[RFC 0/2] Add SVSM virtio-mmio device slots (q35)

[RFC 0/2] Add SVSM virtio-mmio device slots (q35)

[Oliver Steffen]

Coconut SVSM recently gained support for virtio-blk devices using the
virtio-mmio transport [1].  This series adds dedicated virtio-mmio device slots
to the q35 machine type, inteded for use by an SVSM.

The feature is disabled by default and enabled via the new
`-machine q35,x-svsm-virtio-mmio=on` option. The slots are mapped starting at
base address `0xfef00000`, with each slot on a separate page. IRQs are not
wired; the SVSM must use polling mode to drive the devices.

The SVSM discovers the slot base addresses through a
`HARDWARE_INFO_SIMPLE_DEVICE` entry in the `etc/hardware-info` fw_cfg file [2].
This uses a dedicated device ID previously registered in EDK2 [3].

This series depends on the IGVM support series from Roy Hopkins [4]. While
there is no direct code dependency, the IGVM support is required to launch the
SVSM, which is the sole consumer and the only practical means of testing this
feature.

The virtio-mmio transport was chosen for its implementation simplicity. This
approach minimally impacts the guest-visible hardware, reserving only a small
MMIO region.

Any feedback would be greatly appreciated.

- Oliver

[1] https://github.com/coconut-svsm/svsm/pull/635
[2] See commit 8d127aa866
[3] https://github.com/tianocore/edk2/pull/10850
[4] https://lists.gnu.org/archive/html/qemu-devel/2025-06/msg02324.html

Gerd Hoffmann (1):
  q35: add virtio-mmio slots

Oliver Steffen (1):
  hw/uefi: Add hardware-info ID for virtio mmio devices for SVSM

 hw/i386/pc.c                    | 18 +++++++++++++++++-
 hw/i386/pc_q35.c                | 15 +++++++++++++++
 include/hw/i386/pc.h            |  1 +
 include/hw/uefi/hardware-info.h |  1 +
 4 files changed, 34 insertions(+), 1 deletion(-)

-- 
2.50.0

[RFC 1/2] hw/uefi: Add hardware-info ID for virtio mmio devices for SVSM

[Oliver Steffen]

Add a hardware-info device ID for virtio mmio devices intended for use by an SVSM.
The ID has already been reserved in edk2, see edk2 commit f25e3d0d2c55.

Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
 include/hw/uefi/hardware-info.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/hw/uefi/hardware-info.h b/include/hw/uefi/hardware-info.h
index 94c38cff20..d688af0e8a 100644
--- a/include/hw/uefi/hardware-info.h
+++ b/include/hw/uefi/hardware-info.h
@@ -14,6 +14,7 @@ typedef enum {
     HardwareInfoTypeUndefined  = 0,
     HardwareInfoTypeHostBridge = 1,
     HardwareInfoQemuUefiVars   = 2,
+    HardwareInfoVirtioMmioSvsm = 0x1000,
 } HARDWARE_INFO_TYPE;
 
 typedef struct {
-- 
2.50.0

[RFC 2/2] q35: add virtio-mmio slots

[Oliver Steffen]

From: Gerd Hoffmann <kraxel@redhat.com>

Add virtio-mmio slots to the q35 machine model, intended to be used by
an SVSM.

Disabled by default, enable using '-machine q35,x-svsm-virtio-mmio=on'.

When enabled it is possible to plug up to 4 virtio devices into the
slots virtio-mmio using '-device virtio-${kind}-device'.

The devices can be found at base address 0xfef00000, each slot on a
separate page.  No IRQ is wired up, the SVSM has to drive the devices
in polling mode.

