[PATCH v2 17/21] qemu: Support domain reset command for TDX guest

Wed, 25 Jun 2025 03:00:56 -0700 

TDX guest doesn't support system_reset, so have to kill the old guest and
start a new one to simulate the reset. This can be achieved by calling
qemuProcessFakeRebootViaRecreate().

Domain lock is already hold in qemuDomainReset() before calling
qemuProcessFakeRebootViaRecreate(), so bypass locking in it.

Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com>
---
 src/qemu/qemu_driver.c  |  6 ++++++
 src/qemu/qemu_process.c | 14 +++++++++-----
 src/qemu/qemu_process.h |  2 ++
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index a75e09b6de..c6566f65d0 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1976,6 +1976,12 @@ qemuDomainReset(virDomainPtr dom, unsigned int flags)
     if (virDomainResetEnsureACL(dom->conn, vm->def) < 0)
         goto cleanup;
 
+    if (vm->def->sec &&
+        vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX) {
+        ret = qemuProcessFakeRebootViaRecreate(vm, true);
+        goto cleanup;
+    }
+
     if (virDomainObjBeginJob(vm, VIR_JOB_MODIFY) < 0)
         goto cleanup;
 
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 68c0a5b64d..e7fcace9e2 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -450,8 +450,8 @@ qemuProcessHandleReset(qemuMonitor *mon G_GNUC_UNUSED,
  * Secure guest doesn't support fake reboot via machine CPU reset.
  * We thus fake reboot via QEMU re-creation.
  */
-static void
-qemuProcessFakeRebootViaRecreate(virDomainObj *vm)
+int
+qemuProcessFakeRebootViaRecreate(virDomainObj *vm, bool locked)
 {
     qemuDomainObjPrivate *priv = vm->privateData;
     virQEMUDriver *driver = priv->driver;
@@ -460,7 +460,9 @@ qemuProcessFakeRebootViaRecreate(virDomainObj *vm)
 
     VIR_DEBUG("Handle secure guest reboot: destroy phase");
 
-    virObjectLock(vm);
+    if (!locked)
+        virObjectLock(vm);
+
     if (qemuProcessBeginStopJob(vm, VIR_JOB_DESTROY, 0) < 0)
         goto cleanup;
 
@@ -513,7 +515,9 @@ qemuProcessFakeRebootViaRecreate(virDomainObj *vm)
     qemuDomainSetFakeReboot(vm, false);
     if (ret == -1)
         ignore_value(qemuProcessKill(vm, VIR_QEMU_PROCESS_KILL_FORCE));
-    virDomainObjEndAPI(&vm);
+    if (!locked)
+        virDomainObjEndAPI(&vm);
+    return ret;
 }
 
 
@@ -587,7 +591,7 @@ qemuProcessFakeReboot(void *opaque)
 
     if (vm->def->sec &&
         vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_TDX)
-        qemuProcessFakeRebootViaRecreate(vm);
+        ignore_value(qemuProcessFakeRebootViaRecreate(vm, false));
     else
         qemuProcessFakeRebootViaReset(vm);
 }
diff --git a/src/qemu/qemu_process.h b/src/qemu/qemu_process.h
index b8c4af4aaf..9f783790ac 100644
--- a/src/qemu/qemu_process.h
+++ b/src/qemu/qemu_process.h
@@ -190,6 +190,8 @@ typedef enum {
 
 int qemuProcessKill(virDomainObj *vm, unsigned int flags);
 
+int qemuProcessFakeRebootViaRecreate(virDomainObj *vm, bool locked);
+
 void qemuProcessShutdownOrReboot(virDomainObj *vm);
 
 void qemuProcessAutoDestroy(virDomainObj *dom,
-- 
2.34.1

Reply via email to