Re: [PATCH 3/4] crypto/ccp: support setting RAPL_DIS in SNP_INIT_EX

Next message: Rong Zhang: "Re: [PATCH v3 0/6] platform-x86: lenovo-wmi: Add fixes and enhancement"
Previous message: Zhi Wang: "[RFC v2 1/1] rust: pci: add extended capability and SR-IOV support"
In reply to: Sean Christopherson: "Re: [PATCH 3/4] crypto/ccp: support setting RAPL_DIS in SNP_INIT_EX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tycho Andersen

Date: Wed Feb 25 2026 - 13:08:52 EST

On Tue, Feb 24, 2026 at 09:50:11AM -0800, Sean Christopherson wrote:
> On Mon, Feb 23, 2026, Tycho Andersen wrote:
> > On Mon, Feb 23, 2026 at 08:40:19AM -0800, Sean Christopherson wrote:
> > > On Mon, Feb 23, 2026, Tycho Andersen wrote:
> > > > From: "Tycho Andersen (AMD)" <tycho@xxxxxxxxxx>
> > > >
> > > > The kernel allows setting the RAPL_DIS policy bit, but had no way to set
> > >
> > > Please actually say what RAPL_DIS is and does, and explain why this is the
> > > correct approach. I genuinely have no idea what the impact of this patch is,
> > > (beyond disabling something, obviously).
> >
> > Sure, the easiest thing is probably to quote the firmware PDF:
> >
> > Some processors support the Running Average Power Limit (RAPL)
> > feature which provides information about power utilization of
> > software. RAPL can be disabled using the RAPL_DIS flag in
> > SNP_INIT_EX to disable RAPL while SNP firmware is in the INIT
> > state. Guests may require that RAPL is disabled by using the
> > POLICY.RAPL_DIS guest policy flag.
>
> Ah, I assume this about disabling RAPL to mitigate a potential side channel? If
> so, please call that out in the changelog.
>
> And does this disable RAPL for _everything_? Or does it just disable RAPL for
> SNP VMs? If it's the former, then burying this in drivers/crypto/ccp/sev-dev.c
> feels wrong.

Presumably you're right on both counts, but I've asked our firmware
team to clarify exactly what happens.

I guess that means it should be kvm-amd.rapl_disable?

Thanks,

Tycho