On 6/8/23 8:44 AM, Peter Krempa wrote:
On Tue, Jun 06, 2023 at 16:11:00 -0500, Jonathon Jongsma wrote:
vDPA block devices can be configured as follows:
<disk type='vhostvdpa'>
<source dev='/dev/vhost-vdpa-0'/>
</disk>
Signed-off-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx>
---
docs/formatdomain.rst | 19 +++++++++++++++++--
src/ch/ch_monitor.c | 1 +
src/conf/domain_conf.c | 7 +++++++
src/conf/schemas/domaincommon.rng | 13 +++++++++++++
src/conf/storage_source_conf.c | 6 +++++-
src/conf/storage_source_conf.h | 1 +
src/libxl/xen_xl.c | 1 +
src/qemu/qemu_block.c | 6 ++++++
src/qemu/qemu_command.c | 1 +
src/qemu/qemu_migration.c | 2 ++
src/qemu/qemu_snapshot.c | 4 ++++
src/qemu/qemu_validate.c | 1 +
src/storage_file/storage_source.c | 1 +
13 files changed, 60 insertions(+), 3 deletions(-)
[...]
By re-using virStorageSource->path for the path to the block device, the
code which e.g. sets up the mount namespace will consider that the
device node for the vdpa device needs to be created in the per-vm
/dev/fileysstem. This should not be needed though as we're FD-passing
it.
selinux labelling and cgroups will skip labelling the /dev/ node as
virStorageSourceIsLocalStorage() returns false. This is okay in case of
selinux but I'm not sure how the cgroups device controller handles
access to the device.
I also didn't see anything related to labelling the fd passed to qemu.
What I'm missing is selinux-labelling of the FD passed to the VM. Since
the /dev/ node doesn't get labelled either it will most likely we
forbidden by selinux.
Do you have any guide how to setup the VDPA simulator handy?
I've just been using this a little script to enable the vdpa block
simulator:
$ cat ./enable-vdpa-sim-blk
modprobe -r virtio_vdpa
modprobe vhost_vdpa
modprobe vdpa_sim_blk
vdpa dev add name testvdpablk mgmtdev vdpasim_blk
ls /dev/vhost-vdpa*
Generally this patch looks okay and the labelling stuff is more for the
implementation patch, so,
Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>