On Thu, 09 Oct 2025 16:55:54 +0200 Markus Armbruster <[email protected]> wrote:
> Igor Mammedov <[email protected]> writes: > > > On Thu, 09 Oct 2025 10:55:40 +0200 > > Markus Armbruster <[email protected]> wrote: > > > >> [email protected] writes: > >> > >> > From: Salil Mehta <[email protected]> > >> > > >> > This patch adds a "device_set" interface for modifying properties of > >> > devices > >> > that already exist in the guest topology. Unlike > >> > 'device_add'/'device_del' > >> > (hot-plug), 'device_set' does not create or destroy devices. It is > >> > intended > >> > for guest-visible hot-add semantics where hardware is provisioned at > >> > boot but > >> > logically enabled/disabled later via administrative policy. > >> > > >> > Compared to the existing 'qom-set' command, which is less intuitive and > >> > works > >> > only with object IDs, device_set provides a more device-oriented > >> > interface. > >> > It can be invoked at the QEMU prompt using natural device arguments, and > >> > the > >> > new '-deviceset' CLI option allows properties to be set at boot time, > >> > similar > >> > to how '-device' specifies device creation. > >> > >> Why can't we use -device? > > > > that's was my concern/suggestion in reply to cover letter > > (as a place to put high level review and what can be done for the next > > revision) > > Yes. > > > (PS: It looks like I'm having email receiving issues (i.e. not getting from > > mail list my own emails that it bonces to me, so threading is all broken on > > my side and I'm might miss replies). But on positive side it looks like my > > replies reach the list and CCed just fine) > > For what it's worth, your replies arrive fine here. > > >> > While the initial implementation focuses on "admin-state" changes (e.g., > >> > enable/disable a CPU already described by ACPI/DT), the interface is > >> > designed > >> > to be generic. In future, it could be used for other per-device set/unset > >> > style controls — beyond administrative power-states — provided the target > >> > device explicitly allows such changes. This enables fine-grained runtime > >> > control of device properties. > >> > >> Beware, designing a generic interface can be harder, sometimes much > >> harder, than designing a specialized one. > >> > >> device_add and qom-set are generic, and they have issues: > >> > >> * device_add effectively bypasses QAPI by using 'gen': false. > >> > >> This bypasses QAPI's enforcement of documentation. Property > >> documentation is separate and poor. > >> > >> It also defeats introspection with query-qmp-schema. You need to > >> resort to other means instead, say QOM introspection (which is a bag > >> of design flaws on its own), then map from QOM to qdev. > >> > >> * device_add lets you specify any qdev property, even properties that > >> are intended only for use by C code. > >> > >> This results in accidental external interfaces. > >> > >> We tend to name properties like "x-prop" to discourage external use, > >> but I wouldn't bet my own money on us getting that always right. > >> Moreover, there's beauties like "x-origin". > >> > >> * qom-set & friends effectively bypass QAPI by using type 'any'. > >> > >> Again, the bypass results in poor documentation and a defeat of > >> query-qmp-schema. > >> > >> * qom-set lets you mess with any QOM property with a setter callback. > >> > >> Again, accidental external interfaces: most of these properties are > >> not meant for use with qom-set. For some, qom-set works, for some it > >> silently does nothing, and for some it crashes. A lot more dangerous > >> than device_add. > >> > >> The "x-" convention can't help here: some properties are intended for > >> external use with object-add, but not with qom-set. > >> > >> We should avoid such issues in new interfaces. > > [...] > > >> > diff --git a/hmp-commands.hx b/hmp-commands.hx > >> > index d0e4f35a30..18056cf21d 100644 > >> > --- a/hmp-commands.hx > >> > +++ b/hmp-commands.hx > >> > @@ -707,6 +707,36 @@ SRST > >> > or a QOM object path. > >> > ERST > >> > > >> > +{ > >> > + .name = "device_set", > >> > + .args_type = "device:O", > >> > + .params = "driver[,prop=value][,...]", > >> > + .help = "set/unset existing device property", > >> > + .cmd = hmp_device_set, > >> > + .command_completion = device_set_completion, > >> > +}, > >> > + > >> > +SRST > >> > +``device_set`` *driver[,prop=value][,...]* > >> > + Change the administrative power state of an existing device. > >> > + > >> > + This command enables or disables a known device (e.g., CPU) using the > >> > + "device_set" interface. It does not hotplug or add a new device. > >> > + > >> > + Depending on platform support (e.g., PSCI or ACPI), this may trigger > >> > + corresponding operational changes — such as powering down a CPU or > >> > + transitioning it to active use. > >> > + > >> > + Administrative state: > >> > + * *enabled* — Allows the guest to use the device (e.g., CPU_ON) > >> > + * *disabled* — Prevents guest use; device is powered off (e.g., > >> > CPU_OFF) > >> > + > >> > + Note: The device must already exist (be declared during machine > >> > creation). > >> > + > >> > + Example: > >> > + (qemu) device_set host-arm-cpu,core-id=3,admin-state=disabled > >> > +ERST > >> > >> How exactly is the device selected? You provide a clue above: 'can be > >> located by "id" or via driver+property match'. > >> > >> I assume by "id" is just like device_del, i.e. by qdev ID or QOM path. > >> > >> By "driver+property match" is not obvious. Which of the arguments are > >> for matching, and which are for setting? > >> > >> If "id" is specified, is there any matching? > >> > >> The matching feature complicates this interface quite a bit. I doubt > >> it's worth the complexity. If you think it is, please split it off into > >> a separate patch. > > > > It's likely /me who to blame for asking to invent generic > > device-set QMP command. > > I see another application (beside ARM CPU power-on/off) for it, > > PCI devices to simulate powering on/off them at runtime without > > actually removing device. > > I prefer generic commands over collecting ad hoc single-purpose > commands, too. Getting the design right can be difficult. > > > wrt command, > > I'd use only 'id' with it to identify target device > > (i.e. no template matching nor QMP path either). > > To enforce rule, what user hasn't named explicitly by providing 'id' > > isn't meant to be accessed/manged by user later on. > > Works well, except when we need to access / manage onboard devices. > That's still an unsolved problem. > > > potentially we can invent specialized power_set/get command as > > an alternative if it makes design easier. > > But then we would be spawning similar commands for other things, > > where as device-set would cover it all. But then I might be > > over-complicating things by suggesting a generic approach. > > Unclear. > > I feel it's best to start the design process with ensvisaged uses. Can > you tell me a bit more about the uses you have in mind? We have nic failover 'feature' https://www.qemu.org/docs/master/system/virtio-net-failover.html to make it work we do abuse hotplug and that poses problem during migration, since: - unplugging primary device releases resources (which might not be possible to claim back in case migration failure) - it's similar on destination side, where attempt to hotplug primary might fail die to insufficient resources leaving guest on 'degraded' virtio-net link. Idea was that instead of hotplug we can power off primary device, (it will still exist and keep resources), initiate migration, and then on target do the same starting with primary fully realized but powered of (and failing migration early if it can't claim resources, safely resuming QEMU on source incl. primary link), and then guest failover driver on destination would power primary on as part of switching to primary link. Above would require -device/device_add support for specifying device's power state as minimum. > >> Next question. Is there a way for management applications to detect > >> whether a certain device supports device_set for a certain property? > > > > is there some kind of QMP command to check what does a device support, > > or at least what properties it supports? Can we piggy-back on that? > > Maybe. > > QAPI schema introspection (query-qmp-schema) has been a success. It has > a reasonably expressive type system, deprecation information, and hides > much implementation detail. Sadly, it doesn't cover most of QOM and all > of qdev due to QAPI schema bypass. > > QOM type introspection (qom-list-types and qom-list-properties) is weak. > You can retrieve a property's name and type. The latter is seriously > underspecified, and somewhere between annoying and impossible to use > reliably. Properties created in certain ways are not visible here. > These are rare. > > QOM object introspection (qom-list) is the same for concrete objects > rather than types. > > qdev introspection (device-list-properties) is like QOM type > introspection. I'm not sure why it exists. Use QOM type introspection > instead. > > QOM introspection is servicable for checking whether a certain property > exists. Examining a property's type is unadvisable. > > >> Without that, what are management application supposed to do? Hard-code > >> what works? Run the command and see whether it fails? > > > > Adding libvirt list to discussion and possible ideas on what can be done > > here. > > > >> I understand right now the command supports just "admin-state" for a > >> certain set of devices, so hard-coding would be possible. But every new > >> (device, property) pair then requires management application updates, > >> and the hard-coded information becomes version specific. This will > >> become unworkable real quick. Not good enough for a command designed to > >> be generic. > > [...] >
