On Tue, Jun 06, 2023 at 16:11:00 -0500, Jonathon Jongsma wrote: > vDPA block devices can be configured as follows: > > <disk type='vhostvdpa'> > <source dev='/dev/vhost-vdpa-0'/> > </disk> > > Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx> > --- > docs/formatdomain.rst | 19 +++++++++++++++++-- > src/ch/ch_monitor.c | 1 + > src/conf/domain_conf.c | 7 +++++++ > src/conf/schemas/domaincommon.rng | 13 +++++++++++++ > src/conf/storage_source_conf.c | 6 +++++- > src/conf/storage_source_conf.h | 1 + > src/libxl/xen_xl.c | 1 + > src/qemu/qemu_block.c | 6 ++++++ > src/qemu/qemu_command.c | 1 + > src/qemu/qemu_migration.c | 2 ++ > src/qemu/qemu_snapshot.c | 4 ++++ > src/qemu/qemu_validate.c | 1 + > src/storage_file/storage_source.c | 1 + > 13 files changed, 60 insertions(+), 3 deletions(-) [...] By re-using virStorageSource->path for the path to the block device, the code which e.g. sets up the mount namespace will consider that the device node for the vdpa device needs to be created in the per-vm /dev/fileysstem. This should not be needed though as we're FD-passing it. selinux labelling and cgroups will skip labelling the /dev/ node as virStorageSourceIsLocalStorage() returns false. This is okay in case of selinux but I'm not sure how the cgroups device controller handles access to the device. I also didn't see anything related to labelling the fd passed to qemu. What I'm missing is selinux-labelling of the FD passed to the VM. Since the /dev/ node doesn't get labelled either it will most likely we forbidden by selinux. Do you have any guide how to setup the VDPA simulator handy? Generally this patch looks okay and the labelling stuff is more for the implementation patch, so, Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>
