On Tue, Dec 07, 2021 at 10:19:42 +0100, Jiri Denemark wrote: > Userfaultfd is by default allowed only for privileged processes. Since > libvirt runs QEMU unprivileged, we need to enable unprivileged access to > userfaultfd before starting post-copy migration. > > Rather than providing a static sysctl configuration file, we set the > sysctl knob in runtime once post-copy migration is requested. This way > unprivileged_userfaultfd is only enabled once actually used. > > https://bugzilla.redhat.com/show_bug.cgi?id=1945420 > > Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx> > --- > > Notes: > Version 2: > - setting unprivileged_userfaultfd only when it is not already enabled > - virReportSystemError replaced with VIR_WARN > > src/qemu/qemu_migration_params.c | 42 ++++++++++++++++++++++++++++++++ > 1 file changed, 42 insertions(+) > > diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c > index dbc3219826..9ba4811242 100644 > --- a/src/qemu/qemu_migration_params.c > +++ b/src/qemu/qemu_migration_params.c [...] > @@ -839,6 +874,13 @@ qemuMigrationParamsApply(virQEMUDriver *driver, > goto cleanup; > } > } else { > + /* userfaultfd may only be enabled for privileged processes by default, > + * we need to make sure QEMU can use it before enabling post-copy > + * migration */ > + if (virBitmapIsBitSet(priv->migrationCaps, QEMU_MIGRATION_CAP_POSTCOPY) && > + virBitmapIsBitSet(migParams->caps, QEMU_MIGRATION_CAP_POSTCOPY)) > + qemuMigrationParamsEnableUserfaultfd(); I forgot to be grumpy about doing sysfs writes in a function which is sending stuff to qemu. It feels really misplaced. Since I don't have a better idea and don't feel like digging deeper: Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>
