From fbcded1f9d88ebd61690d9052c6bd339f16ce0b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Jane=C5=BEi=C4=8D?= Date: Thu, 23 Apr 2026 21:29:57 +0000 Subject: [PATCH] feat: ephvm-run.sh virtio devices, require kvm explicit virtio-blk-pci (cache=writeback, discard=unmap, detect-zeroes=unmap, aio=threads), virtio-net-pci, virtio-rng-pci for guest entropy. hard-require /dev/kvm and always pass -cpu host; drop the tcg fallback since this host always has kvm. --- scripts/ephvm-run.sh | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/scripts/ephvm-run.sh b/scripts/ephvm-run.sh index 55e5ff0..533e7d4 100755 --- a/scripts/ephvm-run.sh +++ b/scripts/ephvm-run.sh @@ -130,15 +130,13 @@ main() { CLEANUP_OVERLAY=$(mktemp -d) local overlay="$CLEANUP_OVERLAY/overlay.qcow2" qemu-img create -f qcow2 -b "$(realpath "$image")" -F qcow2 "$overlay" "$disk_size" - drive_arg="file=$overlay,format=qcow2" + drive_arg="if=none,id=hd0,file=$overlay,format=qcow2,cache=writeback,aio=threads,discard=unmap,detect-zeroes=unmap" else - drive_arg="file=$image,format=qcow2,snapshot=on" + drive_arg="if=none,id=hd0,file=$image,format=qcow2,snapshot=on,cache=writeback,aio=threads,discard=unmap,detect-zeroes=unmap" fi command -v qemu-system-x86_64 &>/dev/null || die "qemu-system-x86_64 not found" - - local accel="tcg" - [ -r /dev/kvm ] && accel="kvm" + [ -r /dev/kvm ] || die "/dev/kvm not readable; kvm is required" # auto-allocate ssh port unless serial mode if [ "$serial" = false ] && [ -z "$ssh_port" ]; then @@ -148,26 +146,25 @@ main() { done fi - local nic_arg="user" + local nic_arg="user,model=virtio-net-pci" if [ -n "$ssh_port" ]; then - nic_arg="user,hostfwd=tcp:127.0.0.1:${ssh_port}-:22" + nic_arg="user,model=virtio-net-pci,hostfwd=tcp:127.0.0.1:${ssh_port}-:22" fi local -a qemu_args=( qemu-system-x86_64 - -accel "$accel" + -accel kvm + -cpu host -m "$memory" -smp "$cpus" -drive "$drive_arg" + -device "virtio-blk-pci,drive=hd0" + -device virtio-rng-pci -nic "$nic_arg" -nographic -sandbox "on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny" ) - if [ "$accel" != "tcg" ]; then - qemu_args+=(-cpu host) - fi - local fs_id=0 mount_path name tag for mount_path in "${mounts[@]}"; do [ -e "$mount_path" ] || die "--mount path does not exist: $mount_path" @@ -200,7 +197,7 @@ main() { fi info "---" - info "Accel: $accel" + [ -n "$ssh_port" ] && info "SSH: ssh -p $ssh_port matej@localhost" info "---" if [ "$serial" = true ]; then