vmm: tdx: Error out early for TD migration

Signed-off-by: Bo Chen <chen.bo@intel.com>
2025-02-01 17:35:19 +00:00 · 2023-12-11 20:04:55 +00:00 · 2023-12-11 20:04:55 +00:00 · e64b66054e
commit e64b66054e
parent ceb1be9f50
2 changed files with 17 additions and 8 deletions
--- a/vmm/src/lib.rs
+++ b/vmm/src/lib.rs
@ -1669,7 +1669,12 @@ impl Vmm {
        #[cfg(all(feature = "kvm", target_arch = "x86_64"))]
        let common_cpuid = {
            #[cfg(feature = "tdx")]
-            let tdx = vm_config.lock().unwrap().is_tdx_enabled();
+            if vm_config.lock().unwrap().is_tdx_enabled() {
+                return Err(MigratableError::MigrateSend(anyhow!(
+                    "Live Migration is not supported when TDX is enabled"
+                )));
+            };
+
            let amx = vm_config.lock().unwrap().cpus.features.amx;
            let phys_bits =
                vm::physical_bits(&hypervisor, vm_config.lock().unwrap().cpus.max_phys_bits);
@ -1680,7 +1685,7 @@ impl Vmm {
                    phys_bits,
                    kvm_hyperv: vm_config.lock().unwrap().cpus.kvm_hyperv,
                    #[cfg(feature = "tdx")]
-                    tdx,
+                    tdx: false,
                    amx,
                },
            )
@ -1859,6 +1864,13 @@ impl Vmm {
        src_vm_config: &Arc<Mutex<VmConfig>>,
        src_vm_cpuid: &[hypervisor::arch::x86::CpuIdEntry],
    ) -> result::Result<(), MigratableError> {
+        #[cfg(feature = "tdx")]
+        if src_vm_config.lock().unwrap().is_tdx_enabled() {
+            return Err(MigratableError::MigrateReceive(anyhow!(
+                "Live Migration is not supported when TDX is enabled"
+            )));
+        };
+
        // We check the `CPUID` compatibility of between the source vm and destination, which is
        // mostly about feature compatibility and "topology/sgx" leaves are not relevant.
        let dest_cpuid = &{
@ -1872,7 +1884,7 @@ impl Vmm {
                    phys_bits,
                    kvm_hyperv: vm_config.cpus.kvm_hyperv,
                    #[cfg(feature = "tdx")]
-                    tdx: vm_config.is_tdx_enabled(),
+                    tdx: false,
                    amx: vm_config.cpus.features.amx,
                },
            )
--- a/vmm/src/vm.rs
+++ b/vmm/src/vm.rs
@ -2441,12 +2441,9 @@ impl Snapshottable for Vm {
    fn snapshot(&mut self) -> std::result::Result<Snapshot, MigratableError> {
        event!("vm", "snapshotting");

-        #[cfg(feature = "tdx")]
-        let tdx_enabled = self.config.lock().unwrap().is_tdx_enabled();
-
        #[cfg(feature = "tdx")]
        {
-            if tdx_enabled {
+            if self.config.lock().unwrap().is_tdx_enabled() {
                return Err(MigratableError::Snapshot(anyhow!(
                    "Snapshot not possible with TDX VM"
                )));
@ -2474,7 +2471,7 @@ impl Snapshottable for Vm {
                    phys_bits,
                    kvm_hyperv: self.config.lock().unwrap().cpus.kvm_hyperv,
                    #[cfg(feature = "tdx")]
-                    tdx: tdx_enabled,
+                    tdx: false,
                    amx,
                },
            )