Re: [RFC PATCH 3/7] target/i386: SEV: Add support for enabling debug-swap SEV feature

Mon, 15 Sep 2025 07:28:38 -0700 

Hi Markus,

On Fri, Sep 12, 2025 at 01:20:43PM +0200, Markus Armbruster wrote:
> "Naveen N Rao (AMD)" <[email protected]> writes:
> 
> > Add support for enabling debug-swap VMSA SEV feature in SEV-ES and
> > SEV-SNP guests through a new "debug-swap" boolean property on SEV guest
> > objects. Though the boolean property is available for plain SEV guests,
> > check_sev_features() will reject setting this for plain SEV guests.
> 
> Let's see whether I understand...
> 
> It's a property of sev-guest and sev-snp-guest objects.  These are the
> "SEV guest objects".
> 
> I guess a sev-snp-guest object implies it's a SEV-SNP guest, and setting
> @debug-swap on such an object just works.
> 
> With a sev-guest object, it's either a "plain SEV guest" or a "SEV-ES"
> guest.
> 
> If it's the latter, setting @debug-swap just works.
> 
> If it's the former, and you set @debug-swap to true, then KVM
> accelerator initialization will fail later on.  This might trigger
> fallback to TCG.
> 
> Am I confused?

You're spot on, except that in the last case above (plain old SEV 
guest), qemu throws an error:
        qemu-system-x86_64: check_sev_features: SEV features require either 
SEV-ES or SEV-SNP to be enabled

> 
> > Add helpers for setting and querying the VMSA SEV features so that they
> > can be re-used for subsequent VMSA SEV features, and convert the
> > existing SVM_SEV_FEAT_SNP_ACTIVE definition to use the BIT() macro for
> > consistency with the new feature flag.
> >
> > Sample command-line:
> >   -machine q35,confidential-guest-support=sev0 \
> >   -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,debug-swap=on
> >
> > Signed-off-by: Naveen N Rao (AMD) <[email protected]>
> 
> [...]
> 
> > diff --git a/qapi/qom.json b/qapi/qom.json
> > index 830cb2ffe781..71cd8ad588b5 100644
> > --- a/qapi/qom.json
> > +++ b/qapi/qom.json
> > @@ -1010,13 +1010,17 @@
> >  #     designated guest firmware page for measured boot with -kernel
> >  #     (default: false) (since 6.2)
> >  #
> > +# @debug-swap: enable virtualization of debug registers (default: false)
> > +#              (since 10.2)
> 
> Please indent like this:
> 
>    # @debug-swap: enable virtualization of debug registers
>    #     (default: false) (since 10.2)

Sure.

Thanks for the review,
- Naveen

Reply via email to