From nobody Fri Nov 21 10:11:44 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1763639997; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Yj+AiiU2XU9+Qa6dHxxYa4K57h7p91t9YL1IiQEgsRsBKC/nj2rvhUSQ2CIJv1/0BB5Q7mLrkm+KBXJ84FYrfr/H4vd8tIpiOrypFLh4CAhPsAJN92DXpgXpyh24PNbVCCvWCLKgOiiaWkXJKAwaG51zY8axfDWahNvbA9aX/gQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1763639997;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id;
	bh=yEIXGME0vjkXXN9vfx1jS4S6rWD3cmlFioWYl9CKNrk=;
	b=XS4L/oTZfz76992OiwiPrldXTZVDZzNTwADir7brSt/91vLVzDMWDd7+wLSMRAj1yrGDQCS7baCR2XIu/eLLEPQcQC1CNzrHO7zpgTp11CnO4ly2boa+sJ3pfwCpcDQrsYpw4zlPbdAsR83V+yEiXS40A1VK9TdCY5P2ujfbCn0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1763639997842217.57863849420403;
 Thu, 20 Nov 2025 03:59:57 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 267AD43E2A; Thu, 20 Nov 2025 06:59:57 -0500 (EST)
Received: from [172.19.199.53] (lists.libvirt.org [8.43.85.245])
	by lists.libvirt.org (Postfix) with ESMTP id 1734643E62;
	Thu, 20 Nov 2025 06:58:18 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 6B0F141BED; Thu, 20 Nov 2025 06:58:03 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest
 SHA256)
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 869A341BD7
	for <devel@lists.libvirt.org>; Thu, 20 Nov 2025 06:58:02 -0500 (EST)
Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-544-OkEwZCbfNHCmNTkGnnHCwA-1; Thu,
 20 Nov 2025 06:58:00 -0500
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id C6287195608E
	for <devel@lists.libvirt.org>; Thu, 20 Nov 2025 11:57:59 +0000 (UTC)
Received: from toolbx.redhat.com (unknown [10.42.28.114])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 3CEED30044DB;
	Thu, 20 Nov 2025 11:57:57 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1763639882;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=yEIXGME0vjkXXN9vfx1jS4S6rWD3cmlFioWYl9CKNrk=;
	b=X3z+DG8FlqZ5CFvYI8twEXrRf6yV9xKTN4iUe8YJIszymcjjqWWY+fAUx26w+0JUMILKh+
	wsOS/2LKqnSpmvyu4jXo0Bwv09ifjEzIELK7dIOSy7x7/uf1+fL9nLhhrL0xFaxlhl1o0a
	5G2ai2ujEUoBCtTwlcR8Q/kvDr3ARL0=
X-MC-Unique: OkEwZCbfNHCmNTkGnnHCwA-1
X-Mimecast-MFC-AGG-ID: OkEwZCbfNHCmNTkGnnHCwA_1763639879
To: devel@lists.libvirt.org
Subject: [PATCH 1/2] qemu: correctly detect working TDX support
Date: Thu, 20 Nov 2025 11:57:53 +0000
Message-ID: <20251120115754.3528749-2-berrange@redhat.com>
In-Reply-To: <20251120115754.3528749-1-berrange@redhat.com>
References: <20251120115754.3528749-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: TrWxFQrft5MyOMr2i8kWJ1ADwtyMM0zhrek9WaBzzKM_1763639879
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: J7AGA6JWELCEU6G3LPMZQTSFJ3KE6LOZ
X-Message-ID-Hash: J7AGA6JWELCEU6G3LPMZQTSFJ3KE6LOZ
X-MailFrom: berrange@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-devel.lists.libvirt.org-0; emergency;
 member-moderation; nonmember-moderation; administrivia; implicit-dest;
 max-recipients; max-size; news-moderation; no-subject; digests;
 suspicious-header
CC: Paolo Bonzini <pbonzini@redhat.com>
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/J7AGA6JWELCEU6G3LPMZQTSFJ3KE6LOZ/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Owner: <mailto:devel-owner@lists.libvirt.org>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9_via_Devel?=
 <devel@lists.libvirt.org>
Reply-To: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1763640000909018900

From: Daniel P. Berrang=C3=A9 <berrange@redhat.com>

Querying existence of the 'tdx-guest' type merely tells us whether
QEMU has been compiled with TDX support, not whether it is usable
on the host. Thus QEMU was incorrectly reporting

    <tdx supported=3D'yes'/>
    ...
    <launchSecurity supported=3D'yes'>
      <enum name=3D'sectype'>
        <value>tdx</value>
      </enum>
    </launchSecurity>

on every platform with new enough QEMU.

Unfortunately an earlier patch for a 'query-tdx-capabilities' QMP
command in QEMU was dropped, so there is no way to ask QEMU whether
it can launch a TDX guest. Libvirt must directly query the KVM
device and ask for supported VM types.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_capabilities.c | 60 ++++++++++++++++++++++++++++++++++++
 src/qemu/qemu_capabilities.h |  3 ++
 tests/domaincapsmock.c       |  6 ++++
 3 files changed, 69 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 205bf3d0b8..67fe5d7acf 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -54,11 +54,16 @@
 # include <sys/types.h>
 # include <sys/sysctl.h>
 #endif
+#ifdef __linux__
+# include <linux/kvm.h>
+#endif
=20
 #define VIR_FROM_THIS VIR_FROM_QEMU
=20
 VIR_LOG_INIT("qemu.qemu_capabilities");
=20
+#define KVM_DEVICE "/dev/kvm"
+
 /* While not public, these strings must not change. They
  * are used in domain status files which are read on
  * daemon restarts
@@ -3655,6 +3660,59 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemu=
Caps,
 }
=20
=20
+int
+virQEMUCapsKVMSupportsVMTypeTDX(void)
+{
+#if defined(KVM_CAP_VM_TYPES) && defined(KVM_X86_TDX_VM)
+    int kvmfd =3D -1;
+    int types;
+
+    if (!virFileExists(KVM_DEVICE))
+        return 0;
+
+    if ((kvmfd =3D open(KVM_DEVICE, O_RDONLY)) < 0) {
+        VIR_DEBUG("Unable to open %s, cannot check TDX", KVM_DEVICE);
+        return 0;
+    }
+
+    types =3D ioctl(kvmfd, KVM_CHECK_EXTENSION, KVM_CAP_VM_TYPES);
+
+    VIR_FORCE_CLOSE(kvmfd);
+    VIR_DEBUG("KVM VM types: 0x%x", types);
+
+    return !!(types & (1 << KVM_X86_TDX_VM));
+#else
+    VIR_DEBUG("KVM not compiled");
+    return 0;
+#endif
+}
+
+
+/* This ought to be virQEMUCapsProbeQMPTDXCapabilities,
+ * but there is no 'query-tdx-capabilities' command
+ * available in QEMU currently. If one arrives, rename
+ * this method & switch to using that on new enough QEMU
+ */
+static int
+virQEMUCapsProbeTDXCapabilities(virQEMUCaps *qemuCaps)
+{
+    int rc;
+
+    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST))
+        return 0;
+
+    if ((rc =3D virQEMUCapsKVMSupportsVMTypeTDX()) < 0)
+        return -1;
+
+    if (rc =3D=3D 0) {
+        virQEMUCapsClear(qemuCaps, QEMU_CAPS_TDX_GUEST);
+        return 0;
+    }
+
+    return 0;
+}
+
+
 static int
 virQEMUCapsProbeQMPSGXCapabilities(virQEMUCaps *qemuCaps,
                                    qemuMonitor *mon)
@@ -5837,6 +5895,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCaps *qemuCaps,
         return -1;
     if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0)
         return -1;
+    if (virQEMUCapsProbeTDXCapabilities(qemuCaps) < 0)
+        return -1;
=20
     virQEMUCapsInitProcessCaps(qemuCaps);
=20
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index efbef2acef..64e5c4ff55 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -979,3 +979,6 @@ int
 virQEMUCapsProbeQMPMachineTypes(virQEMUCaps *qemuCaps,
                                 virDomainVirtType virtType,
                                 qemuMonitor *mon);
+
+int
+virQEMUCapsKVMSupportsVMTypeTDX(void) ATTRIBUTE_MOCKABLE;
diff --git a/tests/domaincapsmock.c b/tests/domaincapsmock.c
index cb6e98dbb8..e882c01260 100644
--- a/tests/domaincapsmock.c
+++ b/tests/domaincapsmock.c
@@ -48,6 +48,12 @@ virHostCPUGetPhysAddrSize(const virArch hostArch,
 }
=20
 #if WITH_QEMU
+int
+virQEMUCapsKVMSupportsVMTypeTDX(void)
+{
+    return 1;
+}
+
 static bool (*real_virQEMUCapsGetKVMSupportsSecureGuest)(virQEMUCaps *qemu=
Caps);
=20
 bool
--=20
2.51.1