On Thu, Feb 08, 2024 at 04:30:38PM +0100, Jiri Denemark wrote:
/dev/userfaultfd device is preferred over userfaultfd syscall for post-copy migrations. Unless qemu driver is configured to disable mount namespace or to forbid access to /dev/userfaultfd in cgroup_device_acl, we will copy it to the limited /dev filesystem QEMU will have access to and label it appropriately. So in the default configuration post-copy migration will be allowed even without enabling vm.unprivileged_userfaultfd sysctl.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> ---
Notes: The question is what should we do with the src/qemu/postcopy-migration.sysctl file which is installed by libvirt.spec to /usr/lib/sysctl.d/60-qemu-postcopy-migration.conf by default. The file is now useless and should ideally be removed, but only when the host kernel is new enough to support /dev/userfaultfd
Just provide a meson_options.txt entry to disable it, and leave it to be a distro problem to turn off in whatever releases they consider new enough to prefer userfaultfd. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|