From nobody Tue Dec 16 11:45:52 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1743166528; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Pla6Mtk7+M/peoC+eBliSva7Nqoqws8aGocziw6lZlXcgItu6c7ZgJ9riSXCaBzABUCVu8WA131FVU1Br2A8EQd004+huYMeSuHZlM+/PdjDJWlfSvHMcK48KWjjCytMhj2LR/Q18F1AuhHWdGlMItydGc2tJ+k5YJGuFM3tAt4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1743166528;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id;
	bh=YmjdGYP3+1T8safZp70UYUEagmMdE+G145u8Ixd2RjI=;
	b=OhtWimpYjUefjFi0zXrL+VOegtiJUE1giVNfPK91GDpJplw9VFuWQD3f8ou1HFEq8MO/URvhxdyZknBcUmNOIQi5eqG4kuAOJ84xWT6VY8BVx1dZA9TVeZvcjkiNqFI1ezDZBKnaFKyIelWI8B0e/V/EZTqGJUzG1dpw5qCOz3A=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1743166528166106.70969152533587;
 Fri, 28 Mar 2025 05:55:28 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 334C81384; Fri, 28 Mar 2025 08:55:27 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id A3DFE1300;
	Fri, 28 Mar 2025 08:53:08 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 44627126C; Fri, 28 Mar 2025 08:53:02 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 1B1F7130D
	for <devel@lists.libvirt.org>; Fri, 28 Mar 2025 08:52:50 -0400 (EDT)
Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-171-txymJWGfOHWyXuoxH2zbxg-1; Fri,
 28 Mar 2025 08:52:48 -0400
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 6A90D19560B0
	for <devel@lists.libvirt.org>; Fri, 28 Mar 2025 12:52:47 +0000 (UTC)
Received: from speedmetal.lan (unknown [10.44.22.8])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 60C7C1828AA8;
	Fri, 28 Mar 2025 12:52:46 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,
	RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1743166369;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Si/4q1xChIg5VGjgEagj0aNIBnJ7V4D8vSbABS9laoo=;
	b=FXMUT1MjRyMhi8GDfihpEph6SNA8fabwK5gsXeY2zkPpNHqUDAVlTc5NjLASeQASmHE1eu
	yg+nIKQS8HbcrMiHBvwk8e8rY2zxvS7sgbl1uxydjsW96m55Pp8/zWk5OpqPu5u9NtMofr
	rtTanbh3Nk2qJks2HIRK/hdigXydqo8=
X-MC-Unique: txymJWGfOHWyXuoxH2zbxg-1
X-Mimecast-MFC-AGG-ID: txymJWGfOHWyXuoxH2zbxg_1743166367
To: devel@lists.libvirt.org
Subject: [PATCH 6/8] backup: Add support for passing server socket file
 descriptor to backup NBD server
Date: Fri, 28 Mar 2025 13:52:32 +0100
Message-ID: 
 <8b027390f4cb8c19e628ed30ffb8cd2daf3943d0.1743166287.git.pkrempa@redhat.com>
In-Reply-To: <cover.1743166287.git.pkrempa@redhat.com>
References: <cover.1743166287.git.pkrempa@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: H02L-KUK69VJr1la-3KCgbNuzOcy7xFptgM28XYjoAw_1743166367
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: EREYBG6R5QH7TPZZUMQNUC4NY2PMYIDC
X-Message-ID-Hash: EREYBG6R5QH7TPZZUMQNUC4NY2PMYIDC
X-MailFrom: pkrempa@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
CC: Peter Krempa <pkrempa@redhat.com>
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/EREYBG6R5QH7TPZZUMQNUC4NY2PMYIDC/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Peter Krempa via Devel <devel@lists.libvirt.org>
Reply-To: Peter Krempa <pkrempa@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1743166530089019100
Content-Type: text/plain; charset="utf-8"

From: Peter Krempa <pkrempa@redhat.com>

In deployments where libvirt is containerized together with the VM it
may be hard for the management application to access listening sockets
inside the container from the outside.

This patch implements "transport=3D'fd'" for the NBD server definition for
backups which allows to use the existing "virDomainFDAssociate()" to
pass FD to a pre-opened server socket to qemu instead of trying to
create it by qemu.

Add schema, enable the parser, add formatter and implemet the actual
passing for the qemu backup code.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 docs/formatbackup.rst             | 21 +++++++++++++++++++++
 src/conf/backup_conf.c            |  3 ++-
 src/conf/schemas/domainbackup.rng |  6 ++++++
 src/qemu/qemu_backup.c            | 27 +++++++++++++++++++++++++++
 4 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/docs/formatbackup.rst b/docs/formatbackup.rst
index 02847fd5d4..155a45a22f 100644
--- a/docs/formatbackup.rst
+++ b/docs/formatbackup.rst
@@ -1,3 +1,5 @@
+ .. role:: since
+
 Backup XML format
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

@@ -42,6 +44,25 @@ were supplied). The following child elements and attribu=
tes are supported:
    necessary to set up an NBD server that exposes the content of each disk=
 at
    the time the backup is started.

