Userfaultfd is by default allowed only for privileged processes. Since libvirt runs QEMU unprivileged, we need to enable unprivileged access to userfaultfd to enable post-copy migration. https://bugzilla.redhat.com/show_bug.cgi?id=1945420 Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx> --- Notes: If you wonder about the 60-* prefix of the installed sysctl file, we already install 60-libvirtd.conf so I think it makes sense to use the same prefix for all sysctl configuration installed by libvirt. Version 2: - setting unprivileged_userfaultfd only when it is not already enabled - virReportSystemError replaced with VIR_WARN Version 3: - set the knob via a sysctl conf file instead libvirt.spec.in | 1 + src/qemu/meson.build | 8 ++++++++ src/qemu/postcopy-migration.sysctl | 6 ++++++ 3 files changed, 15 insertions(+) create mode 100644 src/qemu/postcopy-migration.sysctl diff --git a/libvirt.spec.in b/libvirt.spec.in index 5a079cdaf3..3aa4cc75b5 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1859,6 +1859,7 @@ exit 0 %files daemon-driver-qemu %config(noreplace) %{_sysconfdir}/sysconfig/virtqemud %config(noreplace) %{_sysconfdir}/libvirt/virtqemud.conf +%config(noreplace) %{_prefix}/lib/sysctl.d/60-qemu-postcopy-migration.conf %{_datadir}/augeas/lenses/virtqemud.aug %{_datadir}/augeas/lenses/tests/test_virtqemud.aug %{_unitdir}/virtqemud.service diff --git a/src/qemu/meson.build b/src/qemu/meson.build index 3898d23877..66ef594006 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -170,6 +170,14 @@ if conf.has('WITH_QEMU') 'file': files('virtqemud.sysconf'), } + if conf.has('WITH_SYSCTL') + install_data( + 'postcopy-migration.sysctl', + install_dir: prefix / 'lib' / 'sysctl.d', + rename: [ '60-qemu-postcopy-migration.conf' ], + ) + endif + virt_install_dirs += [ localstatedir / 'lib' / 'libvirt' / 'qemu', runstatedir / 'libvirt' / 'qemu', diff --git a/src/qemu/postcopy-migration.sysctl b/src/qemu/postcopy-migration.sysctl new file mode 100644 index 0000000000..aa8f015ae0 --- /dev/null +++ b/src/qemu/postcopy-migration.sysctl @@ -0,0 +1,6 @@ +# This is needed to support post-copy migration for QEMU run by libvirt, +# i.e., unprivileged, as userfaultfd is by default only available to +# privileged processes. +# It can be safely overridden by a file in /etc/sysctl.d/ in case post-copy +# migration is not used on the host. +vm.unprivileged_userfaultfd = 1 -- 2.34.1