From d804408ef9044aeb0d73b2e83fc044c5fff3c86d Mon Sep 17 00:00:00 2001
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 2 Dec 2021 15:43:27 +0100
Subject: [PATCH] qemu: Enable unprivileged userfaultfd for post-copy migration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Userfaultfd is by default allowed only for privileged processes. Since
libvirt runs QEMU unprivileged, we need to enable unprivileged access to
userfaultfd to enable post-copy migration.

https://bugzilla.redhat.com/show_bug.cgi?id=1945420

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
 libvirt.spec.in                    | 1 +
 src/qemu/meson.build               | 8 ++++++++
 src/qemu/postcopy-migration.sysctl | 6 ++++++
 3 files changed, 15 insertions(+)
 create mode 100644 src/qemu/postcopy-migration.sysctl

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 5a079cdaf3..3aa4cc75b5 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1859,6 +1859,7 @@ exit 0
 %files daemon-driver-qemu
 %config(noreplace) %{_sysconfdir}/sysconfig/virtqemud
 %config(noreplace) %{_sysconfdir}/libvirt/virtqemud.conf
+%config(noreplace) %{_prefix}/lib/sysctl.d/60-qemu-postcopy-migration.conf
 %{_datadir}/augeas/lenses/virtqemud.aug
 %{_datadir}/augeas/lenses/tests/test_virtqemud.aug
 %{_unitdir}/virtqemud.service
diff --git a/src/qemu/meson.build b/src/qemu/meson.build
index 3898d23877..66ef594006 100644
--- a/src/qemu/meson.build
+++ b/src/qemu/meson.build
@@ -170,6 +170,14 @@ if conf.has('WITH_QEMU')
     'file': files('virtqemud.sysconf'),
   }
 
+  if conf.has('WITH_SYSCTL')
+    install_data(
+      'postcopy-migration.sysctl',
+      install_dir: prefix / 'lib' / 'sysctl.d',
+      rename: [ '60-qemu-postcopy-migration.conf' ],
+    )
+  endif
+
   virt_install_dirs += [
     localstatedir / 'lib' / 'libvirt' / 'qemu',
     runstatedir / 'libvirt' / 'qemu',
diff --git a/src/qemu/postcopy-migration.sysctl b/src/qemu/postcopy-migration.sysctl
new file mode 100644
index 0000000000..aa8f015ae0
--- /dev/null
+++ b/src/qemu/postcopy-migration.sysctl
@@ -0,0 +1,6 @@
+# This is needed to support post-copy migration for QEMU run by libvirt,
+# i.e., unprivileged, as userfaultfd is by default only available to
+# privileged processes.
+# It can be safely overridden by a file in /etc/sysctl.d/ in case post-copy
+# migration is not used on the host.
+vm.unprivileged_userfaultfd = 1