Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma'

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma'

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma'
Date:	Fri, 15 Nov 2013 12:49:14 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0

On 11/15/2013 12:44 PM, Michael R. Hines wrote:
> On 11/15/2013 02:25 PM, Eric Blake wrote:
>> On 11/15/2013 10:40 AM, Michael R. Hines wrote:
>>> This is unrelated to RDMA - accessing the /dev/infiniband
>>> device nodes is already supported by libvirt my modifying
>>> the configuration file in /etc and that works just fine.
>> http://wiki.qemu.org/Features/RDMALiveMigration states that you modify
>> the .conf file to expose /dev/infiniband/rdma_cm and friends.  Are all
>> of these devices read/write accessible to non-root?  Or is there going
>> to be a problem if using user="qemu" group="qemu"?  (That is, merely
>> exposing the devices through cgroup device ACL checking may be
>> insufficient if you can't access the devices when not running root/root).
> 
> Yes, non-root access is working just fine. Keep in mind that QEMU is no
> different than any other standard HPC application (like MPI programs)
> which perform RDMA operations.
> 
> QEMU is simply another librdmacm/libibverbs user and it does
> not require any special privileges to the device files.
> 
>> Libvirt can be patched so that the .conf file does not have to be edited
>> (ie. change the defaults so that if cgroup_device_acl is not present in
>> the conf file, the defaults could still let a domainaccess the
>> /dev/infiniband devices).
>>
> 
> That would be quite nice! Shall I include that in the next version
> of my libvirt patch?

Yes, if you can.

[rest of this is more for the libvirt list]
Ideally, the access should only be granted at the start of the
migration, and then revoked when no longer needed.  For an example of
granting ACL access while a domain is running, see how
qemuDomainPrepareDiskChainElement() calls qemuSetupDiskCgroup and
qemuTeardownDiskCgroup at appropriate times to alter the cgroup settings
on the fly.  These functions in turn call into virCgroupAllowDevicePath,
and follow it up with an audit log, to make it easy to track through the
audit which devices have been exposed to a guest.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma', mrhines, 2013/11/06
- Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma', Eric Blake, 2013/11/06
- Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma', Daniel P. Berrange, 2013/11/15
  - Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma', Michael R. Hines, 2013/11/15
    - Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma', Eric Blake, 2013/11/15
    - Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma', Michael R. Hines, 2013/11/15
    - Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma', Eric Blake <=
    - Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma', Daniel P. Berrange, 2013/11/16
    - Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma', Paolo Bonzini, 2013/11/22

Prev by Date: Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma'
Next by Date: [Qemu-devel] [PATCH] qtest: Adding -display none to new tests
Previous by thread: Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma'
Next by thread: Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma'
Index(es):
- Date
- Thread