Add vhost-user infrastructure and API

Dorinda Bassey · Dorinda Bassey · commit ca3349bb08b7 · 2026-02-04T10:36:17.000+01:00
Add vhost-user feature flag, vhost dependency,
and krun_set_vhost_user_rng() API to configure
vhost-user RNG socket path.

Signed-off-by: Dorinda Bassey &lt;dbassey@redhat.com&gt;
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Makefile b/Makefile
@@ -75,6 +75,9 @@ endif
 ifeq ($(INPUT),1)
     FEATURE_FLAGS += --features input
 endif
+ifeq ($(VHOST_USER),1)
+    FEATURE_FLAGS += --features vhost-user
+endif
 ifeq ($(AWS_NITRO),1)
 	VARIANT = -awsnitro
 	FEATURE_FLAGS := --features aws-nitro,net
diff --git a/include/libkrun.h b/include/libkrun.h
@@ -717,6 +717,28 @@ int krun_add_input_device_fd(uint32_t ctx_id, int input_fd);
  */
 int32_t krun_set_snd_device(uint32_t ctx_id, bool enable);
 
+/**
+ * Configure vhost-user RNG device.
+ *
+ * This function sets the socket path for the vhost-user RNG backend.
+ * When configured, libkrun will connect to a vhost-user RNG backend
+ * (such as vhost-device-rng) instead of using the in-process RNG device.
+ *
+ * The vhost-user backend must be running and listening on the specified
+ * socket before starting the VM.
+ *
+ * Arguments:
+ *  "ctx_id"      - the configuration context ID.
+ *  "socket_path" - path to the vhost-user Unix domain socket (e.g., "/tmp/vhost-rng.sock").
+ *
+ * Returns:
+ *  Zero on success or a negative error number on failure.
+ *  -EINVAL  - Invalid socket_path
+ *  -ENOENT  - Context doesn't exist
+ *  -ENOTSUP - vhost-user support not compiled in
+ */
+int32_t krun_set_vhost_user_rng(uint32_t ctx_id, const char *socket_path);
+
 /**
  * Configures a map of rlimits to be set in the guest before starting the isolated binary.
  *
diff --git a/src/devices/Cargo.toml b/src/devices/Cargo.toml
@@ -17,6 +17,7 @@ input = ["zerocopy", "krun_input"]
 virgl_resource_map2 = []
 aws-nitro = []
 test_utils = []
+vhost-user = ["vhost"]
 
 [dependencies]
 bitflags = "1.2.0"
@@ -28,6 +29,7 @@ nix = { version = "0.30.1", features = ["ioctl", "net", "poll", "socket", "fs"]
 pw = { package = "pipewire", version = "0.8.0", optional = true }
 rand = "0.9.2"
 thiserror = { version = "2.0", optional = true }
+vhost = { version = "0.14", optional = true, features = ["vhost-user-frontend"] }
 virtio-bindings = "0.2.0"
 vm-memory = { version = ">=0.13", features = ["backend-mmap"] }
 zerocopy = { version = "0.8.26", optional = true, features = ["derive"] }
diff --git a/src/libkrun/Cargo.toml b/src/libkrun/Cargo.toml
@@ -17,6 +17,7 @@ snd = []
 input = ["krun_input", "vmm/input", "devices/input"]
 virgl_resource_map2 = []
 aws-nitro = [ "dep:aws-nitro", "dep:nitro-enclaves" ]
+vhost-user = ["vmm/vhost-user", "devices/vhost-user"]
 
 [dependencies]
 crossbeam-channel = ">=0.5.15"
diff --git a/src/libkrun/src/lib.rs b/src/libkrun/src/lib.rs
@@ -1773,6 +1773,32 @@ pub unsafe extern "C" fn krun_set_snd_device(ctx_id: u32, enable: bool) -> i32 {
     KRUN_SUCCESS
 }
 
+#[allow(clippy::missing_safety_doc)]
+#[no_mangle]
+#[cfg(feature = "vhost-user")]
+pub unsafe extern "C" fn krun_set_vhost_user_rng(ctx_id: u32, socket_path: *const c_char) -> i32 {
+    let socket_path_str = match CStr::from_ptr(socket_path).to_str() {
+        Ok(s) => s,
+        Err(_) => return -libc::EINVAL,
+    };
+
+    match CTX_MAP.lock().unwrap().entry(ctx_id) {
+        Entry::Occupied(mut ctx_cfg) => {
+            let cfg = ctx_cfg.get_mut();
+            cfg.vmr.vhost_user_rng_socket = Some(socket_path_str.to_string());
+            KRUN_SUCCESS
+        }
+        Entry::Vacant(_) => -libc::ENOENT,
+    }
+}
+
+#[allow(clippy::missing_safety_doc)]
+#[no_mangle]
+#[cfg(not(feature = "vhost-user"))]
+pub unsafe extern "C" fn krun_set_vhost_user_rng(_ctx_id: u32, _socket_path: *const c_char) -> i32 {
+    -libc::ENOTSUP
+}
+
 #[allow(unused_assignments)]
 #[no_mangle]
 pub extern "C" fn krun_get_shutdown_eventfd(ctx_id: u32) -> i32 {
diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml
@@ -15,6 +15,7 @@ gpu = ["krun_display"]
 snd = []
 input = ["krun_input"]
 aws-nitro = []
+vhost-user = ["devices/vhost-user"]
 
 [dependencies]
 crossbeam-channel = ">=0.5.15"
diff --git a/src/vmm/src/resources.rs b/src/vmm/src/resources.rs
@@ -173,6 +173,9 @@ pub struct VmResources {
     #[cfg(feature = "snd")]
     /// Enable the virtio-snd device.
     pub snd_device: bool,
+    #[cfg(feature = "vhost-user")]
+    /// Vhost-user RNG device socket path
+    pub vhost_user_rng_socket: Option<String>,
     /// File to send console output.
     pub console_output: Option<PathBuf>,
     /// SMBIOS OEM Strings
@@ -423,6 +426,8 @@ mod tests {
             input_backends: Vec::new(),
             #[cfg(feature = "snd")]
             snd_device: false,
+            #[cfg(feature = "vhost-user")]
+            vhost_user_rng_socket: None,
             console_output: None,
             smbios_oem_strings: None,
             nested_enabled: false,
