Should Qemu monitor be enabled by default

Should Qemu monitor be enabled by default

[You, Yongkang]

Hi Christian,

We noticed you removed the Qemu's default monitor & serial console in changeset 14609. As we didn't use qemu serial console frequently and also has "xm console", it can be removed. But for qemu monitor, I think we'd better to keep it by default, it is because it has become the important function of HVM.

1. We have to use monitor to switch CD-ROM files. This is significant when installation with multi CDs.
2. We need to use monitor to send the short combined keys to HVM (e.g. ctrl-alt-delete, ctrl-alt-f2 etc.). This is a "couldn't dropped" feature of HVM. :)

So, how about adding it back? 

Best Regards,
Yongkang (Kangkang) 永康

RE: Should Qemu monitor be enabled by default

[You, Yongkang]

Hi Christian and Daniel, 

I have read the original discussion about the security purpose concern for removing the ioemu monitor. For the CD-ROM configuration, if we only give 'r' readonly permission to hdc:cdrom device, user can not write to the file directly.

For example:
disk = [ 'file:/var/image1,hda,w', 'file:/var/boot.iso,hdc:cdrom,r' ]

Best Regards,
Yongkang (Kangkang) 永康

>-----Original Message-----
>From: xen-devel-bounces@lists.xensource.com
>[mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of You,
>Yongkang
>Sent: 2007年4月10日 11:36
>To: Christian Limpach
>Cc: xen-devel@lists.xensource.com
>Subject: [Xen-devel] Should Qemu monitor be enabled by default
>
>Hi Christian,
>
>We noticed you removed the Qemu's default monitor & serial console in
>changeset 14609. As we didn't use qemu serial console frequently and also
>has "xm console", it can be removed. But for qemu monitor, I think we'd better
>to keep it by default, it is because it has become the important function of
>HVM.
>
>1. We have to use monitor to switch CD-ROM files. This is significant when
>installation with multi CDs.
>2. We need to use monitor to send the short combined keys to HVM (e.g.
>ctrl-alt-delete, ctrl-alt-f2 etc.). This is a "couldn't dropped" feature of HVM. :)
>
>So, how about adding it back?
>
>Best Regards,
>Yongkang (Kangkang) 永康
>
>_______________________________________________
>Xen-devel mailing list
>Xen-devel@lists.xensource.com
>http://lists.xensource.com/xen-devel

Re: Should Qemu monitor be enabled by default

[Keir Fraser]

The right answer here is to plumb the qemu monitor interface into xend, and
provide a method for accessing the interesting monitor commands from xm.
It's already assumed that an xm user is privileged. This also provides a
more consistent administrator experience: requiring to issue some commands
directly at the qemu monitor interface is kinda cheesy.

 -- Keir

On 10/4/07 06:34, "You, Yongkang" <yongkang.you@intel.com> wrote:

> Hi Christian and Daniel,
> 
> I have read the original discussion about the security purpose concern for
> removing the ioemu monitor. For the CD-ROM configuration, if we only give 'r'
> readonly permission to hdc:cdrom device, user can not write to the file
> directly.
> 
> For example:
> disk = [ 'file:/var/image1,hda,w', 'file:/var/boot.iso,hdc:cdrom,r' ]
> 
> Best Regards,
> Yongkang (Kangkang) 永康
> 
>> -----Original Message-----
>> From: xen-devel-bounces@lists.xensource.com
>> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of You,
>> Yongkang
>> Sent: 2007年4月10日 11:36
>> To: Christian Limpach
>> Cc: xen-devel@lists.xensource.com
>> Subject: [Xen-devel] Should Qemu monitor be enabled by default
>> 
>> Hi Christian,
>> 
>> We noticed you removed the Qemu's default monitor & serial console in
>> changeset 14609. As we didn't use qemu serial console frequently and also
>> has "xm console", it can be removed. But for qemu monitor, I think we'd
>> better
>> to keep it by default, it is because it has become the important function of
>> HVM.
>> 
>> 1. We have to use monitor to switch CD-ROM files. This is significant when
>> installation with multi CDs.
>> 2. We need to use monitor to send the short combined keys to HVM (e.g.
>> ctrl-alt-delete, ctrl-alt-f2 etc.). This is a "couldn't dropped" feature of
>> HVM. :)
>> 
>> So, how about adding it back?
>> 
>> Best Regards,
>> Yongkang (Kangkang) 永康
>> 
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

