From nobody Thu May  9 19:36:35 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1707821077778627.080846505729;
 Tue, 13 Feb 2024 02:44:37 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id A407F1B70; Tue, 13 Feb 2024 05:44:36 -0500 (EST)
Received: from lists.libvirt.org.85.43.8.in-addr.arpa (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 64CBB1B3B;
	Tue, 13 Feb 2024 05:39:53 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 01D4019FB; Tue, 13 Feb 2024 05:39:35 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 091CE19D0
	for <devel@lists.libvirt.org>; Tue, 13 Feb 2024 05:39:32 -0500 (EST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-283-Mth54dEVO5eptwNsDjSXMg-1; Tue, 13 Feb 2024 05:39:31 -0500
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BD3B585A58F
	for <devel@lists.libvirt.org>; Tue, 13 Feb 2024 10:39:30 +0000 (UTC)
Received: from orkuz (unknown [10.43.3.115])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 8139A28D
	for <devel@lists.libvirt.org>; Tue, 13 Feb 2024 10:39:30 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,
	T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
	version=3.4.4
X-MC-Unique: Mth54dEVO5eptwNsDjSXMg-1
From: Jiri Denemark <jdenemar@redhat.com>
To: devel@lists.libvirt.org
Subject: [libvirt PATCH v2 1/3] qemu: Add support for /dev/userfaultfd
Date: Tue, 13 Feb 2024 11:39:25 +0100
Message-ID: 
 <4abb5fce5496aeefa6645f109bfdc29c388f6edc.1707820732.git.jdenemar@redhat.com>
In-Reply-To: <cover.1707820732.git.jdenemar@redhat.com>
References: <cover.1707820732.git.jdenemar@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: 5IXLQIDN53CQYAN46LRXLYJWXYPH3XPI
X-Message-ID-Hash: 5IXLQIDN53CQYAN46LRXLYJWXYPH3XPI
X-MailFrom: jdenemar@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/5IXLQIDN53CQYAN46LRXLYJWXYPH3XPI/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1707821079860100001

/dev/userfaultfd device is preferred over userfaultfd syscall for
post-copy migrations. Unless qemu driver is configured to disable mount
namespace or to forbid access to /dev/userfaultfd in cgroup_device_acl,
we will copy it to the limited /dev filesystem QEMU will have access to
and label it appropriately. So in the default configuration post-copy
migration will be allowed even without enabling
vm.unprivileged_userfaultfd sysctl.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 src/qemu/qemu.conf.in              |  3 +-
 src/qemu/qemu_cgroup.c             |  1 +
 src/qemu/qemu_process.c            | 38 +++++++++++++++++++++++++
 src/qemu/qemu_security.c           | 45 ++++++++++++++++++++++++++++++
 src/qemu/qemu_security.h           |  5 ++++
 src/qemu/test_libvirtd_qemu.aug.in |  1 +
 6 files changed, 92 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
index 34025a02ef..f406df8749 100644
--- a/src/qemu/qemu.conf.in
+++ b/src/qemu/qemu.conf.in
@@ -565,7 +565,8 @@
 #cgroup_device_acl =3D [
 #    "/dev/null", "/dev/full", "/dev/zero",
 #    "/dev/random", "/dev/urandom",
-#    "/dev/ptmx", "/dev/kvm"
+#    "/dev/ptmx", "/dev/kvm",
+#    "/dev/userfaultfd"
 #]
 #
 # RDMA migration requires the following extra files to be added to the lis=
t:
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 47402b3750..5a5ba763a0 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -41,6 +41,7 @@ const char *const defaultDeviceACL[] =3D {
     "/dev/null", "/dev/full", "/dev/zero",
     "/dev/random", "/dev/urandom",
     "/dev/ptmx", "/dev/kvm",
+    "/dev/userfaultfd",
     NULL,
 };
 #define DEVICE_PTY_MAJOR 136
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 0a6c18a671..6e51d6586b 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2882,6 +2882,40 @@ qemuProcessStartManagedPRDaemon(virDomainObj *vm)
 }
=20
=20
+static int
+qemuProcessAllowPostCopyMigration(virDomainObj *vm)
+{
+    qemuDomainObjPrivate *priv =3D vm->privateData;
+    virQEMUDriver *driver =3D priv->driver;
+    g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver);
+    const char *const *devices =3D (const char *const *) cfg->cgroupDevice=
ACL;
+    const char *uffd =3D "/dev/userfaultfd";
+    int rc;
+
+    if (!virFileExists(uffd)) {
+        VIR_DEBUG("%s is not supported by the host", uffd);
+        return 0;
+    }
+
+    if (!devices)
+        devices =3D defaultDeviceACL;
+
+    if (!g_strv_contains(devices, uffd)) {
+        VIR_DEBUG("%s is not allowed by device ACL", uffd);
+        return 0;
+    }
+
+    VIR_DEBUG("Labeling %s in mount namespace", uffd);
+    if ((rc =3D qemuSecurityDomainSetMountNSPathLabel(driver, vm, uffd)) <=
 0)
+        return -1;
+
+    if (rc =3D=3D 1)
+        VIR_DEBUG("Mount namespace is not enabled, leaving %s as is", uffd=
);
+
+    return 0;
+}
+
+
 static int
 qemuProcessInitPasswords(virQEMUDriver *driver,
                          virDomainObj *vm,
@@ -7802,6 +7836,10 @@ qemuProcessLaunch(virConnectPtr conn,
         qemuProcessStartManagedPRDaemon(vm) < 0)
         goto cleanup;
=20
+    VIR_DEBUG("Setting up permissions to allow post-copy migration");
+    if (qemuProcessAllowPostCopyMigration(vm) < 0)
+        goto cleanup;
+
     VIR_DEBUG("Setting domain security labels");
     if (qemuSecuritySetAllLabel(driver,
                                 vm,
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index 8bcef14d08..4aaa863ae9 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -615,6 +615,51 @@ qemuSecurityDomainRestorePathLabel(virQEMUDriver *driv=
er,
 }
=20
=20
+/**
+ * qemuSecurityDomainSetMountNSPathLabel:
+ *
+ * Label given path in mount namespace. If mount namespace is not enabled,
+ * nothing is labeled at all.
+ *
+ * Because the label is only applied in mount namespace, there's no need to
+ * restore it.
+ *
+ * Returns 0 on success,
+ *         1 when mount namespace is not enabled,
+ *        -1 on error.
+ */
+int
+qemuSecurityDomainSetMountNSPathLabel(virQEMUDriver *driver,
+                                      virDomainObj *vm,
+                                      const char *path)
+{
+    int ret =3D -1;
+
+    if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) {
+        VIR_DEBUG("Not labeling '%s': mount namespace disabled for domain =
'%s'",
+                  path, vm->def->name);
+        return 1;
+    }
+
+    if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerDomainSetPathLabel(driver->securityManager,
+                                             vm->def, path, false) < 0)
+        goto cleanup;
+
+    if (virSecurityManagerTransactionCommit(driver->securityManager,
+                                            vm->pid, false) < 0)
+        goto cleanup;
+
+    ret =3D 0;
+
+ cleanup:
+    virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
+}
+
+
 /**
  * qemuSecurityCommandRun:
  * @driver: the QEMU driver
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 10f11771b4..41da33debc 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -110,6 +110,11 @@ int qemuSecurityDomainRestorePathLabel(virQEMUDriver *=
driver,
                                        virDomainObj *vm,
                                        const char *path);
=20
+int
+qemuSecurityDomainSetMountNSPathLabel(virQEMUDriver *driver,
+                                      virDomainObj *vm,
+                                      const char *path);
+
 int qemuSecurityCommandRun(virQEMUDriver *driver,
                            virDomainObj *vm,
                            virCommand *cmd,
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe=
mu.aug.in
index e4cfde6cc7..b97e6de11e 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -67,6 +67,7 @@ module Test_libvirtd_qemu =3D
     { "5" =3D "/dev/urandom" }
     { "6" =3D "/dev/ptmx" }
     { "7" =3D "/dev/kvm" }
+    { "8" =3D "/dev/userfaultfd" }
 }
 { "save_image_format" =3D "raw" }
 { "dump_image_format" =3D "raw" }
--=20
2.43.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org
From nobody Thu May  9 19:36:35 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1707820955385253.1082065414945;
 Tue, 13 Feb 2024 02:42:35 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 4F7B21A16; Tue, 13 Feb 2024 05:42:34 -0500 (EST)
Received: from lists.libvirt.org.85.43.8.in-addr.arpa (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 0F8291AE1;
	Tue, 13 Feb 2024 05:39:43 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 8044E1A03; Tue, 13 Feb 2024 05:39:34 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id D5A3A18D2
	for <devel@lists.libvirt.org>; Tue, 13 Feb 2024 05:39:33 -0500 (EST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-640-UNLB7SuaNpq60WQO8JKK-g-1; Tue, 13 Feb 2024 05:39:31 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B036A83B7E8
	for <devel@lists.libvirt.org>; Tue, 13 Feb 2024 10:39:31 +0000 (UTC)
Received: from orkuz (unknown [10.43.3.115])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 74533C185C1
	for <devel@lists.libvirt.org>; Tue, 13 Feb 2024 10:39:31 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
X-MC-Unique: UNLB7SuaNpq60WQO8JKK-g-1
From: Jiri Denemark <jdenemar@redhat.com>
To: devel@lists.libvirt.org
Subject: [libvirt PATCH v2 2/3] build: Add userfaultfd_sysctl build option
Date: Tue, 13 Feb 2024 11:39:26 +0100
Message-ID: 
 <3eb438b88971f48a3231c910e77d6f05c34e6ba1.1707820732.git.jdenemar@redhat.com>
In-Reply-To: <cover.1707820732.git.jdenemar@redhat.com>
References: <cover.1707820732.git.jdenemar@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: XPT2ZCUXDB2PV3TQIROMSC3KAPMR54BZ
X-Message-ID-Hash: XPT2ZCUXDB2PV3TQIROMSC3KAPMR54BZ
X-MailFrom: jdenemar@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/XPT2ZCUXDB2PV3TQIROMSC3KAPMR54BZ/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1707820957511100001

This option controls whether the sysctl config for enabling unprivileged
userfaultfd will be installed.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 meson.build          | 8 ++++++++
 meson_options.txt    | 1 +
 src/qemu/meson.build | 2 +-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index e1c70fce92..dbd9cad6df 100644
--- a/meson.build
+++ b/meson.build
@@ -2019,6 +2019,12 @@ elif get_option('sysctl_config').enabled()
   error('sysctl configuration is supported only on linux')
 endif
=20
+if not get_option('userfaultfd_sysctl').disabled() and conf.has('WITH_SYSC=
TL')
+  conf.set('WITH_USERFAULTFD_SYSCTL', 1)
+elif get_option('userfaultfd_sysctl').enabled()
+  error('userfaultfd_sysctl option requires sysctl_config to be enabled')
+endif
+
 conf.set_quoted('TLS_PRIORITY', get_option('tls_priority'))
=20
=20
@@ -2318,6 +2324,8 @@ misc_summary =3D {
   'virt-login-shell': conf.has('WITH_LOGIN_SHELL'),
   'virt-host-validate': conf.has('WITH_HOST_VALIDATE'),
   'TLS priority': conf.get_unquoted('TLS_PRIORITY'),
+  'sysctl config': conf.has('WITH_SYSCTL'),
+  'userfaultfd sysctl': conf.has('WITH_USERFAULTFD_SYSCTL'),
 }
 summary(misc_summary, section: 'Miscellaneous', bool_yn: true, list_sep: '=
 ')
=20
diff --git a/meson_options.txt b/meson_options.txt
index 182e28b3d1..ed91d97abf 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -108,4 +108,5 @@ option('nbdkit', type: 'feature', value: 'auto', descri=
ption: 'Build nbdkit stor
 option('nbdkit_config_default', type: 'feature', value: 'auto', descriptio=
n: 'Whether to use nbdkit storage backend for network disks by default (con=
figurable)')
 option('pm_utils', type: 'feature', value: 'auto', description: 'use pm-ut=
ils for power management')
 option('sysctl_config', type: 'feature', value: 'auto', description: 'Whet=
her to install sysctl configs')
+option('userfaultfd_sysctl', type: 'feature', value: 'auto', description: =
'Whether to install sysctl config for enabling unprivileged userfaultfd')
 option('tls_priority', type: 'string', value: 'NORMAL', description: 'set =
the default TLS session priority string')
diff --git a/src/qemu/meson.build b/src/qemu/meson.build
index 4c3e1dee78..faea656502 100644
--- a/src/qemu/meson.build
+++ b/src/qemu/meson.build
@@ -202,7 +202,7 @@ if conf.has('WITH_QEMU')
     'in_file': files('virtqemud.init.in'),
   }
=20
-  if conf.has('WITH_SYSCTL')
+  if conf.has('WITH_USERFAULTFD_SYSCTL')
     install_data(
       'postcopy-migration.sysctl',
       install_dir: prefix / 'lib' / 'sysctl.d',
--=20
2.43.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org
From nobody Thu May  9 19:36:35 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1707821162918263.48665636892815;
 Tue, 13 Feb 2024 02:46:02 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id B218018D2; Tue, 13 Feb 2024 05:45:59 -0500 (EST)
Received: from lists.libvirt.org.85.43.8.in-addr.arpa (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 74C201B48;
	Tue, 13 Feb 2024 05:40:02 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 014AC19D0; Tue, 13 Feb 2024 05:39:36 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 1E51A18D2
	for <devel@lists.libvirt.org>; Tue, 13 Feb 2024 05:39:35 -0500 (EST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-644-4jgJ-j9DOp2FwJKFX-YP2g-1; Tue, 13 Feb 2024 05:39:32 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A349D83B7E5
	for <devel@lists.libvirt.org>; Tue, 13 Feb 2024 10:39:32 +0000 (UTC)
Received: from orkuz (unknown [10.43.3.115])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 66B371C060B1
	for <devel@lists.libvirt.org>; Tue, 13 Feb 2024 10:39:32 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
X-MC-Unique: 4jgJ-j9DOp2FwJKFX-YP2g-1
From: Jiri Denemark <jdenemar@redhat.com>
To: devel@lists.libvirt.org
Subject: [libvirt PATCH v2 3/3] spec: Disable with_userfaultfd_sysctl on
 Fedora and RHEL-9
Date: Tue, 13 Feb 2024 11:39:27 +0100
Message-ID: 
 <f03f48daa80acf0327e6974479544a3a6b059d2f.1707820732.git.jdenemar@redhat.com>
In-Reply-To: <cover.1707820732.git.jdenemar@redhat.com>
References: <cover.1707820732.git.jdenemar@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: WPC22WVE4MLWTXOSDZLMQCFCFP27BATC
X-Message-ID-Hash: WPC22WVE4MLWTXOSDZLMQCFCFP27BATC
X-MailFrom: jdenemar@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/WPC22WVE4MLWTXOSDZLMQCFCFP27BATC/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1707821164089100001

All supported versions of Fedora and RHEL >=3D 9.0 support
/dev/userfaultfd.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 libvirt.spec.in | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 8413e3c19a..6701f7b6e9 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -90,6 +90,7 @@
=20
 # Other optional features
 %define with_numactl          0%{!?_without_numactl:1}
+%define with_userfaultfd_sysctl 0%{!?_without_userfaultfd_sysctl:1}
=20
 # A few optional bits off by default, we enable later
 %define with_fuse             0
@@ -246,6 +247,12 @@
     %define enable_werror -Dwerror=3Dfalse -Dgit_werror=3Ddisabled
 %endif
=20
+# Fedora and RHEL-9 are new enough to support /dev/userfaultfd, which
+# does not require enabling vm.unprivileged_userfaultfd sysctl.
+%if 0%{?fedora} || 0%{?rhel} >=3D 9
+    %define with_userfaultfd_sysctl 0
+%endif
+
 %define tls_priority "@LIBVIRT,SYSTEM"
=20
 # libvirt 8.1.0 stops distributing any sysconfig files.
@@ -1276,6 +1283,12 @@ exit 1
     %define arg_remote_mode -Dremote_default_mode=3Dlegacy
 %endif
=20
+%if %{with_userfaultfd_sysctl}
+    %define arg_userfaultfd_sysctl -Duserfaultfd_sysctl=3Denabled
+%else
+    %define arg_userfaultfd_sysctl -Duserfaultfd_sysctl=3Ddisabled
+%endif
+
 %define when  %(date +"%%F-%%T")
 %define where %(hostname)
 %define who   %{?packager}%{!?packager:Unknown}
@@ -1355,6 +1368,7 @@ export SOURCE_DATE_EPOCH=3D$(stat --printf=3D'%Y' %{_=
specdir}/libvirt.spec)
            -Dqemu_moddir=3D%{qemu_moddir} \
            -Dqemu_datadir=3D%{qemu_datadir} \
            -Dtls_priority=3D%{tls_priority} \
+           %{?arg_userfaultfd_sysctl} \
            %{?enable_werror} \
            -Dexpensive_tests=3Denabled \
            -Dinit_script=3Dsystemd \
@@ -2211,7 +2225,9 @@ exit 0
     %if %{with_qemu}
 %files daemon-driver-qemu
 %config(noreplace) %{_sysconfdir}/libvirt/virtqemud.conf
+        %if %{with_userfaultfd_sysctl}
 %config(noreplace) %{_prefix}/lib/sysctl.d/60-qemu-postcopy-migration.conf
+        %endif
 %{_datadir}/augeas/lenses/virtqemud.aug
 %{_datadir}/augeas/lenses/tests/test_virtqemud.aug
 %{_unitdir}/virtqemud.service
--=20
2.43.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org