_req =20 static int snp_move_to_init_state(struct sev_issue_cmd *argp, bool *shutdo= wn_required) { - int error, rc; + struct sev_platform_init_args args =3D {}; + int rc; =20 - rc =3D __sev_snp_init_locked(&error, 0); + rc =3D __sev_snp_init_locked(&args); if (rc) { argp->error =3D SEV_RET_INVALID_PLATFORM_STATE; return rc; --=20 2.53.0 From nobody Wed Jun 17 05:10:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AE66239656D; Mon, 27 Apr 2026 20:50:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777323041; cv=none; b=eHu8i43+kfl74yOA0i4pEfcSZ0xfOZBKex9EDlSk/iX/M9dSCX0JuqTq3M7PYNY8n24HVm7tHG52AHCVTGjNx1DSPYp1k5RG/0opDX0KrUVCK94MI8S7LVq/r3f1dnaimRuSSJddVdz5sd3wfWPrFs/+xcRJ58dcvHKxFEc991I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777323041; c=relaxed/simple; bh=xioMO/UL0CvBPPzQEWOUt4oVRuZ2NEG3I7jSIsxV0YM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DOF+w2wWATW9/jTCd29fQEDfHxbOiy4q1y4bA7EhGfgmIy2jqrjcTq8Ip7mtQX4yAVVn2e9SCSNZAYdSacKxldE3Zh1Y8mTU6OQ62KH7LGxc6QLhVgPsyg+LrllwFY2unVc7MpynkmoIZR91HdFY+HwEC5/eWNBFxv79QklqBk0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=luPmFpvX; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="luPmFpvX" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D901EC2BCB9; Mon, 27 Apr 2026 20:50:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777323040; bh=xioMO/UL0CvBPPzQEWOUt4oVRuZ2NEG3I7jSIsxV0YM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=luPmFpvX04zWv09jN2p0rhoLxkN6Hz9rsT1L2yh1xVBEjQqwKgy06DcHcmXh0hUJ8 eqk/zabuzvO3sj6FxAmHTC3xSbvrf2IAwt+ZuasXf7AftXLThwbk3+3ov92IQWeYMZ zBOGaTmLi9W9RE9EqDX6XzUDXS7aFDrDcKrMVpGLIeiZrM6zQGbQUmPfOJHRBFBXZD URu5UFobS1sFLKwyVhNs1flbQ9k1fJgVkNgYac8dmAz8IwkLl/HCIkyFX3zbYkpCXE 5HTbznyXU6EB6SiurCmxBipev5Myr1GIkacGNw+ypEU9iZtUoVkJPzbQXs4E14/fc/ PogzEij2bKxmg== From: Tycho Andersen To: Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Jonathan Corbet , Shuah Khan , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Kim Phillips , Alexey Kardashevskiy , "Tycho Andersen (AMD)" , Nikunj A Dadhania , Andrew Morton , Randy Dunlap , Dapeng Mi , Kees Cook , Marco Elver , Jakub Kicinski , Li RongQing , Eric Biggers , "Paul E. McKenney" , linux-doc@vger.kernel.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH v2 2/4] crypto/ccp: Support setting RAPL_DIS in SNP_INIT_EX Date: Mon, 27 Apr 2026 14:48:45 -0600 Message-ID: <20260427204847.112899-3-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260427204847.112899-1-tycho@kernel.org> References: <20260427204847.112899-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" From the PLATYPUS [1] attack paper: We exploit unprivileged access to the Intel Running Average Power Limit (RAPL) interface that exposes values directly correlated with power consumption, forming a low-resolution side channel. The SEV firmware offers a mechanism to freeze RAPL counters across all cores during SNP initialization via the RAPL_DIS bit in SNP_INIT_EX. The counters remain frozen while SNP is initialized, and resume after an SNP shutdown. The SEV firmware also has a RAPL_DIS policy bit, allowing guests to enforce that RAPL is disabled on a system before running. Since the kernel had no way to set the RAPL_DIS bit during SNP init, trying to set the policy bit would always result in a failed launch. Allow setting the RAPL_DIS bit during SNP_INIT_EX via struct sev_platform_init_args. If the hardware does not support RAPL_DIS, set the rapl_disable parameter to false so that consumers can detect when it was not actually initialized. [1]: https://platypusattack.com/platypus.pdf Signed-off-by: Tycho Andersen (AMD) --- drivers/crypto/ccp/sev-dev.c | 14 +++++++++++++- include/linux/psp-sev.h | 2 ++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index bf54a3fadb28..6223d63e676e 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1365,8 +1365,11 @@ static int __sev_snp_init_locked(struct sev_platform= _init_args *args) =20 sev =3D psp->sev_data; =20 - if (sev->snp_initialized) + if (sev->snp_initialized) { + if (args->rapl_disable && !sev->snp_plat_status.rapl_dis) + args->rapl_disable =3D false; return 0; + } =20 if (!sev_version_greater_or_equal(SNP_MIN_API_MAJOR, SNP_MIN_API_MINOR)) { dev_dbg(sev->dev, "SEV-SNP support requires firmware version >=3D %d:%d\= n", @@ -1376,6 +1379,12 @@ static int __sev_snp_init_locked(struct sev_platform= _init_args *args) =20 snp_prepare(); =20 + if (args->rapl_disable && !(sev->snp_feat_info_0.ecx & SNP_RAPL_DISABLE_S= UPPORTED)) { + dev_info(sev->dev, + "SEV: RAPL_DIS requested, but not supported\n"); + args->rapl_disable =3D false; + } + /* * Starting in SNP firmware v1.52, the SNP_INIT_EX command takes a list * of system physical address ranges to convert into HV-fixed page @@ -1426,6 +1435,9 @@ static int __sev_snp_init_locked(struct sev_platform_= init_args *args) data.max_snp_asid =3D args->max_snp_asid; } =20 + if (args->rapl_disable) + data.rapl_dis =3D 1; + data.init_rmp =3D 1; data.list_paddr_en =3D 1; data.list_paddr =3D __psp_pa(snp_range_list); diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index d5099a2baca5..55ffc098d573 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -848,11 +848,13 @@ struct sev_data_snp_shutdown_ex { * unless psp_init_on_probe module param is set * @max_snp_asid: When non-zero, enable ciphertext hiding and specify the * maximum ASID that can be used for an SEV-SNP guest. + * @rapl_disable: Whether or not to set the RAPL_DIS bit during SNP_INIT_E= X. */ struct sev_platform_init_args { int error; bool probe; unsigned int max_snp_asid; + bool rapl_disable; }; =20 /** --=20 2.53.0 From nobody Wed Jun 17 05:10:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D0E13A75A4; Mon, 27 Apr 2026 20:50:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777323045; cv=none; b=DfyMYUrcEyKaf3/U/v/iio+gQnfKX3KGU15sGadWrVCgmvO0QK4NHiHOxVBkmID1N7QjsOzjMCseoNqotMcpR28VBNEx6hCC5g8Hwy8l3qrY8mVgvdt6QE3xdO6hxjv/Ayl+XmG5/teJxi+6ZknupbgfHCjo3By1VA4fLWNX9FY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777323045; c=relaxed/simple; bh=GwK3wrKcvZUv9x6NuNYcq4nOFKtJixHLHI7btCyj6D4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ggNkqOgIcaIa0ZUHAOldiFQmLvNbaKeSyXo8EJ0hM7huIiavyKIZbg4n/CKzdK04f9VycIeIi2c2nIh0MM3tqfbK7K9lAVtd2wP80rd+o6sZ9afeY9WpWb5KmH0u51eCjM0h7JdpZseQPLyDYdUitlvBPuy5RTUcpKQKSjRBgs4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Uir03wz7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Uir03wz7" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7D74CC2BCB5; Mon, 27 Apr 2026 20:50:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777323044; bh=GwK3wrKcvZUv9x6NuNYcq4nOFKtJixHLHI7btCyj6D4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Uir03wz7kbab8aKtAC3MiktGCtLLWVmGw1d5LJuOQRcuSRAg2Cf2mtoiW9DNykyog wZGMoraaNV9Ocm5czOssbGN5CYBOE1oqJMvB5pHeywORw+GCWZq8xM5W9ngEVCXy55 FuvZptLBIMfi9iX3yXUFUkS7XyWPo8OjxfQUA4s0Efm+Mf86gOaEtbWOW5xhJUGtW8 X8HgmfFd86qxQohnSmrrM5tDf8sT5VMbtKbRMSg1ydGFNEmoFy0YNK/DdMo6Z58PPP dh0dW8pJZyvnG/6+IHKFrAtLq0plhE3vA6p3y6G2XHCNvzdVsMO7R6ejtsES3Yw6w4 hOmqsVFtMNu6g== From: Tycho Andersen To: Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Jonathan Corbet , Shuah Khan , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Kim Phillips , Alexey Kardashevskiy , "Tycho Andersen (AMD)" , Nikunj A Dadhania , Andrew Morton , Randy Dunlap , Dapeng Mi , Kees Cook , Marco Elver , Jakub Kicinski , Li RongQing , Eric Biggers , "Paul E. McKenney" , linux-doc@vger.kernel.