From: Tom Lendacky <thomas.lendacky@amd.com>
To: "Naveen N Rao (AMD)" <naveen@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>
Cc: qemu-devel <qemu-devel@nongnu.org>,
kvm@vger.kernel.org, "Daniel P. Berrange" <berrange@redhat.com>,
Eduardo Habkost <eduardo@habkost.net>,
Eric Blake <eblake@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
Zhao Liu <zhao1.liu@intel.com>,
Nikunj A Dadhania <nikunj@amd.com>,
Michael Roth <michael.roth@amd.com>,
Neeraj Upadhyay <neeraj.upadhyay@amd.com>,
Roy Hopkins <roy.hopkins@randomman.co.uk>
Subject: Re: [RFC PATCH 3/7] target/i386: SEV: Add support for enabling debug-swap SEV feature
Date: Fri, 12 Sep 2025 08:50:28 -0500 [thread overview]
Message-ID: <98064a4a-41d7-4071-893e-4cced0afb66a@amd.com> (raw)
In-Reply-To: <0a77cf472bc36fee7c1be78fc7d6d514d22bca9a.1757589490.git.naveen@kernel.org>
On 9/11/25 06:54, Naveen N Rao (AMD) wrote:
> Add support for enabling debug-swap VMSA SEV feature in SEV-ES and
> SEV-SNP guests through a new "debug-swap" boolean property on SEV guest
> objects. Though the boolean property is available for plain SEV guests,
> check_sev_features() will reject setting this for plain SEV guests.
>
> Add helpers for setting and querying the VMSA SEV features so that they
> can be re-used for subsequent VMSA SEV features, and convert the
> existing SVM_SEV_FEAT_SNP_ACTIVE definition to use the BIT() macro for
> consistency with the new feature flag.
>
> Sample command-line:
> -machine q35,confidential-guest-support=sev0 \
> -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,debug-swap=on
>
> Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org>
Should you convert the setting/checking of SVM_SEV_FEAT_SNP_ACTIVE in the
first patch (and wherever else it might be used), too?
If you do, then it would split this into two patches, one that adds the
helpers and converts existing accesses to sev_features and then the new
debug_swap parameter.
Thanks,
Tom
> ---
> target/i386/sev.h | 3 ++-
> target/i386/sev.c | 29 +++++++++++++++++++++++++++++
> qapi/qom.json | 6 +++++-
> 3 files changed, 36 insertions(+), 2 deletions(-)
>
> diff --git a/target/i386/sev.h b/target/i386/sev.h
> index 9db1a802f6bb..8e09b2ce1976 100644
> --- a/target/i386/sev.h
> +++ b/target/i386/sev.h
> @@ -44,7 +44,8 @@ bool sev_snp_enabled(void);
> #define SEV_SNP_POLICY_SMT 0x10000
> #define SEV_SNP_POLICY_DBG 0x80000
>
> -#define SVM_SEV_FEAT_SNP_ACTIVE 1
> +#define SVM_SEV_FEAT_SNP_ACTIVE BIT(0)
> +#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5)
>
> typedef struct SevKernelLoaderContext {
> char *setup_data;
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index fa23b5c38e9b..b3e4d0f2c1d5 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -319,6 +319,20 @@ sev_set_guest_state(SevCommonState *sev_common, SevState new_state)
> sev_common->state = new_state;
> }
>
> +static bool is_sev_feature_set(SevCommonState *sev_common, uint64_t feature)
> +{
> + return !!(sev_common->sev_features & feature);
> +}
> +
> +static void sev_set_feature(SevCommonState *sev_common, uint64_t feature, bool value)
> +{
> + if (value) {
> + sev_common->sev_features |= feature;
> + } else {
> + sev_common->sev_features &= ~feature;
> + }
> +}
> +
> static void
> sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size,
> size_t max_size)
> @@ -2732,6 +2746,16 @@ static int cgs_set_guest_policy(ConfidentialGuestPolicyType policy_type,
> return 0;
> }
>
