From 7ffdf87f44ae20be4f2a1d1d18b4da969414edc2 Mon Sep 17 00:00:00 2001 Message-ID: <7ffdf87f44ae20be4f2a1d1d18b4da969414edc2.1739824249.git.jdenemar@redhat.com> From: Laine Stump Date: Wed, 12 Feb 2025 16:16:44 -0500 Subject: [PATCH] qemu: complete vhostuser + passt support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit needs to run the passt command just as is done for interface type='user', but then add vhostuser bits to the qemu commandline/monitor command. There are some changes to the parsing/validation along with changes to the vhostuser codepath do do the extra stuff for passt. I tried keeping them separated into different patches, but then the unit test failed in a strange way deep down in the bowels of the commandline generation, so this patch both 1) makes the final changes to parsing/formatting and 2) adds passt stuff at appropriate places for vhostuser (as well as making a couple of things *not* happen when the passt backend is chosen). The result is that you can now have: ... Then as long as you also have the following as a subelement of : your passt interfaces will benefit from the greatly improved efficiency of a vhost-user data path, and all without requiring special privileges or capabilities *anywhere* (i.e. it works for unprivileged libvirt (qemu:///session) as well as privileged libvirt). Resolves: https://issues.redhat.com/browse/RHEL-69455 Signed-off-by: Laine Stump Reviewed-by: Ján Tomko (cherry picked from commit 1e9054b9c79d721a55f413c2983c5370044f8f60) https://issues.redhat.com/browse/RHEL-69455 Signed-off-by: Laine Stump --- src/conf/domain_conf.c | 36 ++++++--- src/conf/domain_validate.c | 77 +++++++------------ src/conf/schemas/domaincommon.rng | 32 +++++++- src/qemu/qemu_command.c | 7 +- src/qemu/qemu_extdevice.c | 6 +- src/qemu/qemu_hotplug.c | 21 ++++- src/qemu/qemu_passt.c | 3 + src/qemu/qemu_process.c | 15 +++- src/qemu/qemu_validate.c | 7 +- ...t-user-slirp-portforward.x86_64-latest.err | 2 +- .../net-vhostuser-passt.x86_64-latest.args | 42 ++++++++++ .../net-vhostuser-passt.x86_64-latest.xml | 72 +++++++++++++++++ tests/qemuxmlconfdata/net-vhostuser-passt.xml | 70 +++++++++++++++++ tests/qemuxmlconftest.c | 1 + 14 files changed, 317 insertions(+), 74 deletions(-) create mode 100644 tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/net-vhostuser-passt.xml diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index b1e9dda80e..095b9bbaa2 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -9448,9 +9448,25 @@ virDomainNetBackendParseXML(xmlNodePtr node, g_autofree char *tap = virXMLPropString(node, "tap"); g_autofree char *vhost = virXMLPropString(node, "vhost"); - /* The VIR_DOMAIN_NET_BACKEND_DEFAULT really means 'use hypervisor's - * builtin SLIRP'. It's reported in domain caps and thus we need to accept - * it. Hence VIR_XML_PROP_NONE instead of VIR_XML_PROP_NONZERO. */ + /* In the case of NET_TYPE_USER, backend type can be unspecified + * (i.e. VIR_DOMAIN_NET_BACKEND_DEFAULT) and that means 'use + * hypervisor's builtin SLIRP (or if that isn't available, use + * passt)'. Similarly, it can also be left unspecified in the case + * of NET_TYPE_VHOSTUSER, and then it means "use the traditional + * vhost-user backend (which auto-detects between connecting to a + * socket created by OVS, or connecting to a standalone socket + * used (mostly in testing) to connect the vhost-user interface of + * one guest directly to the vhost-user interface of another + * guest. + * + * If backend type is set to 'passt', then in both cases a passt + * process will be started, and libvirt will connect that to the + * guest interface (either communicating everything over the + * socket created by passt using a specific-to-passt protocol + * (interface type='user'>), or by using the socket for control + * plane messages and shared memory for data using the vhost-user + * protocol ()). + */ if (virXMLPropEnum(node, "type", virDomainNetBackendTypeFromString, VIR_XML_PROP_NONE, &def->backend.type) < 0) { return -1; @@ -24581,7 +24597,11 @@ virDomainNetDefFormat(virBuffer *buf, break; case VIR_DOMAIN_NET_TYPE_VHOSTUSER: - if (def->data.vhostuser->type == VIR_DOMAIN_CHR_TYPE_UNIX) { + if (def->data.vhostuser->type == VIR_DOMAIN_CHR_TYPE_UNIX && + def->backend.type != VIR_DOMAIN_NET_BACKEND_PASST) { + /* in the case of BACKEND_PASST, the values of all of these are either + * fixed (type, mode, reconnect), or derived from elsewhere (path) + */ virBufferAddLit(&sourceAttrBuf, " type='unix'"); virBufferEscapeString(&sourceAttrBuf, " path='%s'", def->data.vhostuser->data.nix.path); @@ -24592,7 +24612,6 @@ virDomainNetDefFormat(virBuffer *buf, virDomainChrSourceReconnectDefFormat(&sourceChildBuf, &def->data.vhostuser->data.nix.reconnect); } - } break; @@ -24654,15 +24673,14 @@ virDomainNetDefFormat(virBuffer *buf, } case VIR_DOMAIN_NET_TYPE_USER: - if (def->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) - virBufferEscapeString(&sourceAttrBuf, " dev='%s'", def->sourceDev); - break; - case VIR_DOMAIN_NET_TYPE_NULL: case VIR_DOMAIN_NET_TYPE_LAST: break; } + if (def->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) + virBufferEscapeString(&sourceAttrBuf, " dev='%s'", def->sourceDev); + if (def->hostIP.nips || def->hostIP.nroutes) { if (virDomainNetIPInfoFormat(&sourceChildBuf, &def->hostIP) < 0) return -1; diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index dacde1f780..597ae3d938 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -2157,67 +2157,46 @@ virDomainNetDefValidate(const virDomainNetDef *net) return -1; } - if (net->type != VIR_DOMAIN_NET_TYPE_USER) { + if (net->type != VIR_DOMAIN_NET_TYPE_USER && + net->type != VIR_DOMAIN_NET_TYPE_VHOSTUSER) { if (net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("The 'passt' backend can only be used with interface type='user'")); + _("The 'passt' backend can only be used with interface type='user' or type='vhostuser'")); return -1; } } - if (net->nPortForwards > 0 && - (net->type != VIR_DOMAIN_NET_TYPE_USER || - (net->type == VIR_DOMAIN_NET_TYPE_USER && - net->backend.type != VIR_DOMAIN_NET_BACKEND_PASST))) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("The element can only be used with and its 'passt' backend")); - return -1; - } + if (net->nPortForwards > 0) { + size_t p; - if (!virNetDevBandwidthValidate(net->bandwidth)) { - return -1; - } + if ((net->type != VIR_DOMAIN_NET_TYPE_USER && + net->type != VIR_DOMAIN_NET_TYPE_VHOSTUSER) || + net->backend.type != VIR_DOMAIN_NET_BACKEND_PASST) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("The element can only be used with the 'passt' backend of interface type='user' or type='vhostuser'")); + return -1; + } - switch (net->type) { - case VIR_DOMAIN_NET_TYPE_USER: - if (net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) { - size_t p; - - for (p = 0; p < net->nPortForwards; p++) { - size_t r; - virDomainNetPortForward *pf = net->portForwards[p]; - - for (r = 0; r < pf->nRanges; r++) { - virDomainNetPortForwardRange *range = pf->ranges[r]; - - if (!range->start - && (range->end || range->to - || range->exclude != VIR_TRISTATE_BOOL_ABSENT)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("The 'range' of a 'portForward' requires 'start' attribute if 'end', 'to', or 'exclude' is specified")); - return -1; - } + for (p = 0; p < net->nPortForwards; p++) { + size_t r; + virDomainNetPortForward *pf = net->portForwards[p]; + + for (r = 0; r < pf->nRanges; r++) { + virDomainNetPortForwardRange *range = pf->ranges[r]; + + if (!range->start + && (range->end || range->to + || range->exclude != VIR_TRISTATE_BOOL_ABSENT)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("The 'range' of a 'portForward' requires 'start' attribute if 'end', 'to', or 'exclude' is specified")); + return -1; } } } - break; + } - case VIR_DOMAIN_NET_TYPE_VHOSTUSER: - case VIR_DOMAIN_NET_TYPE_NETWORK: - case VIR_DOMAIN_NET_TYPE_VDPA: - case VIR_DOMAIN_NET_TYPE_BRIDGE: - case VIR_DOMAIN_NET_TYPE_CLIENT: - case VIR_DOMAIN_NET_TYPE_SERVER: - case VIR_DOMAIN_NET_TYPE_MCAST: - case VIR_DOMAIN_NET_TYPE_UDP: - case VIR_DOMAIN_NET_TYPE_INTERNAL: - case VIR_DOMAIN_NET_TYPE_DIRECT: - case VIR_DOMAIN_NET_TYPE_HOSTDEV: - case VIR_DOMAIN_NET_TYPE_VDS: - case VIR_DOMAIN_NET_TYPE_ETHERNET: - case VIR_DOMAIN_NET_TYPE_NULL: - case VIR_DOMAIN_NET_TYPE_LAST: - break; + if (!virNetDevBandwidthValidate(net->bandwidth)) { + return -1; } return 0; diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng index cbc093ca7b..d433e95d8b 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -3486,8 +3486,36 @@ - - + + + + unix + + + + + + + + + + + server + client + + + + + + + + + + + + + + diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 1f28de6194..24dac0ce0f 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -8617,11 +8617,12 @@ qemuBuildInterfaceCommandLine(virQEMUDriver *driver, if (qemuInterfaceVhostuserConnect(cmd, net, qemuCaps) < 0) goto cleanup; - if (virNetDevOpenvswitchGetVhostuserIfname(net->data.vhostuser->data.nix.path, + if (net->backend.type != VIR_DOMAIN_NET_BACKEND_PASST && + virNetDevOpenvswitchGetVhostuserIfname(net->data.vhostuser->data.nix.path, net->data.vhostuser->data.nix.listen, - &net->ifname) < 0) + &net->ifname) < 0) { goto cleanup; - + } break; case VIR_DOMAIN_NET_TYPE_VDPA: diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c index 954cb323a4..2384bab7a6 100644 --- a/src/qemu/qemu_extdevice.c +++ b/src/qemu/qemu_extdevice.c @@ -212,13 +212,15 @@ qemuExtDevicesStart(virQEMUDriver *driver, for (i = 0; i < def->nnets; i++) { virDomainNetDef *net = def->nets[i]; - if (net->type != VIR_DOMAIN_NET_TYPE_USER) + if (net->type != VIR_DOMAIN_NET_TYPE_USER && + net->type != VIR_DOMAIN_NET_TYPE_VHOSTUSER) { continue; + } if (net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) { if (qemuPasstStart(vm, net) < 0) return -1; - } else { + } else if (net->type == VIR_DOMAIN_NET_TYPE_USER) { if (qemuSlirpStart(vm, net, incomingMigration) < 0) return -1; } diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index de0777d330..c8746f5e22 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1262,10 +1262,23 @@ qemuDomainAttachNetDevice(virQEMUDriver *driver, if (!(charDevAlias = qemuAliasChardevFromDevAlias(net->info.alias))) goto cleanup; - if (virNetDevOpenvswitchGetVhostuserIfname(net->data.vhostuser->data.nix.path, - net->data.vhostuser->data.nix.listen, - &net->ifname) < 0) - goto cleanup; + if (net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) { + + /* vhostuser needs socket path in this location, and when + * backend is passt, the path is derived from other info, + * not taken from config. + */ + g_free(net->data.vhostuser->data.nix.path); + net->data.vhostuser->data.nix.path = qemuPasstCreateSocketPath(vm, net); + + if (qemuPasstStart(vm, net) < 0) + goto cleanup; + } else { + if (virNetDevOpenvswitchGetVhostuserIfname(net->data.vhostuser->data.nix.path, + net->data.vhostuser->data.nix.listen, + &net->ifname) < 0) + goto cleanup; + } if (qemuSecuritySetNetdevLabel(driver, vm, net) < 0) goto cleanup; diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c index 8a3ac4e988..b9616d1c63 100644 --- a/src/qemu/qemu_passt.c +++ b/src/qemu/qemu_passt.c @@ -180,6 +180,9 @@ qemuPasstStart(virDomainObj *vm, virCommandClearCaps(cmd); + if (virDomainNetGetActualType(net) == VIR_DOMAIN_NET_TYPE_VHOSTUSER) + virCommandAddArg(cmd, "--vhost-user"); + virCommandAddArgList(cmd, "--one-off", "--socket", passtSocketName, diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 26ca943dfc..7285fd5ce9 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -64,6 +64,7 @@ #include "qemu_backup.h" #include "qemu_dbus.h" #include "qemu_snapshot.h" +#include "qemu_passt.h" #include "cpu/cpu.h" #include "cpu/cpu_x86.h" @@ -5932,12 +5933,23 @@ qemuProcessPrepareDomainNetwork(virDomainObj *vm) } break; + case VIR_DOMAIN_NET_TYPE_VHOSTUSER: + if (net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) { + /* when using the passt backend, the path of the + * unix socket is always derived from other info + * *not* manually given in the config, but all the + * vhostuser code looks for it there. + */ + g_free(net->data.vhostuser->data.nix.path); + net->data.vhostuser->data.nix.path = qemuPasstCreateSocketPath(vm, net); + } + break; + case VIR_DOMAIN_NET_TYPE_DIRECT: case VIR_DOMAIN_NET_TYPE_BRIDGE: case VIR_DOMAIN_NET_TYPE_NETWORK: case VIR_DOMAIN_NET_TYPE_ETHERNET: case VIR_DOMAIN_NET_TYPE_USER: - case VIR_DOMAIN_NET_TYPE_VHOSTUSER: case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: @@ -5949,7 +5961,6 @@ qemuProcessPrepareDomainNetwork(virDomainObj *vm) case VIR_DOMAIN_NET_TYPE_LAST: break; } - } return 0; } diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index eb8c5366f6..f33c0c07b4 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1736,7 +1736,9 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net, return -1; } - if (net->type == VIR_DOMAIN_NET_TYPE_USER) { + if (net->type == VIR_DOMAIN_NET_TYPE_USER || + (net->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER && + net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST)) { virDomainCapsDeviceNet netCaps = { }; virQEMUCapsFillDomainDeviceNetCaps(qemuCaps, &netCaps); @@ -1811,7 +1813,8 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net, } if (net->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER) { - if (!net->data.vhostuser->data.nix.path) { + if (!net->data.vhostuser->data.nix.path && + net->backend.type != VIR_DOMAIN_NET_BACKEND_PASST) { virReportError(VIR_ERR_XML_ERROR, _("Missing required attribute '%1$s' in element '%2$s'"), "path", "source"); diff --git a/tests/qemuxmlconfdata/net-user-slirp-portforward.x86_64-latest.err b/tests/qemuxmlconfdata/net-user-slirp-portforward.x86_64-latest.err index eaa934742e..e231677e57 100644 --- a/tests/qemuxmlconfdata/net-user-slirp-portforward.x86_64-latest.err +++ b/tests/qemuxmlconfdata/net-user-slirp-portforward.x86_64-latest.err @@ -1 +1 @@ -unsupported configuration: The element can only be used with and its 'passt' backend +unsupported configuration: The element can only be used with the 'passt' backend of interface type='user' or type='vhostuser' diff --git a/tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.args b/tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.args new file mode 100644 index 0000000000..21d78d6072 --- /dev/null +++ b/tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.args @@ -0,0 +1,42 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1 \ +USER=test \ +LOGNAME=test \ +XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=QEMUGuest1,debug-threads=on \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \ +-machine pc,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=off \ +-accel tcg \ +-cpu qemu64 \ +-m size=219136k \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \ +-overcommit mem-lock=off \ +-smp 1,sockets=1,cores=1,threads=1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \ +-mon chardev=charmonitor,id=monitor,mode=control \ +-rtc base=utc \ +-no-shutdown \ +-boot strict=on \ +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","read-only":false}' \ +-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-storage","id":"ide0-0-0","bootindex":1}' \ +-chardev socket,id=charnet0,path=/var/run/libvirt/qemu/passt/-1-QEMUGuest1-net0.socket \ +-netdev '{"type":"vhost-user","chardev":"charnet0","id":"hostnet0"}' \ +-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"00:11:22:33:44:55","bus":"pci.0","addr":"0x2"}' \ +-chardev socket,id=charnet1,path=/var/run/libvirt/qemu/passt/-1-QEMUGuest1-net1.socket \ +-netdev '{"type":"vhost-user","chardev":"charnet1","id":"hostnet1"}' \ +-device '{"driver":"virtio-net-pci","netdev":"hostnet1","id":"net1","mac":"00:11:22:33:44:11","bus":"pci.0","addr":"0x3"}' \ +-chardev socket,id=charnet2,path=/var/run/libvirt/qemu/passt/-1-QEMUGuest1-net2.socket \ +-netdev '{"type":"vhost-user","chardev":"charnet2","id":"hostnet2"}' \ +-device '{"driver":"virtio-net-pci","netdev":"hostnet2","id":"net2","mac":"00:11:22:33:44:11","bus":"pci.0","addr":"0x4"}' \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ +-msg timestamp=on diff --git a/tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.xml b/tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.xml new file mode 100644 index 0000000000..26aa4c8d05 --- /dev/null +++ b/tests/qemuxmlconfdata/net-vhostuser-passt.x86_64-latest.xml @@ -0,0 +1,72 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + qemu64 + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
+ + + + + +
+ + + +