From: Markus Armbruster <armbru@redhat.com>
To: "Naveen N Rao (AMD)" <naveen@kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Eric Blake <eblake@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
qemu-devel <qemu-devel@nongnu.org>, <kvm@vger.kernel.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
Nikunj A Dadhania <nikunj@amd.com>,
"Daniel P. Berrange" <berrange@redhat.com>,
Eduardo Habkost <eduardo@habkost.net>,
Zhao Liu <zhao1.liu@intel.com>,
Michael Roth <michael.roth@amd.com>,
Roy Hopkins <roy.hopkins@randomman.co.uk>
Subject: Re: [PATCH v2 6/9] target/i386: SEV: Add support for enabling debug-swap SEV feature
Date: Tue, 07 Oct 2025 08:14:37 +0200 [thread overview]
Message-ID: <871pnfjl0y.fsf@pond.sub.org> (raw)
In-Reply-To: <4f0f28154342d562e76107dfd60ed3a02665fbfe.1758794556.git.naveen@kernel.org> (Naveen N. Rao's message of "Thu, 25 Sep 2025 15:47:35 +0530")
"Naveen N Rao (AMD)" <naveen@kernel.org> writes:
> Add support for enabling debug-swap VMSA SEV feature in SEV-ES and
> SEV-SNP guests through a new "debug-swap" boolean property on SEV guest
> objects. Though the boolean property is available for plain SEV guests,
> check_sev_features() will reject setting this for plain SEV guests.
Is this the sev_features && !sev_es_enabled() check there?
Does "reject setting this" mean setting it to true is rejected, or does
it mean setting it to any value is rejected?
> Though this SEV feature is called "Debug virtualization" in the APM, KVM
> calls this "debug swap" so use the same name for consistency.
>
> Sample command-line:
> -machine q35,confidential-guest-support=sev0 \
> -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,debug-swap=on
Always appreciated in commit messages.
I get "cannot set up private guest memory for sev-snp-guest: KVM
required". If I add the obvious "-accel kvm", I get "-accel kvm:
vm-type SEV-SNP not supported by KVM". I figure that's because my
hardware isn't capable. The error message could be clearer. Not this
patch's fault.
> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org>
> ---
> target/i386/sev.h | 1 +
> target/i386/sev.c | 20 ++++++++++++++++++++
> qapi/qom.json | 6 +++++-
> 3 files changed, 26 insertions(+), 1 deletion(-)
>
> diff --git a/target/i386/sev.h b/target/i386/sev.h
> index 102546b112d6..8e09b2ce1976 100644
> --- a/target/i386/sev.h
> +++ b/target/i386/sev.h
> @@ -45,6 +45,7 @@ bool sev_snp_enabled(void);
> #define SEV_SNP_POLICY_DBG 0x80000
>
> #define SVM_SEV_FEAT_SNP_ACTIVE BIT(0)
> +#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5)
>
> typedef struct SevKernelLoaderContext {
> char *setup_data;
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 88dd0750d481..e9d84ea25571 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -319,6 +319,11 @@ sev_set_guest_state(SevCommonState *sev_common, SevState new_state)
> sev_common->state = new_state;
> }
>
> +static bool is_sev_feature_set(SevCommonState *sev_common, uint64_t feature)
> +{
> + return !!(sev_common->sev_features & feature);
> +}
> +
> static void sev_set_feature(SevCommonState *sev_common, uint64_t feature, bool set)
> {
> if (set) {
> @@ -2744,6 +2749,16 @@ static int cgs_set_guest_policy(ConfidentialGuestPolicyType policy_type,
> return 0;
> }
>
> +static bool sev_common_get_debug_swap(Object *obj, Error **errp)
> +{
> + return is_sev_feature_set(SEV_COMMON(obj), SVM_SEV_FEAT_DEBUG_SWAP);
> +}
> +
> +static void sev_common_set_debug_swap(Object *obj, bool value, Error **errp)
> +{
> + sev_set_feature(SEV_COMMON(obj), SVM_SEV_FEAT_DEBUG_SWAP, value);
> +}
> +
> static void
> sev_common_class_init(ObjectClass *oc, const void *data)
> {
> @@ -2761,6 +2776,11 @@ sev_common_class_init(ObjectClass *oc, const void *data)
> sev_common_set_kernel_hashes);
> object_class_property_set_description(oc, "kernel-hashes",
> "add kernel hashes to guest firmware for measured Linux boot");
> + object_class_property_add_bool(oc, "debug-swap",
> + sev_common_get_debug_swap,
> + sev_common_set_debug_swap);
> + object_class_property_set_description(oc, "debug-swap",
> + "enable virtualization of debug registers");
> }
>
> static void
> diff --git a/qapi/qom.json b/qapi/qom.json
> index 830cb2ffe781..df962d4a5215 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -1010,13 +1010,17 @@
> # designated guest firmware page for measured boot with -kernel
> # (default: false) (since 6.2)
> #
> +# @debug-swap: enable virtualization of debug registers
> +# (default: false) (since 10.2)
> +#
According to the commit message, setting @default-swap works only for
SEV-ES and SEV-SNP guests, i.e. it fails for plain SEV guests. Should
we document this here?
