From d24aa887b65df4e61d4c3371c056f0010bc3baa7 Mon Sep 17 00:00:00 2001
From: Rob Bradford <robert.bradford@intel.com>
Date: Wed, 3 Mar 2021 15:38:53 +0000
Subject: [PATCH] vmm: Reject VM snapshot request if TDX in use

It is not possible to snapshot the contents of a TDX VM.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
---
 vmm/src/vm.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/vmm/src/vm.rs b/vmm/src/vm.rs
index 657a8ae8d..f832ba794 100644
--- a/vmm/src/vm.rs
+++ b/vmm/src/vm.rs
@@ -2127,6 +2127,15 @@ impl Snapshottable for Vm {
     fn snapshot(&mut self) -> std::result::Result<Snapshot, MigratableError> {
         event!("vm", "snapshotting");
 
+        #[cfg(feature = "tdx")]
+        {
+            if self.config.lock().unwrap().tdx.is_some() {
+                return Err(MigratableError::Snapshot(anyhow!(
+                    "Snapshot not possible with TDX VM"
+                )));
+            }
+        }
+
         let current_state = self.get_state().unwrap();
         if current_state != VmState::Paused {
             return Err(MigratableError::Snapshot(anyhow!(