> +static bool sev_common_get_debug_swap(Object *obj, Error **errp)
> +{
> + return is_sev_feature_set(SEV_COMMON(obj), SVM_SEV_FEAT_DEBUG_SWAP);
> +}
> +
> +static void sev_common_set_debug_swap(Object *obj, bool value, Error **errp)
> +{
> + sev_set_feature(SEV_COMMON(obj), SVM_SEV_FEAT_DEBUG_SWAP, value);
> +}
> +
> static void
> sev_common_class_init(ObjectClass *oc, const void *data)
> {
> @@ -2749,6 +2773,11 @@ sev_common_class_init(ObjectClass *oc, const void *data)
> sev_common_set_kernel_hashes);
> object_class_property_set_description(oc, "kernel-hashes",
> "add kernel hashes to guest firmware for measured Linux boot");
> + object_class_property_add_bool(oc, "debug-swap",
> + sev_common_get_debug_swap,
> + sev_common_set_debug_swap);
> + object_class_property_set_description(oc, "debug-swap",
> + "enable virtualization of debug registers");
> }
>
> static void
> diff --git a/qapi/qom.json b/qapi/qom.json
> index 830cb2ffe781..71cd8ad588b5 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -1010,13 +1010,17 @@
> # designated guest firmware page for measured boot with -kernel
> # (default: false) (since 6.2)
> #
> +# @debug-swap: enable virtualization of debug registers (default: false)
> +# (since 10.2)
> +#
> # Since: 9.1
> ##
> { 'struct': 'SevCommonProperties',
> 'data': { '*sev-device': 'str',
> '*cbitpos': 'uint32',
> 'reduced-phys-bits': 'uint32',
> - '*kernel-hashes': 'bool' } }
> + '*kernel-hashes': 'bool',
> + '*debug-swap': 'bool' } }
>
> ##
> # @SevGuestProperties:
next prev parent reply other threads:[~2025-09-12 13:50 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-11 11:54 [RFC PATCH 0/7] target/i386: SEV: Add support for enabling VMSA SEV features Naveen N Rao (AMD)
2025-09-11 11:54 ` [RFC PATCH 1/7] target/i386: SEV: Consolidate SEV feature validation to common init path Naveen N Rao (AMD)
2025-09-12 13:39 ` Tom Lendacky
2025-09-15 14:19 ` Naveen N Rao
2025-09-11 11:54 ` [RFC PATCH 2/7] target/i386: SEV: Validate that SEV-ES is enabled when VMSA features are used Naveen N Rao (AMD)
2025-09-12 13:40 ` Tom Lendacky
2025-09-11 11:54 ` [RFC PATCH 3/7] target/i386: SEV: Add support for enabling debug-swap SEV feature Naveen N Rao (AMD)
2025-09-12 11:20 ` Markus Armbruster
2025-09-15 14:25 ` Naveen N Rao
2025-09-16 12:46 ` Markus Armbruster
2025-09-16 15:03 ` Daniel P. Berrangé
2025-09-12 13:50 ` Tom Lendacky [this message]
2025-09-15 14:25 ` Naveen N Rao
2025-09-11 11:54 ` [RFC PATCH 4/7] target/i386: SEV: Enable use of KVM_SEV_INIT2 for SEV-ES guests Naveen N Rao (AMD)
2025-09-11 11:54 ` [RFC PATCH 5/7] target/i386: SEV: Add support for enabling Secure TSC SEV feature Naveen N Rao (AMD)
2025-09-12 14:14 ` Tom Lendacky
2025-09-11 11:54 ` [RFC PATCH 6/7] target/i386: SEV: Add support for setting TSC frequency for Secure TSC Naveen N Rao (AMD)
2025-09-12 11:22 ` Markus Armbruster
2025-09-11 11:54 ` [RFC PATCH 7/7] target/i386: SEV: Add support for enabling Secure AVIC SEV feature Naveen N Rao (AMD)
2025-09-12 14:17 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=98064a4a-41d7-4071-893e-4cced0afb66a@amd.com \
--to=thomas.lendacky@amd.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=eduardo@habkost.net \
--cc=kvm@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mtosatti@redhat.com \
--cc=naveen@kernel.org \
--cc=neeraj.upadhyay@amd.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=roy.hopkins@randomman.co.uk \
--cc=seanjc@google.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox