On Fri, Apr 24, 2026 at 02:44:38PM +0800, Jun Miao wrote:
TDX guests use encrypted memory that cannot be meaningfully dumped by the hypervisor. Attempting a core dump on a TDX guest would produce unusable output since the memory contents are encrypted. And dump will make TDVM crash.
Block the core dump operation for TDX guests early with a clear error message instead of letting it proceed and abort the Qemu.
Signed-off-by: Jun Miao <jun.miao@intel.com> --- src/qemu/qemu_driver.c | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index b3e60471a8..555a6b6fb3 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3249,6 +3249,13 @@ qemuDomainCoreDumpWithFormat(virDomainPtr dom, if (virDomainObjCheckActive(vm) < 0) goto endjob;
+ if (vm->def->sec && + vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("core dump is not supported for TDX guests")); + goto endjob; + }
Conceptually it feels like we ought to block core dump for all launch security types surely ? Or are there some configurations where it could be permitted ?
+ priv = vm->privateData; qemuDomainJobSetStatsType(vm->job->current, QEMU_DOMAIN_JOB_STATS_TYPE_SAVEDUMP); -- 2.47.1