TDX guests use encrypted memory that cannot be meaningfully dumped by the hypervisor. Attempting a core dump on a TDX guest would produce unusable output since the memory contents are encrypted. And dump will make TDVM crash. Block the core dump operation for TDX guests early with a clear error message instead of letting it proceed and abort the Qemu. Signed-off-by: Jun Miao <jun.miao@intel.com> --- src/qemu/qemu_driver.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index b3e60471a8..555a6b6fb3 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3249,6 +3249,13 @@ qemuDomainCoreDumpWithFormat(virDomainPtr dom, if (virDomainObjCheckActive(vm) < 0) goto endjob; + if (vm->def->sec && + vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("core dump is not supported for TDX guests")); + goto endjob; + } + priv = vm->privateData; qemuDomainJobSetStatsType(vm->job->current, QEMU_DOMAIN_JOB_STATS_TYPE_SAVEDUMP); -- 2.47.1