[libvirt PATCH] qemu: Enable unprivileged userfaultfd for post-copy migration
Peter Krempa
pkrempa at redhat.com
Thu Dec 2 16:11:11 UTC 2021
On Thu, Dec 02, 2021 at 16:56:49 +0100, Jiri Denemark wrote:
> Userfaultfd is by default allowed only for privileged processes. Since
> libvirt runs QEMU unprivileged, we need to enable unprivileged access to
> userfaultfd before starting post-copy migration.
>
> Rather than providing a static sysctl configuration file, we set the
> sysctl knob in runtime once post-copy migration is requested. This way
> unprivileged_userfaultfd is only enabled once actually used.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1945420
>
> Signed-off-by: Jiri Denemark <jdenemar at redhat.com>
> ---
> src/qemu/qemu_migration_params.c | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
>
> diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
> index dbc3219826..a9449ed1ff 100644
> --- a/src/qemu/qemu_migration_params.c
> +++ b/src/qemu/qemu_migration_params.c
> @@ -804,6 +804,24 @@ qemuMigrationCapsToJSON(virBitmap *caps,
> }
>
>
> +static void
> +qemuMigrationParamsEnableUserfaultfd(virDomainObj *vm)
passing 'vm'
> +{
> + const char *sysctl = "/proc/sys/vm/unprivileged_userfaultfd";
> +
> + if (!virFileExists(sysctl))
> + return;
> +
> + VIR_DEBUG("Enabling unprivileged userfaultfd for post-copy migration of "
> + "domain %s", vm->def->name);
Just to debug-log the VM name is a bit pointless. If debug logs are
enabled you'll be able to figure out the migrated VM by other log
entries.
> +
> + if (virFileWriteStr(sysctl, "1", 0) < 0) {
> + virReportSystemError(errno, "%s",
> + _("failed to enable unprivileged userfaultfd"));
Reporting an error and not actually failing is also something we rarely
do. Firstly it can set the error object and report a spurious error in
cases when we'd forget to set an error, and additionally it can flood
system logs with 'error' level messages which is also getting frequently
reported.
> + }
> +}
> +
> +
> /**
> * qemuMigrationParamsApply
> * @driver: qemu driver
> @@ -839,6 +857,13 @@ qemuMigrationParamsApply(virQEMUDriver *driver,
> goto cleanup;
> }
> } else {
> + /* userfaultfd may only be enabled for privileged processes by default,
> + * we need to make sure QEMU can use it before enabling post-copy
> + * migration */
> + if (virBitmapIsBitSet(priv->migrationCaps, QEMU_MIGRATION_CAP_POSTCOPY) &&
> + virBitmapIsBitSet(migParams->caps, QEMU_MIGRATION_CAP_POSTCOPY))
> + qemuMigrationParamsEnableUserfaultfd(vm);
> +
> if (!(caps = qemuMigrationCapsToJSON(priv->migrationCaps, migParams->caps)))
> goto cleanup;
>
> --
> 2.34.1
>
More information about the libvir-list
mailing list