The base addresses are communicated to the SVSM via the etc/hardware-info
fw_cfg file.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
 hw/i386/pc.c         | 18 +++++++++++++++++-
 hw/i386/pc_q35.c     | 15 +++++++++++++++
 include/hw/i386/pc.h |  1 +
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 432ab288a8..e1dbf8846d 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1584,6 +1584,21 @@ static void pc_machine_set_smbios_ep(Object *obj, Visitor *v, const char *name,
     visit_type_SmbiosEntryPointType(v, name, &pcms->smbios_entry_point_type, errp);
 }
 
+static bool pc_machine_get_svsm_virtio_mmio(Object *obj, Error **errp)
+{
+    PCMachineState *pcms = PC_MACHINE(obj);
+
+    return pcms->svsm_virtio_mmio;
+}
+
+static void pc_machine_set_svsm_virtio_mmio(Object *obj, bool value,
+                                            Error **errp)
+{
+    PCMachineState *pcms = PC_MACHINE(obj);
+
+    pcms->svsm_virtio_mmio = value;
+}
+
 static void pc_machine_get_max_ram_below_4g(Object *obj, Visitor *v,
                                             const char *name, void *opaque,
                                             Error **errp)
@@ -1844,7 +1859,8 @@ static void pc_machine_class_init(ObjectClass *oc, const void *data)
                                           "Set IGVM configuration");
 #endif
 
-
+    object_class_property_add_bool(oc, "x-svsm-virtio-mmio",
+        pc_machine_get_svsm_virtio_mmio, pc_machine_set_svsm_virtio_mmio);
 }
 
 static const TypeInfo pc_machine_info = {
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index cf871cfdad..b8511ae52a 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -60,7 +60,9 @@
 #include "hw/mem/nvdimm.h"
 #include "hw/uefi/var-service-api.h"
 #include "hw/i386/acpi-build.h"
+#include "hw/uefi/hardware-info.h"
 #include "target/i386/cpu.h"
+#include "exec/target_page.h"
 
 /* ICH9 AHCI has 6 ports */
 #define MAX_SATA_PORTS     6
@@ -335,6 +337,19 @@ static void pc_q35_init(MachineState *machine)
         }
     }
 #endif
+
+    if (pcms->svsm_virtio_mmio) {
+        for (int dev = 0; dev < 4; dev++) {
+            HARDWARE_INFO_SIMPLE_DEVICE hwinfo = {
+                .mmio_address = cpu_to_le64(0xfef00000 + dev * TARGET_PAGE_SIZE),
+            };
+            sysbus_create_simple("virtio-mmio", hwinfo.mmio_address,
+                                 /* no irq */ NULL);
+            hardware_info_register(HardwareInfoVirtioMmioSvsm,
+                                   &hwinfo, sizeof(hwinfo));
+        }
+    }
+
 }
 
 #define DEFINE_Q35_MACHINE(major, minor) \
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 79b72c54dd..9c9f947087 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -51,6 +51,7 @@ typedef struct PCMachineState {
     bool i8042_enabled;
     bool default_bus_bypass_iommu;
     bool fd_bootchk;
+    bool svsm_virtio_mmio;
     uint64_t max_fw_size;
 
     /* ACPI Memory hotplug IO base address */
-- 
2.50.0

Re: [RFC 1/2] hw/uefi: Add hardware-info ID for virtio mmio devices for SVSM

[Stefano Garzarella]

On Tue, Jul 01, 2025 at 02:18:14PM +0200, Oliver Steffen wrote:
>Add a hardware-info device ID for virtio mmio devices intended for use by an SVSM.
>The ID has already been reserved in edk2, see edk2 commit f25e3d0d2c55.
>
>Signed-off-by: Oliver Steffen <osteffen@redhat.com>
>---
> include/hw/uefi/hardware-info.h | 1 +
> 1 file changed, 1 insertion(+)
>
>diff --git a/include/hw/uefi/hardware-info.h b/include/hw/uefi/hardware-info.h
>index 94c38cff20..d688af0e8a 100644
>--- a/include/hw/uefi/hardware-info.h
>+++ b/include/hw/uefi/hardware-info.h
>@@ -14,6 +14,7 @@ typedef enum {
>     HardwareInfoTypeUndefined  = 0,
>     HardwareInfoTypeHostBridge = 1,
>     HardwareInfoQemuUefiVars   = 2,
>+    HardwareInfoVirtioMmioSvsm = 0x1000,

Can we use hexadecimal everywhere?

Which is basically the same for now, but I mean using the same format 
(0x0001, etc.). That said, I would probably do it in another cleanup 
patch.

LGTM!

Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>

> } HARDWARE_INFO_TYPE;
>
> typedef struct {
>-- 
>2.50.0
>

Re: [RFC 2/2] q35: add virtio-mmio slots

[Stefano Garzarella]

On Tue, Jul 01, 2025 at 02:18:15PM +0200, Oliver Steffen wrote:
>From: Gerd Hoffmann <kraxel@redhat.com>

I would mention SVSM in the commit title.

>
>Add virtio-mmio slots to the q35 machine model, intended to be used by
>an SVSM.
>
>Disabled by default, enable using '-machine q35,x-svsm-virtio-mmio=on'.

I guess we should remove the `x-` after the RFC, right?
And add some documentation.

In the future, we may have several things to configure for SVSM. Should 
we think of some specific object (e.g., svsm-cfg), or rather add 
properties to the machine type as in this case?

>
>When enabled it is possible to plug up to 4 virtio devices into the
>slots virtio-mmio using '-device virtio-${kind}-device'.
>
>The devices can be found at base address 0xfef00000, each slot on a

Disclaimer: I don't have much experience in allocating mmio addresses, 
but why that address?

Should we make it configurable/dynamic?

Thanks,
Stefano

>separate page.  No IRQ is wired up, the SVSM has to drive the devices
>in polling mode.
>
>The base addresses are communicated to the SVSM via the etc/hardware-info
>fw_cfg file.
>
>Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
>Signed-off-by: Oliver Steffen <osteffen@redhat.com>
>---
> hw/i386/pc.c         | 18 +++++++++++++++++-
> hw/i386/pc_q35.c     | 15 +++++++++++++++
> include/hw/i386/pc.h |  1 +
> 3 files changed, 33 insertions(+), 1 deletion(-)
>
>diff --git a/hw/i386/pc.c b/hw/i386/pc.c
>index 432ab288a8..e1dbf8846d 100644
>--- a/hw/i386/pc.c
>+++ b/hw/i386/pc.c
>@@ -1584,6 +1584,21 @@ static void pc_machine_set_smbios_ep(Object *obj, Visitor *v, const char *name,
>     visit_type_SmbiosEntryPointType(v, name, &pcms->smbios_entry_point_type, errp);
> }
>
>+static bool pc_machine_get_svsm_virtio_mmio(Object *obj, Error **errp)
>+{
>+    PCMachineState *pcms = PC_MACHINE(obj);
>+
>+    return pcms->svsm_virtio_mmio;
>+}
>+
>+static void pc_machine_set_svsm_virtio_mmio(Object *obj, bool value,
>+                                            Error **errp)
>+{
>+    PCMachineState *pcms = PC_MACHINE(obj);
>+
>+    pcms->svsm_virtio_mmio = value;
>+}
>+
> static void pc_machine_get_max_ram_below_4g(Object *obj, Visitor *v,
>                                             const char *name, void *opaque,
>                                             Error **errp)
>@@ -1844,7 +1859,8 @@ static void pc_machine_class_init(ObjectClass *oc, const void *data)
>                                           "Set IGVM configuration");
> #endif
>
>-
>+    object_class_property_add_bool(oc, "x-svsm-virtio-mmio",
>+        pc_machine_get_svsm_virtio_mmio, pc_machine_set_svsm_virtio_mmio);
> }
>
> static const TypeInfo pc_machine_info = {
>diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
>index cf871cfdad..b8511ae52a 100644
>--- a/hw/i386/pc_q35.c
>+++ b/hw/i386/pc_q35.c
>@@ -60,7 +60,9 @@
> #include "hw/mem/nvdimm.h"
> #include "hw/uefi/var-service-api.h"
> #include "hw/i386/acpi-build.h"
>+#include "hw/uefi/hardware-info.h"
> #include "target/i386/cpu.h"
>+#include "exec/target_page.h"
>
> /* ICH9 AHCI has 6 ports */
> #define MAX_SATA_PORTS     6
>@@ -335,6 +337,19 @@ static void pc_q35_init(MachineState *machine)
>         }
>     }
> #endif
>+
>+    if (pcms->svsm_virtio_mmio) {
>+        for (int dev = 0; dev < 4; dev++) {
>+            HARDWARE_INFO_SIMPLE_DEVICE hwinfo = {
>+                .mmio_address = cpu_to_le64(0xfef00000 + dev * TARGET_PAGE_SIZE),
>+            };
>+            sysbus_create_simple("virtio-mmio", hwinfo.mmio_address,
>+                                 /* no irq */ NULL);
>+            hardware_info_register(HardwareInfoVirtioMmioSvsm,
>+                                   &hwinfo, sizeof(hwinfo));
>+        }
>+    }
>+
> }
>
> #define DEFINE_Q35_MACHINE(major, minor) \
>diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
>index 79b72c54dd..9c9f947087 100644
>--- a/include/hw/i386/pc.h
>+++ b/include/hw/i386/pc.h
>@@ -51,6 +51,7 @@ typedef struct PCMachineState {
>     bool i8042_enabled;
>     bool default_bus_bypass_iommu;
>     bool fd_bootchk;
>+    bool svsm_virtio_mmio;
>     uint64_t max_fw_size;
>
>     /* ACPI Memory hotplug IO base address */
>-- 
>2.50.0
>

Re: [RFC 2/2] q35: add virtio-mmio slots

[Daniel P. Berrangé]

On Tue, Jul 01, 2025 at 02:18:15PM +0200, Oliver Steffen wrote:
> From: Gerd Hoffmann <kraxel@redhat.com>
> 
> Add virtio-mmio slots to the q35 machine model, intended to be used by
> an SVSM.
> 
> Disabled by default, enable using '-machine q35,x-svsm-virtio-mmio=on'.
> 
> When enabled it is possible to plug up to 4 virtio devices into the
> slots virtio-mmio using '-device virtio-${kind}-device'.
> 
> The devices can be found at base address 0xfef00000, each slot on a
> separate page.  No IRQ is wired up, the SVSM has to drive the devices
> in polling mode.
> 
> The base addresses are communicated to the SVSM via the etc/hardware-info
> fw_cfg file.

This feels a somewhat uncomfortable in that it ties QEMU to specific
impl details of SVSM at a point in time.

With the IGVM support for loading guest firmware, we've avoided QEMU
needing any knowledge of what the firmware actually is. It is just
an opaque blob that is loaded based on its own IGVM metadata. This
also made it possible for any hypervisor with IGVM support to be able
to load any firmware, including SVSM or equiv impls.

It feels like we're snatching defeat from the jaws of victory by
still having to hardcode info about SVSM in QEMU.

Is there any way to extend IGVM to express that it supports these
4 virtio-mmio slots, at the given address in polling mode, so that
hypervisors can auto-discover this facility ?

Failing that, can we make it possible to create virtio-mmio slots
on the QEMU command line, instead of hardcoding this SVSM-specific
setup in QEMU code.

> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Oliver Steffen <osteffen@redhat.com>
> ---
>  hw/i386/pc.c         | 18 +++++++++++++++++-
>  hw/i386/pc_q35.c     | 15 +++++++++++++++
>  include/hw/i386/pc.h |  1 +
>  3 files changed, 33 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 432ab288a8..e1dbf8846d 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -1584,6 +1584,21 @@ static void pc_machine_set_smbios_ep(Object *obj, Visitor *v, const char *name,
>      visit_type_SmbiosEntryPointType(v, name, &pcms->smbios_entry_point_type, errp);
>  }
>  
> +static bool pc_machine_get_svsm_virtio_mmio(Object *obj, Error **errp)
> +{
> +    PCMachineState *pcms = PC_MACHINE(obj);
> +
> +    return pcms->svsm_virtio_mmio;
> +}
> +
> +static void pc_machine_set_svsm_virtio_mmio(Object *obj, bool value,
> +                                            Error **errp)
> +{
> +    PCMachineState *pcms = PC_MACHINE(obj);
> +
> +    pcms->svsm_virtio_mmio = value;
> +}
> +
>  static void pc_machine_get_max_ram_below_4g(Object *obj, Visitor *v,
>                                              const char *name, void *opaque,
>                                              Error **errp)
> @@ -1844,7 +1859,8 @@ static void pc_machine_class_init(ObjectClass *oc, const void *data)
>                                            "Set IGVM configuration");
>  #endif
>  
> -
> +    object_class_property_add_bool(oc, "x-svsm-virtio-mmio",
> +        pc_machine_get_svsm_virtio_mmio, pc_machine_set_svsm_virtio_mmio);
>  }
>  
>  static const TypeInfo pc_machine_info = {
> diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> index cf871cfdad..b8511ae52a 100644
> --- a/hw/i386/pc_q35.c
> +++ b/hw/i386/pc_q35.c
> @@ -60,7 +60,9 @@
>  #include "hw/mem/nvdimm.h"
>  #include "hw/uefi/var-service-api.h"
>  #include "hw/i386/acpi-build.h"
> +#include "hw/uefi/hardware-info.h"
>  #include "target/i386/cpu.h"
> +#include "exec/target_page.h"
>  
>  /* ICH9 AHCI has 6 ports */
>  #define MAX_SATA_PORTS     6
> @@ -335,6 +337,19 @@ static void pc_q35_init(MachineState *machine)
>          }
>      }
>  #endif
> +
> +    if (pcms->svsm_virtio_mmio) {
> +        for (int dev = 0; dev < 4; dev++) {
> +            HARDWARE_INFO_SIMPLE_DEVICE hwinfo = {
> +                .mmio_address = cpu_to_le64(0xfef00000 + dev * TARGET_PAGE_SIZE),
> +            };
> +            sysbus_create_simple("virtio-mmio", hwinfo.mmio_address,
> +                                 /* no irq */ NULL);
> +            hardware_info_register(HardwareInfoVirtioMmioSvsm,
> +                                   &hwinfo, sizeof(hwinfo));
> +        }
> +    }
> +
>  }
>  
>  #define DEFINE_Q35_MACHINE(major, minor) \
> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> index 79b72c54dd..9c9f947087 100644
> --- a/include/hw/i386/pc.h
> +++ b/include/hw/i386/pc.h
> @@ -51,6 +51,7 @@ typedef struct PCMachineState {
>      bool i8042_enabled;
>      bool default_bus_bypass_iommu;
>      bool fd_bootchk;
> +    bool svsm_virtio_mmio;
>      uint64_t max_fw_size;
>  
>      /* ACPI Memory hotplug IO base address */
> -- 
> 2.50.0
> 
> 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [RFC 2/2] q35: add virtio-mmio slots

[Gerd Hoffmann]

On Fri, Aug 01, 2025 at 02:55:28PM +0100, Daniel P. Berrangé wrote:
> On Tue, Jul 01, 2025 at 02:18:15PM +0200, Oliver Steffen wrote:
> > From: Gerd Hoffmann <kraxel@redhat.com>
> > 
> > Add virtio-mmio slots to the q35 machine model, intended to be used by
> > an SVSM.
> > 
> > Disabled by default, enable using '-machine q35,x-svsm-virtio-mmio=on'.
> > 
> > When enabled it is possible to plug up to 4 virtio devices into the
> > slots virtio-mmio using '-device virtio-${kind}-device'.
> > 
> > The devices can be found at base address 0xfef00000, each slot on a
> > separate page.  No IRQ is wired up, the SVSM has to drive the devices
> > in polling mode.
> > 
> > The base addresses are communicated to the SVSM via the etc/hardware-info
> > fw_cfg file.
> 
> This feels a somewhat uncomfortable in that it ties QEMU to specific
> impl details of SVSM at a point in time.
> 
> With the IGVM support for loading guest firmware, we've avoided QEMU
> needing any knowledge of what the firmware actually is. It is just
> an opaque blob that is loaded based on its own IGVM metadata. This
> also made it possible for any hypervisor with IGVM support to be able
> to load any firmware, including SVSM or equiv impls.

Well, there isn't anything svsm-specific in there, it is just that svsm
is the only user right now (and I don't expect that to change anytime
soon).  But we could very well rename the option to "virtio-mmio=on".

> Is there any way to extend IGVM to express that it supports these
> 4 virtio-mmio slots, at the given address in polling mode, so that
> hypervisors can auto-discover this facility ?

You mean some igvm directive requesting that qemu creates virtio-mmio
slots?

Should be possible.  Not sure how much of a win that would actually be
though.  You still have to create the devices and the corresponding
backends on the qemu command line.

> Failing that, can we make it possible to create virtio-mmio slots
> on the QEMU command line, instead of hardcoding this SVSM-specific
> setup in QEMU code.

That would work too.

take care,
  Gerd