From 2e625d0bab83992f230d47bd86ab83f54310c104 Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Wed, 18 Feb 2026 13:36:26 +0200 Subject: [PATCH] runtime-rs: qemu: don't set maxcpus when confidential guest is enabled QEMU maxcpus enables CPU hotplug capabilities but it's unused when confidential guest is enabled. Change runtime-rs code to skip setting maxcpus QEMU cmdline if CPU hotplug is not needed. Signed-off-by: Mikko Ylinen --- .../hypervisor/src/qemu/cmdline_generator.rs | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs b/src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs index 944b8da0ed..997f708205 100644 --- a/src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs +++ b/src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs @@ -336,9 +336,17 @@ struct Smp { impl Smp { fn new(config: &HypervisorConfig) -> Smp { + let num_vcpus = config.cpu_info.default_vcpus.ceil() as u32; + let max_num_vcpus = if config.security_info.confidential_guest { + // Disable CPU hotplug when confidential guest is enabled + num_vcpus + } else { + config.cpu_info.default_maxvcpus + }; + Smp { - num_vcpus: config.cpu_info.default_vcpus.ceil() as u32, - max_num_vcpus: config.cpu_info.default_maxvcpus, + num_vcpus, + max_num_vcpus, } } } @@ -350,7 +358,11 @@ impl ToQemuParams for Smp { // CpuInfo::adjust_config() seems to ensure that both vcpu numbers // will have sanitised non-zero values params.push(format!("{}", self.num_vcpus)); - params.push(format!("maxcpus={}", self.max_num_vcpus)); + + // Only add maxcpus if it differs from num_vcpus (enables CPU hotplug) + if self.max_num_vcpus > self.num_vcpus { + params.push(format!("maxcpus={}", self.max_num_vcpus)); + } Ok(vec!["-smp".to_owned(), params.join(",")]) }