Re: Should Qemu monitor be enabled by default

[Christian Limpach]

On 4/10/07, You, Yongkang <yongkang.you@intel.com> wrote:
> We noticed you removed the Qemu's default monitor & serial console in changeset 14609. As we didn't use qemu serial console frequently and also has "xm console", it can be removed. But for qemu monitor, I think we'd better to keep it by default, it is because it has become the important function of HVM.
>
> 1. We have to use monitor to switch CD-ROM files. This is significant when installation with multi CDs.
> 2. We need to use monitor to send the short combined keys to HVM (e.g. ctrl-alt-delete, ctrl-alt-f2 etc.). This is a "couldn't dropped" feature of HVM. :)
>
> So, how about adding it back?

Well, we can't change the default back, because that would not be secure.

There's xm block-configure which lets you switch CD-ROM files.

And there's a few things which could be done to further improve things:
- plumb through the monitor option to the domain config file and the
xend config file
- fix xm console so it can connect to the monitor pty
- add an xm send-key command

   christian

RE: Should Qemu monitor be enabled by default

[You, Yongkang]

So many thanks for Keir and Christian's reply. 

>
>There's xm block-configure which lets you switch CD-ROM files.
>
>And there's a few things which could be done to further improve things:

Did you have any plan for this? :)

>- plumb through the monitor option to the domain config file and the
>xend config file
>- fix xm console so it can connect to the monitor pty

The xm console is to connect HVM serial console. Will it be changed to
get monitor pty? 

>- add an xm send-key command
>

Re: Should Qemu monitor be enabled by default

[Christian Limpach]

On 4/10/07, You, Yongkang <yongkang.you@intel.com> wrote:
> >- plumb through the monitor option to the domain config file and the
> >xend config file
> >- fix xm console so it can connect to the monitor pty
>
> The xm console is to connect HVM serial console. Will it be changed to
> get monitor pty?

I was thinking it would be neat if you could specify which pty to
connect to.  qemu already writes the information about all the pty's
it creates into xenstore (/local/domain/<id>/monitor/tty).  Right now
xm console always connects you to the tty at console/tty, it would be
great to have an option to let you connect to the monitor or
additional serial/parallel ports instead.

    christian

Re: Should Qemu monitor be enabled by default

[Hidetoshi Nishi]

Hi all.

On our team side, we would like to resuem the Qemu's monitor and         
serial console as YongKang-san remarks.

For HVM domain, we need Qemu's monitor to install guest's OS from 　　   
multi CDs.

We not make sure that xm block-configure supports to switch CD-ROMs
using latest unstable code.

We would like to keep the Qemu's monitor and serial console until
xm block-configure works well.


Thank you.                                      Nishi
　

>On 4/10/07, You, Yongkang <yongkang.you@intel.com> wrote:
>> We noticed you removed the Qemu's default monitor & serial console in 
>> changeset 14609. As we didn't use qemu serial console frequently and also
>>  has "xm console", it can be removed. But for qemu monitor, I think we'd 
>> better to keep it by default, it is because it has become the important 
>> function of HVM.
>>
>> 1. We have to use monitor to switch CD-ROM files. This is significant 
>> when installation with multi CDs.
>> 2. We need to use monitor to send the short combined keys to HVM (e.g. 
>> ctrl-alt-delete, ctrl-alt-f2 etc.). This is a "couldn't dropped" feature 
>> of HVM. :)
>>
>> So, how about adding it back?
>
>Well, we can't change the default back, because that would not be secure.
>
>There's xm block-configure which lets you switch CD-ROM files.
>
>And there's a few things which could be done to further improve things:
>- plumb through the monitor option to the domain config file and the
>xend config file
>- fix xm console so it can connect to the monitor pty
>- add an xm send-key command
>
>   christian
>
>_______________________________________________
>Xen-devel mailing list
>Xen-devel@lists.xensource.com
>http://lists.xensource.com/xen-devel

Re: Should Qemu monitor be enabled by default

[Atsushi SAKAI]

Hi, Christian

  Your suggested xm block-configure cannot solve this problem.
(to switch the CDROM from guest Domain.)

Please explain how to do this.

If not, suggested patch should revert it 
until xm block-configure works.

Thanks
Atsushi SAKAI


> There's xm block-configure which lets you switch CD-ROM files.

Re: Should Qemu monitor be enabled by default

[Christian Limpach]

On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
>  Your suggested xm block-configure cannot solve this problem.
> (to switch the CDROM from guest Domain.)
>
> Please explain how to do this.

xm block-configure <vm-name> file:/path/to/the.iso hdd:cdrom r
where hdd is a cdrom which was configured at boot time (',hdd:cdrom,r'
in the disk list, doesn't need to be empty, but it can).

> If not, suggested patch should revert it
> until xm block-configure works.

Making the monitor option configurable from the config file is really
not that hard, since there's plenty of other options which you can set
in the config file and which result in options getting added to the
qemu command line.  The serial option is a good example of how to do
this.

    christian

Re: Should Qemu monitor be enabled by default

[Atsushi SAKAI]

Hi, christian

Thank you for consider config file option for domHVM.

Are you try xm block-configure for physical devices(phy:/dev/cdrom)?
(not file(file:))

Thanks
Atsushi SAKAI

"Christian Limpach" <christian.limpach@gmail.com> wrote:

> On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
> >  Your suggested xm block-configure cannot solve this problem.
> > (to switch the CDROM from guest Domain.)
> >
> > Please explain how to do this.
> 
> xm block-configure <vm-name> file:/path/to/the.iso hdd:cdrom r
> where hdd is a cdrom which was configured at boot time (',hdd:cdrom,r'
> in the disk list, doesn't need to be empty, but it can).
> 
> > If not, suggested patch should revert it
> > until xm block-configure works.
> 
> Making the monitor option configurable from the config file is really
> not that hard, since there's plenty of other options which you can set
> in the config file and which result in options getting added to the
> qemu command line.  The serial option is a good example of how to do
> this.
> 
>     christian
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

Re: Should Qemu monitor be enabled by default

[Atsushi SAKAI]

Hi, christian

Note In add,

I am not succeed xm block-configure for physical devices(CDROM)
 at Fedora7test3.

Thanks
Atsushi SAKAI


Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:

> Hi, christian
> 
> Thank you for consider config file option for domHVM.
> 
> Are you try xm block-configure for physical devices(phy:/dev/cdrom)?
> (not file(file:))
> 
> Thanks
> Atsushi SAKAI
> 
> "Christian Limpach" <christian.limpach@gmail.com> wrote:
> 
> > On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
> > >  Your suggested xm block-configure cannot solve this problem.
> > > (to switch the CDROM from guest Domain.)
> > >
> > > Please explain how to do this.
> > 
> > xm block-configure <vm-name> file:/path/to/the.iso hdd:cdrom r
> > where hdd is a cdrom which was configured at boot time (',hdd:cdrom,r'
> > in the disk list, doesn't need to be empty, but it can).
> > 
> > > If not, suggested patch should revert it
> > > until xm block-configure works.
> > 
> > Making the monitor option configurable from the config file is really
> > not that hard, since there's plenty of other options which you can set
> > in the config file and which result in options getting added to the
> > qemu command line.  The serial option is a good example of how to do
> > this.
> > 
> >     christian
> > 
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xensource.com
> > http://lists.xensource.com/xen-devel
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

Re: Should Qemu monitor be enabled by default

[Christian Limpach]

On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
> Thank you for consider config file option for domHVM.

I was hoping that you or one of the other people who are so desperate
for getting access to the monitor back was going to create a patch...

> Are you try xm block-configure for physical devices(phy:/dev/cdrom)?
> (not file(file:))

Works for me.

    christian

>
> Thanks
> Atsushi SAKAI
>
> "Christian Limpach" <christian.limpach@gmail.com> wrote:
>
> > On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
> > >  Your suggested xm block-configure cannot solve this problem.
> > > (to switch the CDROM from guest Domain.)
> > >
> > > Please explain how to do this.
> >
> > xm block-configure <vm-name> file:/path/to/the.iso hdd:cdrom r
> > where hdd is a cdrom which was configured at boot time (',hdd:cdrom,r'
> > in the disk list, doesn't need to be empty, but it can).
> >
> > > If not, suggested patch should revert it
> > > until xm block-configure works.
> >
> > Making the monitor option configurable from the config file is really
> > not that hard, since there's plenty of other options which you can set
> > in the config file and which result in options getting added to the
> > qemu command line.  The serial option is a good example of how to do
> > this.
> >
> >     christian
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xensource.com
> > http://lists.xensource.com/xen-devel
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>

RE: Should Qemu monitor be enabled by default

[You, Yongkang]

[-- Attachment #1: Type: text/plain, Size: 2136 bytes --]

Hi Christian,

We worked out a simple patch and tried it well. Please apply. 

Best Regards,
Yongkang (Kangkang) 永康

>-----Original Message-----
>From: Christian Limpach [mailto:christian.limpach@gmail.com]
>Sent: 2007年4月11日 20:11
>To: Atsushi SAKAI
>Cc: xen-devel@lists.xensource.com; You, Yongkang; Christian Limpach
>Subject: Re: [Xen-devel] Should Qemu monitor be enabled by default
>
>On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
>> Thank you for consider config file option for domHVM.
>
>I was hoping that you or one of the other people who are so desperate
>for getting access to the monitor back was going to create a patch...
>
>> Are you try xm block-configure for physical devices(phy:/dev/cdrom)?
>> (not file(file:))
>
>Works for me.
>
>    christian
>
>>
>> Thanks
>> Atsushi SAKAI
>>
>> "Christian Limpach" <christian.limpach@gmail.com> wrote:
>>
>> > On 4/11/07, Atsushi SAKAI <sakaia@jp.fujitsu.com> wrote:
>> > >  Your suggested xm block-configure cannot solve this problem.
>> > > (to switch the CDROM from guest Domain.)
>> > >
>> > > Please explain how to do this.
>> >
>> > xm block-configure <vm-name> file:/path/to/the.iso hdd:cdrom r
>> > where hdd is a cdrom which was configured at boot time (',hdd:cdrom,r'
>> > in the disk list, doesn't need to be empty, but it can).
>> >
>> > > If not, suggested patch should revert it
>> > > until xm block-configure works.
>> >
>> > Making the monitor option configurable from the config file is really
>> > not that hard, since there's plenty of other options which you can set
>> > in the config file and which result in options getting added to the
>> > qemu command line.  The serial option is a good example of how to do
>> > this.
>> >
>> >     christian
>> >
>> > _______________________________________________
>> > Xen-devel mailing list
>> > Xen-devel@lists.xensource.com
>> > http://lists.xensource.com/xen-devel
>>
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>>

[-- Attachment #2: qemu_monitor.patch --]
[-- Type: application/octet-stream, Size: 4025 bytes --]

Add Qemu Monitor enable/disable configuration from HVM config file.