> # Since: 9.1
> ##
> { 'struct': 'SevCommonProperties',
> 'data': { '*sev-device': 'str',
> '*cbitpos': 'uint32',
> 'reduced-phys-bits': 'uint32',
> - '*kernel-hashes': 'bool' } }
> + '*kernel-hashes': 'bool',
> + '*debug-swap': 'bool' } }
>
> ##
> # @SevGuestProperties:
next prev parent reply other threads:[~2025-10-07 6:14 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 10:17 [PATCH v2 0/9] target/i386: SEV: Add support for enabling VMSA SEV features Naveen N Rao (AMD)
2025-09-25 10:17 ` [PATCH v2 1/9] target/i386: SEV: Generalize handling of SVM_SEV_FEAT_SNP_ACTIVE Naveen N Rao (AMD)
2025-09-25 10:17 ` [PATCH v2 2/9] target/i386: SEV: Ensure SEV features are only set through qemu cli or IGVM Naveen N Rao (AMD)
2025-09-25 10:17 ` [PATCH v2 3/9] target/i386: SEV: Consolidate SEV feature validation to common init path Naveen N Rao (AMD)
2025-09-25 10:17 ` [PATCH v2 4/9] target/i386: SEV: Validate that SEV-ES is enabled when VMSA features are used Naveen N Rao (AMD)
2025-09-25 10:17 ` [PATCH v2 5/9] target/i386: SEV: Enable use of KVM_SEV_INIT2 for SEV-ES guests Naveen N Rao (AMD)
2025-09-25 10:17 ` [PATCH v2 6/9] target/i386: SEV: Add support for enabling debug-swap SEV feature Naveen N Rao (AMD)
2025-10-07 6:14 ` Markus Armbruster [this message]
2025-10-08 8:20 ` Naveen N Rao
2025-09-25 10:17 ` [PATCH v2 7/9] target/i386: SEV: Add support for enabling Secure TSC " Naveen N Rao (AMD)
2025-09-25 10:17 ` [PATCH v2 8/9] target/i386: SEV: Add support for setting TSC frequency for Secure TSC Naveen N Rao (AMD)
2025-10-07 13:31 ` Tom Lendacky
2025-10-08 9:52 ` Naveen N Rao
2025-10-24 15:00 ` Tom Lendacky
2025-10-24 17:16 ` Naveen N Rao
2025-10-28 15:11 ` Tom Lendacky
2025-11-03 10:55 ` Naveen N Rao
2025-09-25 10:17 ` [PATCH v2 9/9] target/i386: SEV: Refactor check_sev_features() Naveen N Rao (AMD)
2025-10-24 13:59 ` [PATCH v2 0/9] target/i386: SEV: Add support for enabling VMSA SEV features Naveen N Rao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871pnfjl0y.fsf@pond.sub.org \
--to=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=eduardo@habkost.net \
--cc=kvm@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mtosatti@redhat.com \
--cc=naveen@kernel.org \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=roy.hopkins@randomman.co.uk \
--cc=thomas.lendacky@amd.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.