[PATCH v2 9/9] qemu: Place helper processes into the same trusted group

Wed Aug 10 12:57:15 UTC 2022

On 7/13/22 18:25, Daniel P. Berrangé wrote:
> On Mon, Jun 27, 2022 at 12:44:41PM +0200, Michal Privoznik wrote:
>> Since the level of trust that QEMU has is the same level of trust
>> that helper processes have there's no harm in placing all of them
>> into the same group.
>>
>> Unfortunately, since these processes are started before QEMU we
>> can't use brand new virCommand*() APIs (those are used on hotplug
>> though) and have to use the low level virProcess*() APIs.
>>
>> Moreover, because there no (kernel) API that would copy cookie
>> from one process to another WITHOUT modifying the cookie of the
>> process that's doing the copy, we have to fork() and use
>> available copy APIs.
>>
>> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
>> ---
>>  src/qemu/qemu_extdevice.c | 120 ++++++++++++++++++++++++++++++++++++++
>>  src/qemu/qemu_extdevice.h |   3 +
>>  src/qemu/qemu_process.c   |   4 ++
>>  3 files changed, 127 insertions(+)
>>
>> diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
>> index b8e3c1000a..41368a9cea 100644
>> --- a/src/qemu/qemu_extdevice.c
>> +++ b/src/qemu/qemu_extdevice.c
>> @@ -335,3 +335,123 @@ qemuExtDevicesSetupCgroup(virQEMUDriver *driver,
>>  
>>      return 0;
>>  }
>> +
>> +
>> +static int
>> +qemuExtDevicesSetupSchedHelper(pid_t ppid G_GNUC_UNUSED,
>> +                               void *opaque)
>> +{
>> +    GSList *pids = opaque;
>> +    GSList *next;
>> +    pid_t vmPid;
>> +
>> +    /* The first item on the list is special: it's the PID of the
>> +     * QEMU that has the cookie we want to copy to the rest. */
>> +    vmPid = GPOINTER_TO_INT(pids->data);
>> +    if (virProcessSchedCoreShareFrom(vmPid) < 0) {
>> +        virReportSystemError(errno,
>> +                             _("Unable to get core group of: %lld"),
>> +                             (long long) vmPid);
>> +        return -1;
>> +    }
>> +
>> +    VIR_DEBUG("SCHED_CORE: vmPid = %lld", (long long) vmPid);
>> +
>> +    for (next = pids->next; next; next = next->next) {
>> +        pid_t pid = GPOINTER_TO_INT(next->data);
>> +
>> +        VIR_DEBUG("SCHED_CORE: share to %lld", (long long) pid);
>> +        if (virProcessSchedCoreShareTo(pid) < 0) {
>> +            virReportSystemError(errno,
>> +                                 _("Unable to share core group to: %lld"),
>> +                                 (long long) pid);
>> +            return -1;
>> +        }
>> +    }
> 
> The helper processes can have many threads, but this virProcessSchedCoreShareTo
> call only sets scheduling cookie for a single thread.
> 
> It would need to use SCOPE_THREAD_GROUP, except even that is not sufficient
> as the helper may have fork+exec'd another helper by this point, and our
> call will only affect the first process.
> 
> IOW, to set core scheduling cookies on the helpers, we need to set them
> upfront at the time we spawn the helper.
> 
> IOW, during startup, IIUC, we need to fork  a dummy process solely to
> call PR_SCHED_CORE_CREATE. Then when forking anything else, whether a
> helper, or QEMU itself, we need to pull the cookie from that dummy
> process, and then finally kill that dummy process.
> 
> If hotplugging a device, we won't need the dummy process, we can pull
> the cookie from the running QEMU.

Yeah. I've missed this fact. That will need some rework though. Let me
do that in v3.

Michal