+   In addition to the above the NBD server used for backups allows using
+   ``transport=3D'fd' fdgroup=3D'NAME'`` where ``NAME`` is the name used w=
ith
+   ``virDomainFDAssociate()`` to pass a pre-opened server socket file desc=
riptor
+   to qemu. :since:`Since 11.3.0`
+
+   Example code to pass a socket with libvirt-python bindings::
+
+     import socket
+     import libvirt
+
+     s =3D socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+     s.bind("/path/to/socket")
+
+     fdlist =3D [ s.fileno() ]
+
+     conn =3D libvirt.open()
+     dom =3D conn.lookupByName("VMNAME")
+     dom.FDAssociate("NAME", fdlist)
+
    Note that for the QEMU hypervisor the TLS environment in controlled usi=
ng
    ``backup_tls_x509_cert_dir``, ``backup_tls_x509_verify``, and
    ``backup_tls_x509_secret_uuid`` properties in ``/etc/libvirt/qemu.conf`=
`.
diff --git a/src/conf/backup_conf.c b/src/conf/backup_conf.c
index 1bdfbfa3d6..b20292af3d 100644
--- a/src/conf/backup_conf.c
+++ b/src/conf/backup_conf.c
@@ -228,7 +228,7 @@ virDomainBackupDefParseXML(xmlXPathContextPtr ctxt,

         def->server =3D g_new0(virStorageNetHostDef, 1);

-        if (virDomainStorageNetworkParseHost(node, def->server, false) < 0)
+        if (virDomainStorageNetworkParseHost(node, def->server, true) < 0)
             return NULL;

         if (def->server->transport =3D=3D VIR_STORAGE_NET_HOST_TRANS_RDMA)=
 {
@@ -388,6 +388,7 @@ virDomainBackupDefFormat(virBuffer *buf,
         if (def->server->port)
             virBufferAsprintf(&serverAttrBuf, " port=3D'%u'", def->server-=
>port);
         virBufferEscapeString(&serverAttrBuf, " socket=3D'%s'", def->serve=
r->socket);
+        virBufferEscapeString(&serverAttrBuf, " fdgroup=3D'%s'", def->serv=
er->fdgroup);
     }

     virXMLFormatElement(&childBuf, "server", &serverAttrBuf, NULL);
diff --git a/src/conf/schemas/domainbackup.rng b/src/conf/schemas/domainbac=
kup.rng
index 80ba155aad..91cf2a7bbd 100644
--- a/src/conf/schemas/domainbackup.rng
+++ b/src/conf/schemas/domainbackup.rng
@@ -90,6 +90,12 @@
                       <ref name=3D"absFilePath"/>
                     </attribute>
                   </group>
+                  <group>
+                    <attribute name=3D"transport">
+                      <value>fd</value>
+                    </attribute>
+                    <attribute name=3D"fdgroup"/>
+                  </group>
                 </choice>
               </element>
               <ref name=3D"backupDisksPull"/>
diff --git a/src/qemu/qemu_backup.c b/src/qemu/qemu_backup.c
index 2935153cdf..f6ee31dc2a 100644
--- a/src/qemu/qemu_backup.c
+++ b/src/qemu/qemu_backup.c
@@ -761,6 +761,7 @@ qemuBackupBegin(virDomainObj *vm,
     bool reuse =3D (flags & VIR_DOMAIN_BACKUP_BEGIN_REUSE_EXTERNAL);
     int rc =3D 0;
     int ret =3D -1;
+    g_autoptr(qemuFDPassDirect) fdpass =3D NULL;

     virCheckFlags(VIR_DOMAIN_BACKUP_BEGIN_REUSE_EXTERNAL, -1);

@@ -847,6 +848,29 @@ qemuBackupBegin(virDomainObj *vm,

     priv->backup =3D g_steal_pointer(&def);

+    if (pull && priv->backup->server->fdgroup) {
+        virStorageSourceFDTuple *fdt =3D NULL;
+        VIR_AUTOCLOSE fdcopy =3D -1;
+
+        if (!(fdt =3D virHashLookup(priv->fds, priv->backup->server->fdgro=
up))) {
+            virReportError(VIR_ERR_INVALID_ARG,
+                           _("file descriptor group '%1$s' was not associa=
ted with the domain"),
+                           priv->backup->server->fdgroup);
+            goto endjob;
+        }
+
+        if (fdt->nfds !=3D 1) {
+            virReportError(VIR_ERR_INVALID_ARG,
+                           _("file descriptor group '%1$s' must contain on=
ly 1 file descriptor for NBD server"),
+                           priv->backup->server->fdgroup);
+            goto endjob;
+        }
+
+        priv->backup->server->qemu_fdname =3D g_strdup("libvirt-backup-nbd=
");
+        fdcopy =3D dup(fdt->fds[0]);
+        fdpass =3D qemuFDPassDirectNew(priv->backup->server->qemu_fdname, =
&fdcopy);
+    }
+
     if (qemuDomainObjEnterMonitorAsync(vm, VIR_ASYNC_JOB_BACKUP) < 0)
         goto endjob;

@@ -857,6 +881,9 @@ qemuBackupBegin(virDomainObj *vm,
         if (rc =3D=3D 0 && tlsProps)
             rc =3D qemuMonitorAddObject(priv->mon, &tlsProps, &tlsAlias);

+        if (rc =3D=3D 0 && fdpass)
+            rc =3D qemuFDPassDirectTransferMonitor(fdpass, priv->mon);
+
         if (rc =3D=3D 0) {
             if ((rc =3D qemuMonitorNBDServerStart(priv->mon, priv->backup-=
>server, tlsAlias)) =3D=3D 0)
                 nbd_running =3D true;
--=20
2.49.0