Oops - sorry, I had recreated my branch so git-publish didn't recognize
the series as a v2, so all the subject lines are missing v2 :-/.
Hopefully this won't cause too much confusion.
On 2/15/25 12:20 AM, Laine Stump wrote:
> ====
> Changes from V1:
>
> * fixed missing change to error log message pointed out by abologna
>
> * added a validation check to assure that shared memory is enabled
> if there is a type='vhostuser' interface in the domain definition
>
> * included a patch documenting differences between type='user' SLIRP
> and passt behaviors (because I had to do it anyway, and the
> reorganization made documenting type='vhostuser' passt slightly
> easier.
>
> * added documentation for type='vhostuser' backend type='passt'
> =====
>
> passt (https://passt.top) provides a method of connecting QEMU virtual
> machines to the external network without requiring special privileges
> or capabilities of any participating processes - even libvirt itself
> can run unprivileged and create an instance of passt (which *always*
> runs unprivileged) that is then connected to the qemu process (and
> thus the virtual machine) with a unix socket.
>
> Originally passt used its own protocol for this socket, sending both
> control messages and data packets over the socket. This works, and is
> already much more efficient than the previously
> only-unprivileged-networking-solution slirp.
>
> But recently passt added support for using the vhost-user protocol for
> communication between the passt process (which is connected to the
> external network) and the QEMU process (and thus the VM). vhost-user
> also uses a unix socket, but only for control plane messages - all
> data packets are "sent" between the VM and passt process via a shared
> memory region. This is unsurprisingly much more efficient.
>
> From the point of view of QEMU, the passt process looks identical to
> any normal vhost-user backend, so we can run QEMU with exactly the
> same interface commandline options as normal vhost-user. Also, the
> passt process supports all of the same options as it does when used in
> its "traditional" mode, so really in the end all we need to do is
> twist libvirt around so that when <backend type='passt'/> is specified
> for an <interface type='vhostuser'>, it will run passt just as before
> (except with the added "--vhost-user" option so that passt will know
> to use that), and then force feed the vhost-user code in libvirt with
> the same socket path used by passt.
>
> This series does that, while also switching up a few bits of code
> prior to adding in the new functionality.
>
> So far this has been tested both unprivileged and privileged on Fedora
> 40 (with latest passt packet) and selinux enabled (there are a couple
> of selinux policy tweaks that still need to be pushed to
> passt-selinux) as well as unprivileged on debian (I *think* with
> AppArmor enabled) and everything seems to work.
>
> (I haven't gotten to testing hotplug, but it *should* work, and I'll
> be testing it while (hopefully) someone is reviewing these patches.)
>
> To test, you will need the latest (20250121) passt package and the
> aforementioned upstream passt-selinux patch if you're using selinux.
>
> This Resolves: https://issues.redhat.com/browse/RHEL-69455
>
> Laine Stump (12):
> conf: change virDomainHostdevInsert() to return void
> qemu: fix qemu validation to forbid guest-side IP address for
> type='vdpa'
> qemu: validate that model is virtio for vhostuser and vdpa interfaces
> in the same place
> qemu: automatically set model type='virtio' for interface
> type='vhostuser'
> qemu: do all vhostuser attribute validation in qemu driver
> conf/qemu: make <source> element *almost* optional for type=vhostuser
> qemu: use switch instead of if in qemuProcessPrepareDomainNetwork()
> qemu: make qemuPasstCreateSocketPath() public
> qemu: complete vhostuser + passt support
> qemu: fail validation if a domain def has vhostuser/passt but no
> shared mem
> docs: improve type='user' docs to higlight differences between SLIRP
> and passt
> docs: document using passt backend with <interface type='vhostuser'>
>
> docs/formatdomain.rst | 189 +++++++++++++-----
> src/conf/domain_conf.c | 107 +++++-----
> src/conf/domain_conf.h | 2 +-
> src/conf/domain_validate.c | 85 +++-----
> src/conf/schemas/domaincommon.rng | 32 ++-
> src/libxl/libxl_domain.c | 5 +-
> src/libxl/libxl_driver.c | 3 +-
> src/lxc/lxc_driver.c | 3 +-
> src/qemu/qemu_command.c | 7 +-
> src/qemu/qemu_driver.c | 3 +-
> src/qemu/qemu_extdevice.c | 6 +-
> src/qemu/qemu_hotplug.c | 21 +-
> src/qemu/qemu_passt.c | 5 +-
> src/qemu/qemu_passt.h | 3 +
> src/qemu/qemu_postparse.c | 3 +-
> src/qemu/qemu_process.c | 85 +++++---
> src/qemu/qemu_validate.c | 65 ++++--
> ...t-user-slirp-portforward.x86_64-latest.err | 2 +-
> ...vhostuser-passt-no-shmem.x86_64-latest.err | 1 +
> .../net-vhostuser-passt-no-shmem.xml | 70 +++++++
> .../net-vhostuser-passt.x86_64-latest.args | 42 ++++
> .../net-vhostuser-passt.x86_64-latest.xml | 75 +++++++
> tests/qemuxmlconfdata/net-vhostuser-passt.xml | 73 +++++++
> tests/qemuxmlconftest.c | 2 +
> 24 files changed, 657 insertions(+), 232 deletions(-)
> create mode 100644 tests/qemuxmlconfdata/net-vhostuser-passt-no-shmem.x86_64-latest.err
> create mode 100644 tests/qemuxmlconfdata/net-vhostuser-passt-no-shmem.xml
> create mode 100644 tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.args
> create mode 100644 tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.xml
> create mode 100644 tests/qemuxmlconfdata/net-vhostuser-passt.xml
>