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH v2 3/4] KVM: SEV: Add the kvm-amd.rapl_disable module parameter Date: Mon, 27 Apr 2026 14:48:46 -0600 Message-ID: <20260427204847.112899-4-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260427204847.112899-1-tycho@kernel.org> References: <20260427204847.112899-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" Add a user-visible way to set the RAPL_DIS bit for SNP init. Since setting RAPL_DIS affects the whole system, put the module parameter in kvm_amd instead of in the CCP driver to hopefully make it more obvious to admins. Signed-off-by: Tycho Andersen (AMD) --- Documentation/admin-guide/kernel-parameters.txt | 5 +++++ arch/x86/kvm/svm/sev.c | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentatio= n/admin-guide/kernel-parameters.txt index 4d0f545fb3ec..2b50eed8664c 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -3207,6 +3207,11 @@ Kernel parameters max_snp_asid =3D=3D min_sev_asid-1, will effectively make SEV-ES unusable. =20 + kvm-amd.rapl_disable=3D [KVM,AMD] Whether to disable RAPL + (Running Average Power Limit) when initializing the SNP + firmware. This disables the counters for the entire system until an + SNP shutdown command is issued. + kvm-arm.mode=3D [KVM,ARM,EARLY] Select one of KVM/arm64's modes of operation. diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c2126b3c3072..c2a30a3d6f50 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -66,6 +66,10 @@ module_param_named(sev_snp, sev_snp_enabled, bool, 0444); static unsigned int __ro_after_init nr_ciphertext_hiding_asids; module_param_named(ciphertext_hiding_asids, nr_ciphertext_hiding_asids, ui= nt, 0444); =20 +static bool rapl_disable; +module_param(rapl_disable, bool, 0444); +MODULE_PARM_DESC(rapl_disable, " if true, disable RAPL during SNP Initiali= zation"); + #define AP_RESET_HOLD_NONE 0 #define AP_RESET_HOLD_NAE_EVENT 1 #define AP_RESET_HOLD_MSR_PROTO 2 @@ -3163,6 +3167,7 @@ void __init sev_hardware_setup(void) out: if (sev_enabled) { init_args.probe =3D true; + init_args.rapl_disable =3D rapl_disable; =20 if (sev_is_snp_ciphertext_hiding_supported()) init_args.max_snp_asid =3D min(nr_ciphertext_hiding_asids, @@ -3174,6 +3179,9 @@ void __init sev_hardware_setup(void) sev_snp_supported =3D is_sev_snp_initialized(); =20 if (sev_snp_supported) { + if (!init_args.rapl_disable) + rapl_disable =3D false; + snp_supported_policy_bits =3D sev_get_snp_policy_bits() & KVM_SNP_POLICY_MASK_VALID; nr_ciphertext_hiding_asids =3D init_args.max_snp_asid; --=20 2.53.0 From nobody Wed Jun 17 05:10:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 616C038E100; Mon, 27 Apr 2026 20:50:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777323051; cv=none; b=sug3wAAvnxLp8hdQfGonAet8u15Faov4TB0Yn6a4tJjWMe/DP/39+V/60cyxf42kVPFGq6gYzIhxVCQty9r2Shso1EjGpaubZS1R4tjgfBImCbhNvvBOp3jvmLhhRuU6kXRpeJnbG1llixuPiIABVMBiLvIbSU4Kh1z0DRGpU7s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777323051; c=relaxed/simple; bh=esH8GoW/x0f4F3LQ0BiNpL6uFiMcPBcjR+T948qhS/A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JMcRfUSLAcWpkYGKc2CFgE/oKnONJ+QcDpT6OYjD4Gsa8wBRhlsm4TLRx2gSmu2ojcYm+kasv2csC2u7LruQYeMXfgC+w90eNP1m7B89xEI0PMxtCqjdrIlZAV0VqWEVfgolNQGjHUxHSZAefgsqt8ZMRHFW6d8RLtgjA6VuafM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Zif4KKi0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Zif4KKi0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2A24CC19425; Mon, 