From 0c482b25576ac7cd05c2cb5edbde697baae2cea5 Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Wed, 13 Nov 2019 14:48:59 -0800 Subject: [PATCH] qemu-configs: update disable_vhost_net description Updated to better clarify this configuration option. Currently in QEMU pre 1.9 release of Kata, vhost-net is used for the virtio-net backend. This results in efficient network I/O performance, but does rely on the backend running in ring0 (host kernel). Update comment to clarify this trade-off for end-users. Fixes: #2198 Signed-off-by: Eric Ernst --- cli/config/configuration-qemu-virtiofs.toml.in | 5 +++-- cli/config/configuration-qemu.toml.in | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/cli/config/configuration-qemu-virtiofs.toml.in b/cli/config/configuration-qemu-virtiofs.toml.in index da04b4eaab..6a13cebaea 100644 --- a/cli/config/configuration-qemu-virtiofs.toml.in +++ b/cli/config/configuration-qemu-virtiofs.toml.in @@ -212,9 +212,10 @@ enable_iothreads = @DEFENABLEIOTHREADS@ # Default false #hotplug_vfio_on_root_bus = true -# If host doesn't support vhost_net, set to true. Thus we won't create vhost fds for nics. -# Default false +# If vhost-net backend for virtio-net is not desired, set to true. Default is false, which trades off +# security (vhost-net runs ring0) for network I/O performance. #disable_vhost_net = true + # # Default entropy source. # The path to a host source of entropy (including a real hardware RNG) diff --git a/cli/config/configuration-qemu.toml.in b/cli/config/configuration-qemu.toml.in index 3fbbf37910..d38f3a1629 100644 --- a/cli/config/configuration-qemu.toml.in +++ b/cli/config/configuration-qemu.toml.in @@ -213,9 +213,10 @@ enable_iothreads = @DEFENABLEIOTHREADS@ # Default false #hotplug_vfio_on_root_bus = true -# If host doesn't support vhost_net, set to true. Thus we won't create vhost fds for nics. -# Default false +# If vhost-net backend for virtio-net is not desired, set to true. Default is false, which trades off +# security (vhost-net runs ring0) for network I/O performance. #disable_vhost_net = true + # # Default entropy source. # The path to a host source of entropy (including a real hardware RNG)