RE: [PATCH rfcv4 06/13] qemu: Add command line and validation for TDX type

-----Original Message----- From: Daniel P. Berrangé <berrange(a)redhat.com&gt; Subject: Re: [PATCH rfcv4 06/13] qemu: Add command line and validation for TDX type On Fri, May 24, 2024 at 02:21:21PM +0800, Zhenzhong Duan wrote: > QEMU will provides 'tdx-guest' object which is used to launch encrypted > VMs on Intel platform using TDX feature. > > Command line looks like: > $QEMU ... \ > -object '{"qom-type":"tdx-guest","id":"lsec0","debug":true,"sept-ve- disable":false,"mrconfigid":"xxx","mrowner":"xxx","mrownerconfig":"xxx"}' \ > -machine pc-q35-6.0,confidential-guest-support=lsec0 > > Signed-off-by: Zhenzhong Duan <zhenzhong.duan(a)intel.com&gt; > --- > src/conf/domain_conf.h | 5 +++++ > src/qemu/qemu_command.c | 31 +++++++++++++++++++++++++++++++ > src/qemu/qemu_validate.c | 11 +++++++++++ > 3 files changed, 47 insertions(+) > > diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h > index 7882b7a75d..bb4973fce8 100644 > --- a/src/conf/domain_conf.h > +++ b/src/conf/domain_conf.h > @@ -2880,6 +2880,11 @@ struct _virDomainTDXDef { > char *mrownerconfig; > }; > > +#define VIR_DOMAIN_TDX_POLICY_DEBUG 0x1 > +#define VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE 0x10000000 > +#define VIR_DOMAIN_TDX_POLICY_ALLOWED_MASK (VIR_DOMAIN_TDX_POLICY_DEBUG | \ > + VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE) > + > struct _virDomainSecDef { > virDomainLaunchSecurity sectype; > union { > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c > index dde2d5fa01..d212d80038 100644 > --- a/src/qemu/qemu_command.c > +++ b/src/qemu/qemu_command.c > @@ -9745,6 +9745,36 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd) > } > > > +static int > +qemuBuildTDXCommandLine(virDomainObj *vm, virCommand *cmd, > + virDomainTDXDef *tdx) > +{ > + g_autoptr(virJSONValue) props = NULL; > + qemuDomainObjPrivate *priv = vm->privateData; > + bool sept_ve_disable = tdx->policy & VIR_DOMAIN_TDX_POLICY_SEPT_VE_DISABLE; > + > + VIR_DEBUG("policy=0x%llx", tdx->policy); > + > + if (qemuMonitorCreateObjectProps(&props, "tdx-guest", "lsec0", > + "B:debug", !!(tdx->policy & VIR_DOMAIN_TDX_POLICY_DEBUG), > + "S:mrconfigid", tdx->mrconfigid, > + "S:mrowner", tdx->mrowner, > + "S:mrownerconfig", tdx->mrownerconfig, > + NULL) < 0) > + return -1; I like that you've just exposed the "policy" as an int field in libvirt, but find it unpleasant that we have to unpack it to pass bits to QEMU, whereupon QEMU re-packs it into the original int field we already had.

I think this is a mistake in the QEMU QAPI design - QEMU shoud just accept the policy in 'int' format. I've CC'd you on a mail to qemu-devel where I raise this point.