From: "Daniel P. Berrangé" <berrange@redhat.com>
To: "Naveen N Rao (AMD)" <naveen@kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
qemu-devel <qemu-devel@nongnu.org>,
Eduardo Habkost <eduardo@habkost.net>,
Eric Blake <eblake@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
Zhao Liu <zhao1.liu@intel.com>,
Nikunj A Dadhania <nikunj@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>,
Roy Hopkins <roy.hopkins@randomman.co.uk>,
Srikanth Aithal <srikanth.aithal@amd.com>,
Kim Phillips <kim.phillips@amd.com>,
Joerg Roedel <joro@8bytes.org>
Subject: Re: [PATCH v4 2/9] target/i386: SEV: Ensure SEV features are only set through qemu cli or IGVM
Date: Tue, 9 Jun 2026 10:14:11 +0100 [thread overview]
Message-ID: <aifZY1h55L4jxGeO@redhat.com> (raw)
In-Reply-To: <6939de99f13d7170af68b74e711eb9f03f32f682.1779281646.git.naveen@kernel.org>
On Wed, May 20, 2026 at 06:57:55PM +0530, Naveen N Rao (AMD) wrote:
> In preparation for qemu being able to set SEV features through the cli,
> add a check to ensure that SEV features are not also set if using IGVM
> files.
>
> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org>
> ---
> target/i386/sev.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 22c350fe14b7..641a295c42b7 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -1908,6 +1908,16 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
> * as SEV_STATE_UNINIT.
> */
> if (x86machine->igvm) {
> + /*
> + * Test only the user-set SEV features by masking out
> + * SVM_SEV_FEAT_SNP_ACTIVE which is set by default.
> + */
> + if (sev_common->sev_features & ~SVM_SEV_FEAT_SNP_ACTIVE) {
> + error_setg(errp,
> + "%s: SEV features can't be specified when using IGVM files",
> + __func__);
IMHO, including __func__ in error messages is redundant / undesirable.
The error msg alone should be sufficient to diagnose problems.Perhaps
we should include the actual feature values though
"SEV features 0x%x can't be specified when using IGVM files",
sev_common->sev_features & ~SVM_SEV_FEAT_SNP_ACTIVE);
this case, however, you should report which features are not permitted
> + return -1;
> + }
> if (IGVM_CFG_GET_CLASS(x86machine->igvm)
> ->process(x86machine->igvm, machine, true, errp) == -1) {
> return -1;
> --
> 2.54.0
>
>
With regards,
Daniel
--
|: https://berrange.com ~~ https://hachyderm.io/@berrange :|
|: https://libvirt.org ~~ https://entangle-photo.org :|
|: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|
next prev parent reply other threads:[~2026-06-09 9:14 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-20 13:27 [PATCH v4 0/9] target/i386: SEV: Add support for enabling VMSA SEV features Naveen N Rao (AMD)
2026-05-20 13:27 ` [PATCH v4 1/9] target/i386: SEV: Generalize handling of SVM_SEV_FEAT_SNP_ACTIVE Naveen N Rao (AMD)
2026-05-20 13:27 ` [PATCH v4 2/9] target/i386: SEV: Ensure SEV features are only set through qemu cli or IGVM Naveen N Rao (AMD)
2026-06-09 9:14 ` Daniel P. Berrangé [this message]
2026-05-20 13:27 ` [PATCH v4 3/9] target/i386: SEV: Consolidate SEV feature validation to common init path Naveen N Rao (AMD)
2026-05-20 13:27 ` [PATCH v4 4/9] target/i386: SEV: Validate that SEV-ES is enabled when VMSA features are used Naveen N Rao (AMD)
2026-05-20 13:27 ` [PATCH v4 5/9] target/i386: SEV: Enable use of KVM_SEV_INIT2 for SEV-ES guests Naveen N Rao (AMD)
2026-05-20 13:27 ` [PATCH v4 6/9] target/i386: SEV: Add support for enabling debug-swap SEV feature Naveen N Rao (AMD)
2026-06-01 11:52 ` Markus Armbruster
2026-06-02 7:26 ` Naveen N Rao
2026-05-20 13:28 ` [PATCH v4 7/9] target/i386: SEV: Add support for enabling Secure TSC " Naveen N Rao (AMD)
2026-05-20 13:28 ` [PATCH v4 8/9] target/i386: SEV: Add support for setting TSC frequency for Secure TSC Naveen N Rao (AMD)
2026-05-20 13:28 ` [PATCH v4 9/9] target/i386: SEV: Refactor check_sev_features() Naveen N Rao (AMD)
2026-06-09 7:50 ` [PATCH v4 0/9] target/i386: SEV: Add support for enabling VMSA SEV features Naveen N Rao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aifZY1h55L4jxGeO@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=eduardo@habkost.net \
--cc=joro@8bytes.org \
--cc=kim.phillips@amd.com \
--cc=michael.roth@amd.com \
--cc=mtosatti@redhat.com \
--cc=naveen@kernel.org \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=roy.hopkins@randomman.co.uk \
--cc=srikanth.aithal@amd.com \
--cc=thomas.lendacky@amd.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.