Skip to content

qemu: Add --allow-mmap to virtiofsd for mmap support #201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cgwalters merged 1 commit into from
Feb 2, 2026
Merged

qemu: Add --allow-mmap to virtiofsd for mmap support #201

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions crates/integration-tests/src/tests/run_ephemeral.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,45 @@ fn test_run_ephemeral_centos_uki() -> Result<()> {
}
integration_test!(test_run_ephemeral_centos_uki);

/// Test that mmap() works on virtiofs files
///
/// The --allow-mmap flag (added to virtiofsd) negotiates FUSE_DIRECT_IO_ALLOW_MMAP
/// with the kernel (requires kernel 6.2+), allowing mmap() on virtiofs files.
/// Without this flag, mmap() returns ENODEV when --cache=never is used.
///
/// This test verifies that shared libraries can be loaded (which requires mmap())
/// and that we can explicitly mmap a file from the virtiofs root.
fn test_run_ephemeral_virtiofs_mmap() -> Result<()> {
let sh = shell()?;
let bck = get_bck_command()?;
let image = get_test_image();
let label = INTEGRATION_TEST_LABEL;

// Test that mmap works by running a dynamically linked binary.
// Loading shared libraries requires mmap() - if virtiofs mmap doesn't work,
// dynamically linked binaries will fail to execute.
//
// We use python3 to explicitly test mmap() on a virtiofs file (/etc/os-release).
// This directly validates that the --allow-mmap flag is working.
let script =
"python3 -c 'import mmap; f=open(\"/etc/os-release\",\"rb\"); m=mmap.mmap(f.fileno(),0,access=mmap.ACCESS_READ); print(\"MMAP_SUCCESS\" if b\"ID=\" in m.read(100) else \"MMAP_FAIL\")'";

let stdout = cmd!(
sh,
"{bck} ephemeral run --rm --label {label} --execute {script} {image}"
)
.read()?;

assert!(
stdout.contains("MMAP_SUCCESS"),
"mmap test should succeed - if this fails, --allow-mmap may not be working: {}",
stdout
);

Ok(())
}
integration_test!(test_run_ephemeral_virtiofs_mmap);

/// Test that ephemeral VMs have the expected mount layout:
/// - / is read-only virtiofs
/// - /etc is overlayfs with tmpfs upper (writable)
Expand Down
6 changes: 5 additions & 1 deletion crates/kit/src/qemu.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -923,8 +923,12 @@ pub async fn spawn_virtiofsd_async(config: &VirtiofsConfig) -> Result<tokio::pro
config.socket_path.as_str(),
"--shared-dir",
config.shared_dir.as_str(),
// Ensure we don't hit fd exhaustion
// Ensure we don't hit fd exhaustion; see commit 50e7601.
"--cache=never",
// Allowing mmap is needed in the general case for loading shared libraries
// etc. This flag negotiates FUSE_DIRECT_IO_ALLOW_MMAP with the kernel (requires kernel 6.2+).
// Per the documentation this is safe because the underlying filesystem tree is immutable.
"--allow-mmap",
// We always run in a container
"--sandbox=none",
]);
Expand Down