Re: [PATCH v2 24/32] accel/kvm: add a per-confidential class callback to unlock guest state

Mon, 12 Jan 2026 09:16:38 -0800 

On Mon, Jan 12, 2026 at 2:24 PM Ani Sinha <[email protected]> wrote:
> diff --git a/system/runstate.c b/system/runstate.c
> index b0ce0410fa..710f5882d9 100644
> --- a/system/runstate.c
> +++ b/system/runstate.c
> @@ -58,6 +58,7 @@
>  #include "system/reset.h"
>  #include "system/runstate.h"
>  #include "system/runstate-action.h"
> +#include "system/confidential-guest-support.h"
>  #include "system/system.h"
>  #include "system/tpm.h"
>  #include "trace.h"
> @@ -564,7 +565,12 @@ void qemu_system_reset(ShutdownCause reason)
>      if (cpus_are_resettable()) {
>          cpu_synchronize_all_post_reset();
>      } else {
> -        assert(runstate_check(RUN_STATE_PRELAUNCH));
> +        /*
> +         * for confidential guests, cpus are not resettable but their
> +         * state can be rebuilt under some conditions.
> +         */
> +        assert(runstate_check(RUN_STATE_PRELAUNCH) ||
> +               (current_machine->cgs && runstate_is_running()));

You can remove the assertion altogether.

> +static bool tdx_can_rebuild_guest_state(ConfidentialGuestSupport *cgs)
> +{
> +    return true;
> +}
> +
>  static void tdx_guest_class_init(ObjectClass *oc, const void *data)
>  {
>      ConfidentialGuestSupportClass *klass = 
> CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc);
> @@ -1596,6 +1601,7 @@ static void tdx_guest_class_init(ObjectClass *oc, const 
> void *data)
>      ResettableClass *rc = RESETTABLE_CLASS(oc);
>
>      klass->kvm_init = tdx_kvm_init;
> +    klass->can_rebuild_guest_state = tdx_can_rebuild_guest_state;
>      x86_klass->kvm_type = tdx_kvm_type;
>      x86_klass->cpu_instance_init = tdx_cpu_instance_init;
>      x86_klass->adjust_cpuid_features = tdx_adjust_cpuid_features;
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index d45356843c..c52027c935 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -2632,6 +2632,14 @@ static int cgs_set_guest_state(hwaddr gpa, uint8_t 
> *ptr, uint64_t len,
>      return -1;
>  }
>
> +static bool sev_can_rebuild_guest_state(ConfidentialGuestSupport *cgs)
> +{
> +    if (!sev_snp_enabled() && !sev_es_enabled()) {
> +        return false;
> +    }
> +    return true;

This is always true, because if both are false then CPUs *are* resettable.

So I think .can_rebuild_guest_state can become a bool member of the
ConfidentialGuestSupportClass, instead of a function.

Paolo

Reply via email to