27 Apr 2026 20:50:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777323049; bh=esH8GoW/x0f4F3LQ0BiNpL6uFiMcPBcjR+T948qhS/A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Zif4KKi0l2HAdsKn4T3m4qINJILeE3GEdBTZPHgxd+050ZSlrwrTNVGRC6F0fkCEu 3Sk3kszX5JQbISumyKPCHQjHjAR2CnjAaE+iTyQjAaf7ObJoayDIunEBNVZsDafVcb vNOjpgPCAxReOOT49cOi0ZHr07WcmTx8YoHsbYczlbAsnX5zjAYuUGnYt4DZvkHAUv PpWWFCgLnsFTW3yPcHrvMdn2in4t6vaeuwRi6B8Qgo4pu0nTBUjXGe/Q49bL2Tk4uJ L2l6HKd3yZF53lBTiSaprOJ2/tYITX7BE7UR3PlmOT1eMJZ2ou8vRV8ltEifpobpRd ONC75s7s2vGLg== From: Tycho Andersen To: Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Jonathan Corbet , Shuah Khan , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Shuah Khan Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Kim Phillips , Alexey Kardashevskiy , "Tycho Andersen (AMD)" , Nikunj A Dadhania , Andrew Morton , Randy Dunlap , Dapeng Mi , Kees Cook , Marco Elver , Jakub Kicinski , Li RongQing , Eric Biggers , "Paul E. McKenney" , linux-doc@vger.kernel.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH v2 4/4] KVM: selftests: Add a smoke test support for RAPL_DIS Date: Mon, 27 Apr 2026 14:48:47 -0600 Message-ID: <20260427204847.112899-5-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260427204847.112899-1-tycho@kernel.org> References: <20260427204847.112899-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" If the hardware supports the RAPL_DIS policy bit and the ccp has been loaded with the RAPL_DIS bit set, make sure a VM can actually start using it. Signed-off-by: Tycho Andersen (AMD) --- tools/testing/selftests/kvm/include/x86/sev.h | 1 + .../selftests/kvm/x86/sev_smoke_test.c | 24 ++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/include/x86/sev.h b/tools/testing/= selftests/kvm/include/x86/sev.h index 1af44c151d60..2bbac9cd192a 100644 --- a/tools/testing/selftests/kvm/include/x86/sev.h +++ b/tools/testing/selftests/kvm/include/x86/sev.h @@ -28,6 +28,7 @@ enum sev_guest_state { #define SNP_POLICY_SMT (1ULL << 16) #define SNP_POLICY_RSVD_MBO (1ULL << 17) #define SNP_POLICY_DBG (1ULL << 19) +#define SNP_POLICY_RAPL_DIS (1ULL << 23) =20 #define GHCB_MSR_TERM_REQ 0x100 =20 diff --git a/tools/testing/selftests/kvm/x86/sev_smoke_test.c b/tools/testi= ng/selftests/kvm/x86/sev_smoke_test.c index 1a49ee391586..15c848749de6 100644 --- a/tools/testing/selftests/kvm/x86/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86/sev_smoke_test.c @@ -243,6 +243,18 @@ static void test_sev_smoke(void *guest, u32 type, u64 = policy) } } =20 +static u64 supported_policy_mask(void) +{ + int kvm_fd =3D open_kvm_dev_path_or_exit(); + u64 policy_mask =3D 0; + + kvm_device_attr_get(kvm_fd, KVM_X86_GRP_SEV, + KVM_X86_SNP_POLICY_BITS, + &policy_mask); + close(kvm_fd); + return policy_mask; +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_SEV)); @@ -252,8 +264,18 @@ int main(int argc, char *argv[]) if (kvm_cpu_has(X86_FEATURE_SEV_ES)) test_sev_smoke(guest_sev_es_code, KVM_X86_SEV_ES_VM, SEV_POLICY_ES); =20 - if (kvm_cpu_has(X86_FEATURE_SEV_SNP)) + if (kvm_cpu_has(X86_FEATURE_SEV_SNP)) { + u64 supported_policy =3D supported_policy_mask(); + test_sev_smoke(guest_snp_code, KVM_X86_SNP_VM, snp_default_policy()); =20 + if (supported_policy & SNP_POLICY_RAPL_DIS && + kvm_get_module_param_bool("kvm_amd", "rapl_disable")) { + u64 policy =3D snp_default_policy() | SNP_POLICY_RAPL_DIS; + + test_sev_smoke(guest_snp_code, KVM_X86_SNP_VM, policy); + } + } + return 0; } --=20 2.53.0