On 9/18/25 05:27, Naveen N Rao (AMD) wrote:
> Add support for enabling debug-swap VMSA SEV feature in SEV-ES and
> SEV-SNP guests through a new "debug-swap" boolean property on SEV guest
> objects. Though the boolean property is available for plain SEV guests,
> check_sev_features() will reject setting this for plain SEV guests.
>
> Sample command-line:
> -machine q35,confidential-guest-support=sev0 \
> -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,debug-swap=on
>
> Signed-off-by: Naveen N Rao (AMD) <nav...@kernel.org>
The actual feature name in the APM is DebugVirtualization, but we have
debug_swap in KVM... so I guess it's ok to use debug-swap.
Reviewed-by: Tom Lendacky <thomas.lenda...@amd.com>
> ---
> target/i386/sev.h | 1 +
> target/i386/sev.c | 20 ++++++++++++++++++++
> qapi/qom.json | 6 +++++-
> 3 files changed, 26 insertions(+), 1 deletion(-)
>
> diff --git a/target/i386/sev.h b/target/i386/sev.h
> index 102546b112d6..8e09b2ce1976 100644
> --- a/target/i386/sev.h
> +++ b/target/i386/sev.h
> @@ -45,6 +45,7 @@ bool sev_snp_enabled(void);
> #define SEV_SNP_POLICY_DBG 0x80000
>
> #define SVM_SEV_FEAT_SNP_ACTIVE BIT(0)
> +#define SVM_SEV_FEAT_DEBUG_SWAP BIT(5)
>
> typedef struct SevKernelLoaderContext {
> char *setup_data;
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index f6e4333922ea..4f1b0bf6ccc8 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -319,6 +319,11 @@ sev_set_guest_state(SevCommonState *sev_common, SevState
> new_state)
> sev_common->state = new_state;
> }
>
> +static bool is_sev_feature_set(SevCommonState *sev_common, uint64_t feature)
> +{
> + return !!(sev_common->sev_features & feature);
> +}
> +
> static void sev_set_feature(SevCommonState *sev_common, uint64_t feature,
> bool set)
> {
> if (set) {
> @@ -2741,6 +2746,16 @@ static int
> cgs_set_guest_policy(ConfidentialGuestPolicyType policy_type,
> return 0;
> }
>
> +static bool sev_common_get_debug_swap(Object *obj, Error **errp)
> +{
> + return is_sev_feature_set(SEV_COMMON(obj), SVM_SEV_FEAT_DEBUG_SWAP);
> +}
> +
> +static void sev_common_set_debug_swap(Object *obj, bool value, Error **errp)
> +{
> + sev_set_feature(SEV_COMMON(obj), SVM_SEV_FEAT_DEBUG_SWAP, value);
> +}
> +
> static void
> sev_common_class_init(ObjectClass *oc, const void *data)
> {
> @@ -2758,6 +2773,11 @@ sev_common_class_init(ObjectClass *oc, const void
> *data)
> sev_common_set_kernel_hashes);
> object_class_property_set_description(oc, "kernel-hashes",
> "add kernel hashes to guest firmware for measured Linux boot");
> + object_class_property_add_bool(oc, "debug-swap",
> + sev_common_get_debug_swap,
> + sev_common_set_debug_swap);
> + object_class_property_set_description(oc, "debug-swap",
> + "enable virtualization of debug registers");
> }
>
> static void
> diff --git a/qapi/qom.json b/qapi/qom.json
> index 830cb2ffe781..df962d4a5215 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -1010,13 +1010,17 @@
> # designated guest firmware page for measured boot with -kernel
> # (default: false) (since 6.2)
> #
> +# @debug-swap: enable virtualization of debug registers
> +# (default: false) (since 10.2)
> +#
> # Since: 9.1
> ##
> { 'struct': 'SevCommonProperties',
> 'data': { '*sev-device': 'str',
> '*cbitpos': 'uint32',
> 'reduced-phys-bits': 'uint32',
> - '*kernel-hashes': 'bool' } }
> + '*kernel-hashes': 'bool',
> + '*debug-swap': 'bool' } }
>
> ##
> # @SevGuestProperties:
