[v3] qemu: Enable unprivileged userfaultfd for post-copy migration

[libvirt PATCH v3] qemu: Enable unprivileged userfaultfd for post-copy migration

Posted by Jiri Denemark 2 years, 4 months ago

Userfaultfd is by default allowed only for privileged processes. Since
libvirt runs QEMU unprivileged, we need to enable unprivileged access to
userfaultfd to enable post-copy migration.

https://bugzilla.redhat.com/show_bug.cgi?id=1945420

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---

Notes:
    If you wonder about the 60-* prefix of the installed sysctl file, we already
    install 60-libvirtd.conf so I think it makes sense to use the same prefix for
    all sysctl configuration installed by libvirt.
    
    Version 2:
    - setting unprivileged_userfaultfd only when it is not already enabled
    - virReportSystemError replaced with VIR_WARN
    
    Version 3:
    - set the knob via a sysctl conf file instead

 libvirt.spec.in                    | 1 +
 src/qemu/meson.build               | 8 ++++++++
 src/qemu/postcopy-migration.sysctl | 6 ++++++
 3 files changed, 15 insertions(+)
 create mode 100644 src/qemu/postcopy-migration.sysctl

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 5a079cdaf3..3aa4cc75b5 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1859,6 +1859,7 @@ exit 0
 %files daemon-driver-qemu
 %config(noreplace) %{_sysconfdir}/sysconfig/virtqemud
 %config(noreplace) %{_sysconfdir}/libvirt/virtqemud.conf
+%config(noreplace) %{_prefix}/lib/sysctl.d/60-qemu-postcopy-migration.conf
 %{_datadir}/augeas/lenses/virtqemud.aug
 %{_datadir}/augeas/lenses/tests/test_virtqemud.aug
 %{_unitdir}/virtqemud.service
diff --git a/src/qemu/meson.build b/src/qemu/meson.build
index 3898d23877..66ef594006 100644
--- a/src/qemu/meson.build
+++ b/src/qemu/meson.build
@@ -170,6 +170,14 @@ if conf.has('WITH_QEMU')
     'file': files('virtqemud.sysconf'),
   }
 
+  if conf.has('WITH_SYSCTL')
+    install_data(
+      'postcopy-migration.sysctl',
+      install_dir: prefix / 'lib' / 'sysctl.d',
+      rename: [ '60-qemu-postcopy-migration.conf' ],
+    )
+  endif
+
   virt_install_dirs += [
     localstatedir / 'lib' / 'libvirt' / 'qemu',
     runstatedir / 'libvirt' / 'qemu',
diff --git a/src/qemu/postcopy-migration.sysctl b/src/qemu/postcopy-migration.sysctl
new file mode 100644
index 0000000000..aa8f015ae0
--- /dev/null
+++ b/src/qemu/postcopy-migration.sysctl
@@ -0,0 +1,6 @@
+# This is needed to support post-copy migration for QEMU run by libvirt,
+# i.e., unprivileged, as userfaultfd is by default only available to
+# privileged processes.
+# It can be safely overridden by a file in /etc/sysctl.d/ in case post-copy
+# migration is not used on the host.
+vm.unprivileged_userfaultfd = 1
-- 
2.34.1

Re: [libvirt PATCH v3] qemu: Enable unprivileged userfaultfd for post-copy migration

Posted by Daniel P. Berrangé 2 years, 4 months ago

On Tue, Dec 07, 2021 at 03:00:31PM +0100, Jiri Denemark wrote:
> Userfaultfd is by default allowed only for privileged processes. Since
> libvirt runs QEMU unprivileged, we need to enable unprivileged access to
> userfaultfd to enable post-copy migration.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1945420
> 
> Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


> Notes:
>     If you wonder about the 60-* prefix of the installed sysctl file, we already
>     install 60-libvirtd.conf so I think it makes sense to use the same prefix for
>     all sysctl configuration installed by libvirt.

Yep, 50-* is often used by common distro defaults, so 60 makes
sense and leaves space for users to override.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|