On Mon, Jun 01, 2026 at 01:52:00PM +0200, Markus Armbruster wrote: > "Naveen N Rao (AMD)" <[email protected]> writes: > > > Add support for enabling debug-swap VMSA SEV feature in SEV-ES and > > SEV-SNP guests through a new "debug-swap" boolean property on SEV guest > > objects. Though the boolean property is available for plain SEV guests, > > check_sev_features() has a check that rejects attempts to enable any SEV > > feature for a plain SEV guest. > > Why does it make sense to add the property to objects where it's not > supported?
Primarily to minimize changes. The restriction is only until the workaround is implemented for which I have posted a patch just now: https://lore.kernel.org/qemu-devel/[email protected]/T/#u I didn't want to move the property to sev-snp-object only to move it back again subsequently. > > > Though this SEV feature is called "Debug virtualization" in the APM, KVM > > calls this "debug swap" so use the same name for consistency. > > Thanks for explaining this. > > > Sample command-line: > > -machine q35,confidential-guest-support=sev0 \ > > -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,debug-swap=on > > > > Restrict debug-swap to SEV-SNP guests at this time due to a > > compatibility issue with SEV-ES pflash devices. > > What are these issues? Explained in the patch I posted today (please see above for the link). > > > Signed-off-by: Naveen N Rao (AMD) <[email protected]> > > --- > > target/i386/sev.h | 1 + > > target/i386/sev.c | 26 ++++++++++++++++++++++++++ > > qapi/qom.json | 7 ++++++- > > 3 files changed, 33 insertions(+), 1 deletion(-) > > > > diff --git a/target/i386/sev.h b/target/i386/sev.h > > index b84ca3ce0b67..d19a39669747 100644 > > --- a/target/i386/sev.h > > +++ b/target/i386/sev.h > > @@ -47,6 +47,7 @@ bool sev_snp_enabled(void); > > #define SEV_SNP_POLICY_DBG 0x80000 > > > > #define SVM_SEV_FEAT_SNP_ACTIVE BIT(0) > > +#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5) > > > > typedef struct SevKernelLoaderContext { > > char *setup_data; > > diff --git a/target/i386/sev.c b/target/i386/sev.c > > index 4553fe4d6e4a..4532b1b6a484 100644 > > --- a/target/i386/sev.c > > +++ b/target/i386/sev.c > > @@ -328,6 +328,11 @@ sev_set_guest_state(SevCommonState *sev_common, > > SevState new_state) > > sev_common->state = new_state; > > } > > > > +static bool is_sev_feature_set(SevCommonState *sev_common, uint64_t > > feature) > > +{ > > + return !!(sev_common->sev_features & feature); > > +} > > + > > static void sev_set_feature(SevCommonState *sev_common, uint64_t feature, > > bool set) > > { > > if (set) { > > @@ -527,6 +532,12 @@ static int check_sev_features(SevCommonState > > *sev_common, uint64_t sev_features, > > __func__); > > return -1; > > } > > + if (sev_features && sev_es_enabled() && !sev_snp_enabled()) { > > + error_setg(errp, > > + "%s: SEV features are not supported with SEV-ES at this > > time", > > + __func__); > > Once again, I'm confused about SEV. Remind me: what kinds of SEV guests > exist? The commit message suggests "plain", "ES", "SNP". What do > sev_es_enabled() and sev_snp_enabled() return for each of these? Right, SEV (plain) is encrypted-memory guests, SEV-ES is SEV with Encrypted register State, SEV-SNP is SEV-ES with Secure Nested Paging. sev_es_enabled() returns true for SEV-ES and SEV-SNP guests. > > What are the "SEV features"? Can we expect users to know? I suspect > they need to know to fix the problem! > > Are they exactly debug-swap? Yes, users should know that since they need to enable those explicitly. Guests will need to support those features too. Debug-swap is one, Secure-TSC is another (support for which is also added in this series), then there is Secure-AVIC and many others (documented in AMD APM). > > __func__ in an error message meant for users is an anti-pattern. Not an > objection to this patch; it matches existing errors around here. > > > + return -1; > > + } > > if (sev_features && !sev_es_enabled()) { > > error_setg(errp, > > "%s: SEV features require either SEV-ES or SEV-SNP to > > be enabled", > > @@ -2800,6 +2811,16 @@ static int > > cgs_set_guest_policy(ConfidentialGuestPolicyType policy_type, > > return 0; > > } > > > > +static bool sev_common_get_debug_swap(Object *obj, Error **errp) > > +{ > > + return is_sev_feature_set(SEV_COMMON(obj), SVM_SEV_FEAT_DEBUG_SWAP); > > +} > > + > > +static void sev_common_set_debug_swap(Object *obj, bool value, Error > > **errp) > > +{ > > + sev_set_feature(SEV_COMMON(obj), SVM_SEV_FEAT_DEBUG_SWAP, value); > > +} > > + > > static void > > sev_common_class_init(ObjectClass *oc, const void *data) > > { > > @@ -2825,6 +2846,11 @@ sev_common_class_init(ObjectClass *oc, const void > > *data) > > sev_common_set_kernel_hashes); > > object_class_property_set_description(oc, "kernel-hashes", > > "add kernel hashes to guest firmware for measured Linux boot"); > > + object_class_property_add_bool(oc, "debug-swap", > > + sev_common_get_debug_swap, > > + sev_common_set_debug_swap); > > + object_class_property_set_description(oc, "debug-swap", > > + "enable virtualization of debug registers"); > > } > > > > static void > > diff --git a/qapi/qom.json b/qapi/qom.json > > index dd45ac1087c3..e2bb716b603e 100644 > > --- a/qapi/qom.json > > +++ b/qapi/qom.json > > @@ -1017,6 +1017,10 @@ > > # designated guest firmware page for measured boot with -kernel > > # (default: false) (since 6.2) > > # > > +# @debug-swap: enable virtualization of debug registers, > > +# only supported on SEV-ES and SEV-SNP guests > > +# (default: false) (since 11.1) > > +# > > # Features: > > # > > # @confidential-guest-reset: If present, the hypervisor supports > > @@ -1028,7 +1032,8 @@ > > 'data': { '*sev-device': 'str', > > '*cbitpos': 'uint32', > > 'reduced-phys-bits': 'uint32', > > - '*kernel-hashes': 'bool' }, > > + '*kernel-hashes': 'bool', > > + '*debug-swap': 'bool' }, > > 'features': ['confidential-guest-reset']} > > > > ## > > This is SevCommonProperties, the common base type of SevGuestProperties > (configuration for sev-guest QOM objects) and SevSnpGuestProperties > (sev-snp-guest objects). > > So, all SEV objects have property @debug-swap. I figure the check you > add to check_sev_features() rejects it for certain SEV objects. I don't > quite understand for which ones. The check above rejects it for SEV-ES guests. There is a generic check added in patch 4/9 which rejects any and add SEV features for plain SEV guests. - Naveen
