Re: [RFC PATCH 2/6] i386/sev: extend sev-guest property to include SEV-SNP

[Michael Roth]

On Wed, Jul 21, 2021 at 03:08:37PM +0200, Markus Armbruster wrote:
> Daniel P. Berrangé <berrange@redhat.com> writes:
> 
> > On Tue, Jul 20, 2021 at 02:42:12PM -0500, Michael Roth wrote:
> >> On Tue, Jul 13, 2021 at 03:46:19PM +0200, Markus Armbruster wrote:
> 
> [...]
> 
> >> > I recommend to do exactly what we've done before for complex
> >> > configuration: define it in the QAPI schema, so we can use both dotted
> >> > keys and JSON on the command line, and can have QMP, too.  Examples:
> >> > -blockdev, -display, -compat.
> >> > 
> >> > Questions?
> >> 
> >> Hi Markus, Daniel,
> >> 
> >> I'm dealing with similar considerations with some SNP config options
> >> relating to CPUID enforcement, so I've started looking into this as
> >> well, but am still a little confused on the best way to proceed.
> >> 
> >> I see that -blockdev supports both JSON command-line arguments (via
> >> qobject_input_visitor_new) and dotted keys
> >> (via qobject_input_vistior_new_keyval).
> 
> Yes.  Convenience function qobject_input_visitor_new_str() provides
> this.
> 
> >> We could introduce a new config group do the same, maybe something specific
> >> to ConfidentialGuestSupport objects, e.g.:
> >> 
> >>   -confidential-guest-support sev-guest,id=sev0,key_a.subkey_b=...
> >
> > We don't wnt to be adding new CLI options anymore. -object with json
> > syntx should ultimately be able to cover everything we'll ever need
> > to do.
> 
> Depends.  When you want a CLI option to create a single QOM object, then
> -object is commonly the way to go.

So if I've read things correctly the fact that this is a question of how to
define properties of a single QOM object lends itself to using -object rather
than attempting a new -blockdev-like option group, and as such if we
want to allow structured parameters we should use pure JSON instead of
attempting to layer anything on top of the current keyval parser.

> 
> >> and use the same mechanisms to parse the options, but this seems to
> >> either involve adding a layer of option translations between command-line
> >> and the underlying object properties, or, if we keep the 1:1 mapping
> >> between QAPI-defined keys and object properties, it basically becomes a
> >> way to pass a different Visitor implementation into object_property_set(),
> >> in this case one created by object_input_visitor_new_keyval() instead of
> >> opts_visitor_new().
> 
> qobject_input_visitor_new_str() provides 1:1, i.e. common abstract
> syntax, and concrete syntax either JSON or dotted keys.  Note that the
> latter is slightly less expressive (can't do empty arrays and objects,
> may fall apart for type 'any').  If you run into these limitations, use
> JSON.  Machines should always use JSON.
> 
> qobject_input_visitor_new_str() works by wrapping the "right" visitor
> around the option argument.  Another way to provide a human-friendly
> interface in addition to a machine-friendly one is to translate from
> human to the machine interface.  HMP works that way: HMP commands wrap
> around QMP commands.  The QMP commands are generated from the QAPI
> schema.  The HMP commands are written by hand, which is maximally
> flexible, but also laborious.
> 
> >> In either case, genericizing it beyond CGS/SEV would basically be
> >> introducing:
> >> 
> >>   -object2 sev-guest,id=sev0,key_a.subkey_b=...
> 
> That's because existing -object doesn't use keyval_parse() + the keyval
> QObjct input visitor, it uses QemuOpts and the options visitor, for
> backward compatibility with all their (barely understood) features and
> warts.
> 
> Unfortunate, because even new user-creatable objects can't escape
> QemuOpts.
> 
> QemuOpts needs to go.  But replacing it is difficult and scary in
> places.  -object is such a place.
> 
> >> Which one seems preferable? Or is the answer neither?
> >
> > Yep, neither is the answer.
> 
> Welcome to the QemuOpts swamp, here's your waders and a leaky bucket.

*backs slowly away from swamp* :)

So back to the question of whether we need structured parameters. The
main driver for this seems to be that the options are currently defined
via a config file, which was originally introduced to cope with:

a) lots of parameters (8)

   - not really that significant compared to some other objects/options.

b) large page-size parameters

   - mainly applies to 'id_auth', which could be broken out as individual
     files/blobs and passed in via normal file path string arguments
   - already how we handle dh-cert-file and session-file

c) separating SNP-specific parameters from the base sev-guest object
   properties

   - could possibly be done with a new 'sev-snp-guest' object, which
     would also help disambiguate stuff like the 32-bit sev/sev-es
     'policy' arguments from the 64-bit version in SNP, and can still
     re-use common properties like 'cbitpos' via some base object
   - maybe some other benefits, need to look into it more.

If they aren't any objections I'll take a stab at this early next week.
Will be on PTO until then, but will follow-up soon as I'm back in office.

> > Ultimately I think we've come to the conclusion that QemuOpts is an
> > unfixable dead end that should be left alone. Our future is trending
> > towards being entirely JSON, configured via the QMP monitor not the
> > CLI. As such the json support for -object is a step towards the pure
> > JSON world.
> 
> QemuOpts served us well for a while, but we've long grown out of its
> limitations.  It needs to go.
> 
> QemuOpts not providing an adequate CLI language does not imply we can't
> have an adequate CLI language.  The "everything QMP" movement is due to
> other factors.  I have serious reservations about the idea, actually.
> 
> > IOW, if you have things that work today with QemuOpts that's fine.
> >
> > If, however, you're coming across situations that need non-scalar
> > data and it doesn't work with QemuOpts, then just declare that
> > -object json syntax is mandatory for that scenario. Don't invest
> > time trying to improve QemuOpts for non-scalar data, nor inventing
> > new CLI args.
> 
> I agree 100% with "don't mess with QemuOpts".  That mess is complete.
> 
> Whether a new CLI option makes sense should be decided case by case.
> 
> "Must use JSON" feels acceptable for things basically only management
> applications use.

Yah, it's great that QAPI/object_add already takes care of the management
side of things, but giving up the option of using human-readable/non-JSON
command-line args is still a tough pill to swallow, at least as a developer
where I know some significant portion of my life will be spent debugging
parser errors from bash.

*backs up too far, walks into adjacent swamp with no waders*

If more cases where structured arguments for Objects really make sense and
thus necessitate JSON-only, it would be great if there was some developer
tool, e.g. scripts/qemu-cmdline-helper-devs-only that could handle this
translation to JSON or QMP and maybe serve as a test-bed for this awesome
new cmdline syntax that provides all the expressiveness of QAPI and could
abstract away the QemuOpts-specific option formats while still allowing
for periodic reworks.

Or maybe -readconfig is the better starting point? Or is it too late for
that already? -x-readconfig2 ? :)

*disappears into swamp*