1. Patchew
  2. Libvirt
  3. View series

[PATCH] qemu: block core dump for TDX guests

Jun Miao posted 1 patch 3 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20260424064438.92371-1-jun.miao@intel.com
src/qemu/qemu_driver.c | 7 +++++++
1 file changed, 7 insertions(+)
[PATCH] qemu: block core dump for TDX guests
Posted by Jun Miao 3 weeks ago 
TDX guests use encrypted memory that cannot be meaningfully
dumped by the hypervisor. Attempting a core dump on a TDX guest
would produce unusable output since the memory contents are
encrypted. And dump will make TDVM crash.

Block the core dump operation for TDX guests early with a clear
error message instead of letting it proceed and abort the Qemu.

Signed-off-by: Jun Miao <jun.miao@intel.com>
---
 src/qemu/qemu_driver.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index b3e60471a8..555a6b6fb3 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3249,6 +3249,13 @@ qemuDomainCoreDumpWithFormat(virDomainPtr dom,
     if (virDomainObjCheckActive(vm) < 0)
         goto endjob;
 
+    if (vm->def->sec &&
+        vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("core dump is not supported for TDX guests"));
+        goto endjob;
+    }
+
     priv = vm->privateData;
     qemuDomainJobSetStatsType(vm->job->current,
                               QEMU_DOMAIN_JOB_STATS_TYPE_SAVEDUMP);
-- 
2.47.1
Re: [PATCH] qemu: block core dump for TDX guests
Posted by Daniel P. Berrangé via Devel 3 weeks ago 
On Fri, Apr 24, 2026 at 02:44:38PM +0800, Jun Miao wrote:
> TDX guests use encrypted memory that cannot be meaningfully
> dumped by the hypervisor. Attempting a core dump on a TDX guest
> would produce unusable output since the memory contents are
> encrypted. And dump will make TDVM crash.
> 
> Block the core dump operation for TDX guests early with a clear
> error message instead of letting it proceed and abort the Qemu.
> 
> Signed-off-by: Jun Miao <jun.miao@intel.com>
> ---
>  src/qemu/qemu_driver.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index b3e60471a8..555a6b6fb3 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -3249,6 +3249,13 @@ qemuDomainCoreDumpWithFormat(virDomainPtr dom,
>      if (virDomainObjCheckActive(vm) < 0)
>          goto endjob;
>  
> +    if (vm->def->sec &&
> +        vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX) {
> +        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> +                       _("core dump is not supported for TDX guests"));
> +        goto endjob;
> +    }

Conceptually it feels like we ought to block core dump for all
launch security types surely ? Or are there some configurations
where it could be permitted ?

> +
>      priv = vm->privateData;
>      qemuDomainJobSetStatsType(vm->job->current,
>                                QEMU_DOMAIN_JOB_STATS_TYPE_SAVEDUMP);
> -- 
> 2.47.1
>
Re: [PATCH] qemu: block core dump for TDX guests
Posted by jun.miao@intel.com 3 weeks ago 
I Believe block all security types.
For a TD, even when reading private (confidential) memory, the returned data is always zero.

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.