[v1] qemu: block core dump for TDX guests

[PATCH] qemu: block core dump for TDX guests

Jun Miao posted 1 patch 3 weeks ago

Diff against v1
Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20260424063851.92003-1-jun.miao@intel.com

There is a newer version of this series

src/qemu/qemu_driver.c | 7 +++++++
1 file changed, 7 insertions(+)

Expand all Fold all

[PATCH] qemu: block core dump for TDX guests

Posted by Jun Miao 3 weeks ago

From: root <root@localhost>

TDX guests use encrypted memory that cannot be meaningfully
dumped by the hypervisor. Attempting a core dump on a TDX guest
would produce unusable output since the memory contents are
encrypted. And dump will make TDVM crash.

Block the core dump operation for TDX guests early with a clear
error message instead of letting it proceed and abort the Qemu.

Signed-off-by: Jun Miao <jun.miao@intel.com>
---
 src/qemu/qemu_driver.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index b3e60471a8..555a6b6fb3 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3249,6 +3249,13 @@ qemuDomainCoreDumpWithFormat(virDomainPtr dom,
     if (virDomainObjCheckActive(vm) < 0)
         goto endjob;
 
+    if (vm->def->sec &&
+        vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("core dump is not supported for TDX guests"));
+        goto endjob;
+    }
+
     priv = vm->privateData;
     qemuDomainJobSetStatsType(vm->job->current,
                               QEMU_DOMAIN_JOB_STATS_TYPE_SAVEDUMP);
-- 
2.47.1