vmupdate: wait for full VM shutdown before next queued update

VMs with assigned PCI devices require full shutdown before the next
queued update can begin, otherwise the update may start while the VM
is still shutting down. Add _has_assigned_pci_devices() check in
QubeConnection.__exit__ and call shutdown_domains() to block until
shutdown completes, instead of the fire-and-forget qube.shutdown().

Add tests verifying that:
- shutdown_domains() is called when a PCI-assigned VM was started by
  the update and must be shut down
- qube.shutdown() is used when no PCI devices are assigned
- neither is called when the VM was already running before the update

Fixes QubesOS/qubes-issues#10617

Author: Jayant-kernel

vmupdate/qube_connection.py

@@ -28,6 +28,7 @@
 from typing import List
 
 import qubesadmin
+import qubesadmin.exc
 from vmupdate.agent.source.args import AgentArgs
 from vmupdate.agent.source.log_config import LOGPATH, LOG_FILE
 from vmupdate.agent.source.status import StatusInfo, FinalStatus
@@ -92,11 +93,28 @@ def __exit__(self, exc_type, exc_val, exc_tb):
                                   self.dest_dir, str(err))
 
         if self.qube.is_running() and not self._initially_running:
-            self.logger.info('Shutdown %s', self.qube.name)
-            self.qube.shutdown()
+            if self._has_assigned_pci_devices(self.qube):
+                # Late import to avoid circular dependency:
+                # qube_connection <- vmupdate <- update_manager <- qube_connection
+                from vmupdate.vmupdate import shutdown_domains  # pylint: disable=import-outside-toplevel
+                self.logger.info(
+                    'Waiting for full shutdown %s (PCI devices assigned)',
+                    self.qube.name)
+                shutdown_domains([self.qube], self.logger)
+            else:
+                self.logger.info('Shutdown %s', self.qube.name)
+                self.qube.shutdown()
 
         self.__connected = False
 
+    @staticmethod
+    def _has_assigned_pci_devices(vm) -> bool:
+        """Return True when VM has assigned PCI devices."""
+        try:
+            return any(vm.devices['pci'].get_assigned_devices())
+        except qubesadmin.exc.QubesDaemonAccessError:
+            return False
+
     def transfer_agent(self, src_dir: str) -> ProcessResult:
         """
         Copy a directory content to the workdir in the qube.

vmupdate/tests/test_qube_connection.py

@@ -0,0 +1,80 @@
+# coding=utf-8
+#
+# The Qubes OS Project, https://www.qubes-os.org
+#
+# Copyright (C) 2025  Jayant Saxena <jayantmcom@gmail.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+# USA.
+from unittest.mock import Mock, patch
+
+from vmupdate.qube_connection import QubeConnection
+
+
+@patch("vmupdate.qube_connection.shutdown_domains")
+def test_wait_for_shutdown_when_vm_started_by_update(shutdown_domains):
+    vm = Mock()
+    vm.name = "hvm1"
+    vm.is_running.side_effect = [False, True]
+    vm.devices = {'pci': Mock()}
+    vm.devices['pci'].get_assigned_devices.return_value = ["00_1f.2"]
+    status_notifier = Mock()
+    logger = Mock()
+
+    with QubeConnection(
+            vm, "/tmp/qubes-update", cleanup=False, logger=logger,
+            show_progress=False, status_notifier=status_notifier):
+        pass
+
+    shutdown_domains.assert_called_once_with([vm], logger)
+    vm.shutdown.assert_not_called()
+
+
+@patch("vmupdate.qube_connection.shutdown_domains")
+def test_do_not_wait_for_shutdown_without_assigned_pci(shutdown_domains):
+    vm = Mock()
+    vm.name = "hvm2"
+    vm.is_running.side_effect = [False, True]
+    vm.devices = {'pci': Mock()}
+    vm.devices['pci'].get_assigned_devices.return_value = []
+    status_notifier = Mock()
+    logger = Mock()
+
+    with QubeConnection(
+            vm, "/tmp/qubes-update", cleanup=False, logger=logger,
+            show_progress=False, status_notifier=status_notifier):
+        pass
+
+    vm.shutdown.assert_called_once_with()
+    shutdown_domains.assert_not_called()
+
+
+@patch("vmupdate.qube_connection.shutdown_domains")
+def test_do_not_shutdown_if_vm_was_already_running(shutdown_domains):
+    vm = Mock()
+    vm.name = "hvm3"
+    vm.is_running.return_value = True
+    vm.devices = {'pci': Mock()}
+    vm.devices['pci'].get_assigned_devices.return_value = ["00_1f.2"]
+    status_notifier = Mock()
+    logger = Mock()
+
+    with QubeConnection(
+            vm, "/tmp/qubes-update", cleanup=False, logger=logger,
+            show_progress=False, status_notifier=status_notifier):
+        pass
+
+    vm.shutdown.assert_not_called()
+    shutdown_domains.assert_not_called()