From: Markus Armbruster <armbru@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: marcandre.lureau@redhat.com, qemu-devel@nongnu.org,
Eric Blake <eblake@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
"open list:X86 KVM CPUs" <kvm@vger.kernel.org>
Subject: Re: [PATCH] Add query-tdx-capabilities
Date: Fri, 09 Jan 2026 11:01:27 +0100 [thread overview]
Message-ID: <87jyxrksug.fsf@pond.sub.org> (raw)
In-Reply-To: <aWDMU7WOlGIdNush@redhat.com> ("Daniel P. Berrangé"'s message of "Fri, 9 Jan 2026 09:37:23 +0000")
Daniel P. Berrangé <berrange@redhat.com> writes:
> On Fri, Jan 09, 2026 at 10:30:32AM +0100, Markus Armbruster wrote:
>> Daniel P. Berrangé <berrange@redhat.com> writes:
>>
>> > On Tue, Jan 06, 2026 at 10:36:20PM +0400, marcandre.lureau@redhat.com wrote:
>> >> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>> >>
>> >> Return an empty TdxCapability struct, for extensibility and matching
>> >> query-sev-capabilities return type.
>> >>
>> >> Fixes: https://issues.redhat.com/browse/RHEL-129674
>> >> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[...]
>> > This matches the conceptual design used with query-sev-capabilities,
>> > where the lack of SEV support has to be inferred from the command
>> > returning "GenericError".
>>
>> Such guesswork is brittle. An interface requiring it is flawed, and
>> should be improved.
>>
>> Our SEV interface doesn't actually require it: query-sev tells you
>> whether we have SEV. Just run that first.
>
> Actually these commands are intended for different use cases.
>
> "query-sev" only returns info if you have launched qemu with
>
> $QEMU -object sev-guest,id=cgs0 -machine confidential-guest-support=cgs0
>
> The goal of "query-sev-capabilities" is to allow you to determine
> if the combination of host+kvm+qemu are capable of running a guest
> with "sev-guest".
>
> IOW, query-sev-capabilities alone is what you want/need in order
> to probe host features.
>
> query-sev is for examining running guest configuration
The doc comments fail to explain this. Needs fixing.
Do management applications need to know more than "this combination of
host + KVM + QEMU can do SEV, yes / no?
If yes, what do they need? "No" split up into serval "No, because X"?
I'd like to propose that "human user of management application needs to
know more to debug things" does not count. The error's @desc should
tell them all they need.
>> This patch adds query-tdx-capabilities without query-tdx. This results
>> in a flawed interface.
>>
>> Should we add a query-tdx instead?
>
> No, per the above explanation of the differences.
Got it.
[...]
next prev parent reply other threads:[~2026-01-09 10:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-06 18:36 [PATCH] Add query-tdx-capabilities marcandre.lureau
2026-01-07 10:27 ` Daniel P. Berrangé
2026-01-09 9:30 ` Markus Armbruster
2026-01-09 9:37 ` Daniel P. Berrangé
2026-01-09 10:01 ` Markus Armbruster [this message]
2026-01-09 10:07 ` Daniel P. Berrangé
2026-01-09 10:29 ` Markus Armbruster
2026-01-09 10:38 ` Daniel P. Berrangé
2026-01-09 12:26 ` Markus Armbruster
2026-01-26 15:20 ` Marc-André Lureau
2026-02-03 7:03 ` Markus Armbruster
2026-02-09 14:01 ` Daniel P. Berrangé
2026-02-09 13:55 ` Marc-André Lureau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87jyxrksug.fsf@pond.sub.org \
--to=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=marcandre.lureau@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox