On Thu, Nov 20, 2025 at 02:30:18PM +0100, Ján Tomko wrote:
> On a Thursday in 2025, Daniel P. Berrangé via Devel wrote:
> > From: Daniel P. Berrangé <[email protected]>
> >
> > Querying existence of the 'tdx-guest' type merely tells us whether
> > QEMU has been compiled with TDX support, not whether it is usable
> > on the host. Thus QEMU was incorrectly reporting
> >
>
> s/QEMU/libvirt/ in the one case above
>
> > <tdx supported='yes'/>
> > ...
> > <launchSecurity supported='yes'>
> > <enum name='sectype'>
> > <value>tdx</value>
> > </enum>
> > </launchSecurity>
> >
> > on every platform with new enough QEMU.
> >
> > Unfortunately an earlier patch for a 'query-tdx-capabilities' QMP
> > command in QEMU was dropped, so there is no way to ask QEMU whether
> > it can launch a TDX guest. Libvirt must directly query the KVM
> > device and ask for supported VM types.
> >
> > Signed-off-by: Daniel P. Berrangé <[email protected]>
> > ---
> > src/qemu/qemu_capabilities.c | 60 ++++++++++++++++++++++++++++++++++++
> > src/qemu/qemu_capabilities.h | 3 ++
> > tests/domaincapsmock.c | 6 ++++
> > 3 files changed, 69 insertions(+)
> >
> > diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> > index 205bf3d0b8..67fe5d7acf 100644
> > --- a/src/qemu/qemu_capabilities.c
> > +++ b/src/qemu/qemu_capabilities.c
> > @@ -54,11 +54,16 @@
> > # include <sys/types.h>
> > # include <sys/sysctl.h>
> > #endif
> > +#ifdef __linux__
> > +# include <linux/kvm.h>
> > +#endif
> >
>
> I think the part touching /dev/kvm should live somewhere in src/util
We've got bits touching /dev/kvm in many other source files
too. Feels like we should introduce a virkvm.{ch} module
in util and merge everything. I'll do that as a followup
though, since this commit wants to be easy to backport
to previous releases.
>
> > #define VIR_FROM_THIS VIR_FROM_QEMU
> >
> > VIR_LOG_INIT("qemu.qemu_capabilities");
> >
> > +#define KVM_DEVICE "/dev/kvm"
> > +
> > /* While not public, these strings must not change. They
> > * are used in domain status files which are read on
> > * daemon restarts
> > @@ -3655,6 +3660,59 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps
> > *qemuCaps,
> > }
> >
> >
> > +int
> > +virQEMUCapsKVMSupportsVMTypeTDX(void)
> > +{
> > +#if defined(KVM_CAP_VM_TYPES) && defined(KVM_X86_TDX_VM)
> > + int kvmfd = -1;
> > + int types;
> > +
> > + if (!virFileExists(KVM_DEVICE))
> > + return 0;
> > +
> > + if ((kvmfd = open(KVM_DEVICE, O_RDONLY)) < 0) {
> > + VIR_DEBUG("Unable to open %s, cannot check TDX", KVM_DEVICE);
> > + return 0;
> > + }
> > +
> > + types = ioctl(kvmfd, KVM_CHECK_EXTENSION, KVM_CAP_VM_TYPES);
>
> Interesting that you did not have to include sys/ioctl.h
> It seems it gets included via virsocket.h
I'll make that an explicit include to be sure.
>
> > +
> > + VIR_FORCE_CLOSE(kvmfd);
> > + VIR_DEBUG("KVM VM types: 0x%x", types);
> > +
> > + return !!(types & (1 << KVM_X86_TDX_VM));
>
> Reviewed-by: Ján Tomko <[email protected]>
>
> Jano
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
