qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Lin Ma <lma@suse.com>
To: qemu-devel@nongnu.org
Cc: quintela@redhat.com, dgilbert@redhat.com, Lin Ma <lma@suse.com>
Subject: [PATCH 1/3] migration: introduce postcopy-uffd-usermode-only capability
Date: Thu, 14 Oct 2021 17:15:49 +0800	[thread overview]
Message-ID: <20211014091551.15201-2-lma@suse.com> (raw)
In-Reply-To: <20211014091551.15201-1-lma@suse.com>

The default value of unprivileged_userfaultfd sysctl knob was changed to
0 since kernel v5.11 by commit d0d4730a:
userfaultfd: add user-mode only option to unprivileged_userfaultfd sysctl knob.

In this mode, An unprivileged user (without SYS_CAP_PTRACE capability) must
pass UFFD_USER_MODE_ONLY to userfaultd or the API will fail with EPERM.

So add a capability to pass UFFD_USER_MODE_ONLY to support it.

Signed-off-by: Lin Ma <lma@suse.com>
---
 migration/migration.c    |  9 +++++++++
 migration/migration.h    |  1 +
 migration/postcopy-ram.c | 22 +++++++++++++++++++---
 qapi/migration.json      |  8 +++++++-
 4 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index 6ac807ef3d..86212dcb70 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -2380,6 +2380,15 @@ bool migrate_postcopy_blocktime(void)
     return s->enabled_capabilities[MIGRATION_CAPABILITY_POSTCOPY_BLOCKTIME];
 }
 
+bool migrate_postcopy_uffd_usermode_only(void)
+{
+    MigrationState *s;
+
+    s = migrate_get_current();
+
+    return s->enabled_capabilities[MIGRATION_CAPABILITY_POSTCOPY_UFFD_USERMODE_ONLY];
+}
+
 bool migrate_use_compression(void)
 {
     MigrationState *s;
diff --git a/migration/migration.h b/migration/migration.h
index 7a5aa8c2fd..a516d7f59f 100644
--- a/migration/migration.h
+++ b/migration/migration.h
@@ -358,6 +358,7 @@ int migrate_decompress_threads(void);
 bool migrate_use_events(void);
 bool migrate_postcopy_blocktime(void);
 bool migrate_background_snapshot(void);
+bool migrate_postcopy_uffd_usermode_only(void);
 
 /* Sending on the return path - generic and then for each message type */
 void migrate_send_rp_shut(MigrationIncomingState *mis,
diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
index 2e9697bdd2..078c558626 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -206,9 +206,14 @@ static bool receive_ufd_features(uint64_t *features)
     struct uffdio_api api_struct = {0};
     int ufd;
     bool ret = true;
+    int flags;
+
+    flags = O_CLOEXEC;
+    if (migrate_postcopy_uffd_usermode_only())
+        flags |= UFFD_USER_MODE_ONLY;
 
     /* if we are here __NR_userfaultfd should exists */
-    ufd = syscall(__NR_userfaultfd, O_CLOEXEC);
+    ufd = syscall(__NR_userfaultfd, flags);
     if (ufd == -1) {
         error_report("%s: syscall __NR_userfaultfd failed: %s", __func__,
                      strerror(errno));
@@ -352,13 +357,18 @@ bool postcopy_ram_supported_by_host(MigrationIncomingState *mis)
     struct uffdio_range range_struct;
     uint64_t feature_mask;
     Error *local_err = NULL;
+    int flags;
 
     if (qemu_target_page_size() > pagesize) {
         error_report("Target page size bigger than host page size");
         goto out;
     }
 
-    ufd = syscall(__NR_userfaultfd, O_CLOEXEC);
+    flags = O_CLOEXEC;
+    if (migrate_postcopy_uffd_usermode_only())
+        flags |= UFFD_USER_MODE_ONLY;
+
+    ufd = syscall(__NR_userfaultfd, flags);
     if (ufd == -1) {
         error_report("%s: userfaultfd not available: %s", __func__,
                      strerror(errno));
@@ -1064,8 +1074,14 @@ retry:
 
 int postcopy_ram_incoming_setup(MigrationIncomingState *mis)
 {
+    int flags;
+
+    flags = O_CLOEXEC | O_NONBLOCK;
+    if (migrate_postcopy_uffd_usermode_only())
+        flags |= UFFD_USER_MODE_ONLY;
+
     /* Open the fd for the kernel to give us userfaults */
-    mis->userfault_fd = syscall(__NR_userfaultfd, O_CLOEXEC | O_NONBLOCK);
+    mis->userfault_fd = syscall(__NR_userfaultfd, flags);
     if (mis->userfault_fd == -1) {
         error_report("%s: Failed to open userfault fd: %s", __func__,
                      strerror(errno));
diff --git a/qapi/migration.json b/qapi/migration.json
index 88f07baedd..3af1ec4cec 100644
--- a/qapi/migration.json
+++ b/qapi/migration.json
@@ -452,6 +452,11 @@
 #                       procedure starts. The VM RAM is saved with running VM.
 #                       (since 6.0)
 #
+# @postcopy-uffd-usermode-only: If enabled, It allows unprivileged users to use
+#                               userfaultfd but with the restriction that page
+#                               faults from only user mode can be handled.
+#                               (since 6.2.0)
+#
 # Since: 1.2
 ##
 { 'enum': 'MigrationCapability',
@@ -459,7 +464,8 @@
            'compress', 'events', 'postcopy-ram', 'x-colo', 'release-ram',
            'block', 'return-path', 'pause-before-switchover', 'multifd',
            'dirty-bitmaps', 'postcopy-blocktime', 'late-block-activate',
-           'x-ignore-shared', 'validate-uuid', 'background-snapshot'] }
+           'x-ignore-shared', 'validate-uuid', 'background-snapshot',
+           'postcopy-uffd-usermode-only'] }
 
 ##
 # @MigrationCapabilityStatus:
-- 
2.26.2



  reply	other threads:[~2021-10-14  9:17 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-14  9:15 [PATCH 0/3] Postcopy migration: Add userfaultfd- user-mode-only capability Lin Ma
2021-10-14  9:15 ` Lin Ma [this message]
2021-10-14  9:15 ` [PATCH 2/3] migration: postcopy-uffd-usermode-only documentation Lin Ma
2021-10-14  9:15 ` [PATCH 3/3] tests: add postcopy-uffd-usermode-only capability into migration-test Lin Ma
2021-10-14 23:43 ` [PATCH 0/3] Postcopy migration: Add userfaultfd- user-mode-only capability Peter Xu
2021-10-15  5:38   ` lma
2021-10-15  6:12     ` Peter Xu
2021-10-15  8:16       ` lma
2021-10-15  8:28         ` Peter Xu
2021-10-15  9:49           ` lma

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211014091551.15201-2-lma@suse.com \
    --to=lma@suse.com \
    --cc=dgilbert@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=quintela@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).