Re: [PATCH] Add query-tdx-capabilities

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: Markus Armbruster <armbru@redhat.com>
To: "Marc-André Lureau" <marcandre.lureau@gmail.com>
Cc: "Daniel P. Berrangé" <berrange@redhat.com>,
	qemu-devel@nongnu.org, "Eric Blake" <eblake@redhat.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Marcelo Tosatti" <mtosatti@redhat.com>,
	"open list:X86 KVM CPUs" <kvm@vger.kernel.org>,
	"Eduardo Habkost" <eduardo@habkost.net>,
	"Marcel Apfelbaum" <marcel@redhat.com>,
	"Philippe Mathieu-Daudé" <philmd@linaro.org>,
	"Yanan Wang" <wangyanan55@huawei.com>,
	"Zhao Liu" <zhao1.liu@intel.com>
Subject: Re: [PATCH] Add query-tdx-capabilities
Date: Tue, 03 Feb 2026 08:03:17 +0100	[thread overview]
Message-ID: <87343i71hm.fsf@pond.sub.org> (raw)
In-Reply-To: <CAJ+F1CLR4wt-bA+V+oV6N4iKTK_=Hn8TSD0pP7Uwj=jWHWvZRA@mail.gmail.com> ("Marc-André Lureau"'s message of "Mon, 26 Jan 2026 19:20:29 +0400")

Cc: machine core maintainers for an opinion on query-machines.

Marc-André Lureau <marcandre.lureau@gmail.com> writes:

> Hi
>
> On Fri, Jan 9, 2026 at 4:27 PM Markus Armbruster <armbru@redhat.com> wrote:
>>
>> Daniel P. Berrangé <berrange@redhat.com> writes:
>>
>> > On Fri, Jan 09, 2026 at 11:29:47AM +0100, Markus Armbruster wrote:
>> >> Daniel P. Berrangé <berrange@redhat.com> writes:
>> >>
>> >> > On Fri, Jan 09, 2026 at 11:01:27AM +0100, Markus Armbruster wrote:
>> >> >> Daniel P. Berrangé <berrange@redhat.com> writes:
>> >> >>
>> >> >> > On Fri, Jan 09, 2026 at 10:30:32AM +0100, Markus Armbruster wrote:
>> >> >> >> Daniel P. Berrangé <berrange@redhat.com> writes:
>> >> >> >>
>> >> >> >> > On Tue, Jan 06, 2026 at 10:36:20PM +0400, marcandre.lureau@redhat.com wrote:
>> >> >> >> >> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>> >> >> >> >>
>> >> >> >> >> Return an empty TdxCapability struct, for extensibility and matching
>> >> >> >> >> query-sev-capabilities return type.
>> >> >> >> >>
>> >> >> >> >> Fixes: https://issues.redhat.com/browse/RHEL-129674
>> >> >> >> >> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

[...]

>> >> >> Do management applications need to know more than "this combination of
>> >> >> host + KVM + QEMU can do SEV, yes / no?
>> >> >>
>> >> >> If yes, what do they need?  "No" split up into serval "No, because X"?
>> >> >
>> >> > When libvirt runs  query-sev-capabilities it does not care about the
>> >> > reason for it being unsupported.   Any "GenericError" is considered
>> >> > to mark the lack of host support, and no fine grained checks are
>> >> > performed on the err msg.
>> >> >
>> >> > If query-sev-capabilities succeeds (indicating SEV is supported), then
>> >> > all the returned info is exposed to mgmt apps in the libvirt domain
>> >> > capabilities XML document.
>> >>
>> >> So query-sev-capabilities is good enough as is?
>> >
>> > IIUC, essentially all QEMU errors that could possibly be seen with
>> > query-sev-capabilities are "GenericError" these days, except for
>> > the small possibility of "CommandNotFound".
>> >
>> > The two scenarios with lack of SEV support are covered by GenericError
>> > but I'm concerned that other things that should be considered fatal
>> > will also fall under GenericError.
>> >
>> > eg take a look at qmp_dispatch() and see countless places where we can
>> > return GenericError which ought to be treated as fatal by callers.
>> >
>> > IMHO  "SEV not supported" is not conceptually an error, it is an
>> > expected informational result of query-sev-capabilities, and thus
>> > shouldn't be using the QMP error object, it should have been a
>> > boolean result field.
>>
>> I agree that errors should be used only for "abnormal" outcomes, not for
>> the "no" answer to a simple question like "is SEV available, and if yes,
>> what are its capabilities?"
>>
>> I further agree that encoding "no" as GenericError runs the risk of
>> conflating "no" with other errors.  Since query-sev itself can fail just
>> one way, these can only come from the QMP core.  For the core's syntax
>> and type errors, the risk is only theoretical: just don't do that.
>> Errors triggered by state, like the one in qmp_command_available(), are
>> a bit more worrying.  I think they're easy enough to avoid if you're
>> aware, but "if you're aware" is admittedly rittle.
>>
>> Anyway, that's what we have.  Badly designed, but it seems to be
>> workable.
>>
>> Is the bad enough to justify revising the interface?  I can't see how to
>> do that compatibly.
>>
>> Is it bad enough to justify new interfaces for similar things to be
>> dissimilar?
>>
>
> Maybe query-{sev,tdx,*}-capabilities should only be called when the
> host is actually capable, thus throwing an Error is fine.
>
> What about a new "query-confidential-guest-supports" command that
> checks the host capability and returns ["sev", "tdx", "pef"...] then ?

Some similarity to query-accelerators.  Feels reasonable.

> Or maybe this should be provided at the MachineInfo level instead
> (query-machines).

Also reasonable, I think.  Machine core maintainers, got an opinion?

next prev parent reply	other threads:[~2026-02-03  7:03 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-06 18:36 [PATCH] Add query-tdx-capabilities marcandre.lureau
2026-01-07 10:27 ` Daniel P. Berrangé
2026-01-09  9:30   ` Markus Armbruster
2026-01-09  9:37     ` Daniel P. Berrangé
2026-01-09 10:01       ` Markus Armbruster
2026-01-09 10:07         ` Daniel P. Berrangé
2026-01-09 10:29           ` Markus Armbruster
2026-01-09 10:38             ` Daniel P. Berrangé
2026-01-09 12:26               ` Markus Armbruster
2026-01-26 15:20                 ` Marc-André Lureau
2026-02-03  7:03                   ` Markus Armbruster [this message]
2026-02-09 14:01                     ` Daniel P. Berrangé
2026-02-09 13:55                 ` Marc-André Lureau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87343i71hm.fsf@pond.sub.org \
    --to=armbru@redhat.com \
    --cc=berrange@redhat.com \
    --cc=eblake@redhat.com \
    --cc=eduardo@habkost.net \
    --cc=kvm@vger.kernel.org \
    --cc=marcandre.lureau@gmail.com \
    --cc=marcel@redhat.com \
    --cc=mtosatti@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=philmd@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=wangyanan55@huawei.com \
    --cc=zhao1.liu@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox