Hi,
We are seeing an issue with udambuf, where it says "open /dev/udmabuf: No
such file or directory " even if the device exits. This issue particularly
we are seeing with libvirt. When we run the QEMU args on the command line,
everything works as expected.
It seems to be some permission issue when we use the Libvirt, please help us on
resolving this.
[cid:image001.png at 01D817A5.0151F260]
Libvirt Version: 6.0.0
Host: Ubuntu 21.04
QEMU commands:
qemu-system-x86_64 \
-enable-kvm \
-smp cores=4,threads=2,sockets=1 \
-m 4096 \
-name win-vm-0 \
-cpu host \
-drive
id=windows_drive,if=virtio,file=/win10_enterprise.qcow2,format=qcow2,cache=none
\
-device vfio-pci,host=0000:00:02.2 \
-device e1000,netdev=net0,mac=00:a1:00:00:00:10 \
-netdev user,id=net0,ipv6=off,hostfwd=tcp::1111-:22,hostfwd=tcp::3389-:3389 \
-monitor tcp:127.0.0.1:11111,server,nowait \
-rtc base=localtime \
-usb \
-device usb-tablet \
-device usb-kbd \
-device usb-mouse \
-device virtio-vga,blob=true \
-display gtk,gl=on \
-object memory-backend-memfd,id=mem1,hugetlb=off,size=4096M \
-machine memory-backend=mem1
Libvirt XML:
<?xml version="1.0"?>
<domain xmlns:qemu=http://libvirt.org/schemas/domain/qemu/1.0
type="kvm">
<name>win-vm-0</name>
<memory unit="KiB">4194304</memory>
<currentMemory unit="KiB">4194304</currentMemory>
<memoryBacking supported="yes">
<source type="memfd"/>
</memoryBacking>
<vcpu>6</vcpu>
<os>
<type arch="x86_64" machine="pc">hvm</type>
<boot dev="hd"/>
<boot dev="cdrom"/>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state="on"/>
<vapic state="on"/>
<spinlocks state="on" retries="8191"/>
</hyperv>
<vmport state="off"/>
</features>
<cpu mode="host-model">
<model fallback="forbid"/>
</cpu>
<clock offset="utc">
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type="file" device="disk">
<driver name="qemu" type="qcow2"/>
<source file="/win10_enterprise.qcow2"
index="1"/>
<backingStore/>
<target dev="sda" bus="sata"/>
<alias name="sata0-0-0"/>
<address type="drive" controller="0"
bus="0" target="0" unit="0"/>
</disk>
<interface type="bridge">
<source bridge="br0"/>
<model type="virtio"/>
</interface>
<serial type="pty">
<target port="0"/>
<target type="serial" port="0">
</target>
<alias name="serial0"/>
</serial>
<console type="pty">
<target type="serial" port="0"/>
<alias name="serial0"/>
</console>
<hostdev mode="subsystem" type="pci"
managed="yes">
<driver name="vfio"/>
<source>
<address domain="0x0000" bus="0x00"
slot="0x02" function="0x02"/>
</source>
</hostdev>
</devices>
<qemu:commandline>
<qemu:arg value="-device"/>
<qemu:arg value="virtio-vga,blob=true"/>
<qemu:arg value="-display"/>
<qemu:arg value="gtk,gl=on"/>
<qemu:env name="DISPLAY" value=":1.0"/>
</qemu:commandline>
</domain>
Thanks,
Shiv
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://listman.redhat.com/archives/libvirt-users/attachments/20220201/20583d5d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 234937 bytes
Desc: image001.png
URL:
<http://listman.redhat.com/archives/libvirt-users/attachments/20220201/20583d5d/attachment.png>
On Tue, Feb 01, 2022 at 14:27:55 +0000, M, Shivakumar wrote:> Hi, > > We are seeing an issue with udambuf, where it says "open /dev/udmabuf: No such file or directory " even if the device exits. This issue particularly we are seeing with libvirt. When we run the QEMU args on the command line, everything works as expected. > It seems to be some permission issue when we use the Libvirt, please help us on resolving this.libvirt runs qemu in a mount namespace where we propagate only nodes from /dev/ which are know and used by libvirt so that the qemu proces is confined to only what it needs. Ideally you'll impelemt the support for the 'blob' parameter you are using in a way which allows the use of the appropriate files for qemu:> > Libvirt XML: > <?xml version="1.0"?> > <domain xmlns:qemu=http://libvirt.org/schemas/domain/qemu/1.0 type="kvm"> > <name>win-vm-0</name> > <memory unit="KiB">4194304</memory> > <currentMemory unit="KiB">4194304</currentMemory> > <memoryBacking supported="yes"> > <source type="memfd"/> > </memoryBacking> > <vcpu>6</vcpu> > <os> > <type arch="x86_64" machine="pc">hvm</type> > <boot dev="hd"/> > <boot dev="cdrom"/> > </os> > <features> > <acpi/> > <apic/> > <hyperv> > <relaxed state="on"/> > <vapic state="on"/> > <spinlocks state="on" retries="8191"/> > </hyperv> > <vmport state="off"/> > </features> > <cpu mode="host-model"> > <model fallback="forbid"/> > </cpu> > <clock offset="utc"> > </clock> > <on_poweroff>destroy</on_poweroff> > <on_reboot>restart</on_reboot> > <on_crash>destroy</on_crash> > <devices> > <emulator>/usr/bin/qemu-system-x86_64</emulator> > <disk type="file" device="disk"> > <driver name="qemu" type="qcow2"/> > <source file="/win10_enterprise.qcow2" index="1"/> > <backingStore/> > <target dev="sda" bus="sata"/> > <alias name="sata0-0-0"/> > <address type="drive" controller="0" bus="0" target="0" unit="0"/> > </disk> > <interface type="bridge"> > <source bridge="br0"/> > <model type="virtio"/> > </interface> > <serial type="pty"> > <target port="0"/> > <target type="serial" port="0"> > </target> > <alias name="serial0"/> > </serial> > <console type="pty"> > <target type="serial" port="0"/> > <alias name="serial0"/> > </console> > <hostdev mode="subsystem" type="pci" managed="yes"> > <driver name="vfio"/> > <source> > <address domain="0x0000" bus="0x00" slot="0x02" function="0x02"/> > </source> > </hostdev> > </devices> > <qemu:commandline> > <qemu:arg value="-device"/> > <qemu:arg value="virtio-vga,blob=true"/> > <qemu:arg value="-display"/> > <qemu:arg value="gtk,gl=on"/> > <qemu:env name="DISPLAY" value=":1.0"/>Libvirt doesn't interpret this in any way so you'll need to implement support for what you want. Alternatively as a proof-of-concept/workaround you can set the 'cgroup_device_acl' setting in /etc/libvirt/qemu.conf. But as noted that is not really a supportable solution.
On Tue, Feb 01, 2022 at 02:27:55PM +0000, M, Shivakumar wrote:> Hi, > > We are seeing an issue with udambuf, where it says "open /dev/udmabuf: No such file or directory " even if the device exits. This issue particularly we are seeing with libvirt. When we run the QEMU args on the command line, everything works as expected. > It seems to be some permission issue when we use the Libvirt, please help us on resolving this.When libvirt launches QEMU it puts in place a number of strict security protections. Libvirt will grant access on a per-file basis to resources on the host that QEMU should be allowed to access based on the device configuration in the XML. In your case though you're using command line passthrough:> <qemu:commandline> > <qemu:arg value="-device"/> > <qemu:arg value="virtio-vga,blob=true"/> > <qemu:arg value="-display"/> > <qemu:arg value="gtk,gl=on"/> > <qemu:env name="DISPLAY" value=":1.0"/> > </qemu:commandline>This is totally opaque to libvirt and so libvirt won't be granting access to any resources needed by these args. I'm assuming /dev/udmabuf is needed by the GTK display for GL support, or something along those lines. For further information about your options please consult this page: https://libvirt.org/kbase/qemu-passthrough-security.html Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|