Singed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
Singed-off-by: Yongkang You <yongkang.you@intel.com>

diff -r 3d356a2b1c75 tools/examples/xmexample.hvm
--- a/tools/examples/xmexample.hvm	Wed Apr 11 07:30:02 2007 -0600
+++ b/tools/examples/xmexample.hvm	Thu Apr 12 10:48:46 2007 +0800
@@ -170,6 +170,12 @@ serial='pty'
 
 
 #-----------------------------------------------------------------------------
+#   Qemu Monitor, default is disable
+#   Use ctrl-alt-2 to connect
+#monitor=1
+
+
+#-----------------------------------------------------------------------------
 #   enable sound card support, [sb16|es1370|all|..,..], default none
 #soundhw='sb16'
 
diff -r 3d356a2b1c75 tools/examples/xmexample.vti
--- a/tools/examples/xmexample.vti	Wed Apr 11 07:30:02 2007 -0600
+++ b/tools/examples/xmexample.vti	Thu Apr 12 10:48:32 2007 +0800
@@ -113,6 +113,11 @@ serial='pty'
 serial='pty'
 
 #-----------------------------------------------------------------------------
+#   Qemu Monitor, default is disable
+#   Use ctrl-alt-2 to connect
+#monitor=1
+
+#-----------------------------------------------------------------------------
 #   enable sound card support, [sb16|es1370|all|..,..], default none
 #soundhw='sb16'
 
diff -r bfe2136c163a tools/python/README.XendConfig
--- a/tools/python/README.XendConfig	Wed Apr 11 14:34:08 2007 +0100
+++ b/tools/python/README.XendConfig	Thu Apr 12 13:31:11 2007 +0800
@@ -115,6 +115,7 @@ otherConfig
                                 image.nographic
                                 image.vnc
                                 image.sdl
+                                image.monitor
                                 image.vncdisplay
                                 image.vncunused
                                 image.hvm.device_model
diff -r bfe2136c163a tools/python/README.sxpcfg
--- a/tools/python/README.sxpcfg	Wed Apr 11 14:34:08 2007 +0100
+++ b/tools/python/README.sxpcfg	Thu Apr 12 13:31:11 2007 +0800
@@ -63,6 +63,7 @@ image
   - fdb
   - soundhw
   - localtime
+  - monitor
   - serial
   - stdvga
   - isa
diff -r bfe2136c163a tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py	Wed Apr 11 14:34:08 2007 +0100
+++ b/tools/python/xen/xend/XendConfig.py	Thu Apr 12 13:31:11 2007 +0800
@@ -117,7 +117,7 @@ LEGACY_CFG_TO_XENAPI_CFG = reverse_dict(
 
 # Platform configuration keys.
 XENAPI_PLATFORM_CFG = [ 'acpi', 'apic', 'boot', 'device_model', 'display', 
-                        'fda', 'fdb', 'keymap', 'isa', 'localtime',
+                        'fda', 'fdb', 'keymap', 'isa', 'localtime', 'monitor', 
                         'nographic', 'pae', 'rtc_timeoffset', 'serial', 'sdl',
                         'soundhw','stdvga', 'usb', 'usbdevice', 'vnc',
                         'vncconsole', 'vncdisplay', 'vnclisten',
diff -r bfe2136c163a tools/python/xen/xend/image.py
--- a/tools/python/xen/xend/image.py	Wed Apr 11 14:34:08 2007 +0100
+++ b/tools/python/xen/xend/image.py	Thu Apr 12 13:40:09 2007 +0800
@@ -418,6 +418,8 @@ class HVMImageHandler(ImageHandler):
             pass
         else:
             ret.append('-nographic')

+        if int(vmConfig['platform'].get('monitor', 0)) != 0:
+            ret.append('-monitor vc')
         return ret
 
     def createDeviceModel(self, restore = False):
diff -r bfe2136c163a tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py	Wed Apr 11 14:34:08 2007 +0100
+++ b/tools/python/xen/xm/create.py	Thu Apr 12 13:31:11 2007 +0800
@@ -420,6 +420,10 @@ gopts.var('serial', val='FILE',
 gopts.var('serial', val='FILE',
           fn=set_value, default='',
           use="Path to serial or pty or vc")
+
+gopts.var('monitor', val='no|yes',
+          fn=set_bool, default=0,
+          use="""Should the device model use monitor?""")
 
 gopts.var('localtime', val='no|yes',
           fn=set_bool, default=0,

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: Should Qemu monitor be enabled by default

[Daniel P. Berrange]

On Thu, Apr 12, 2007 at 02:40:23PM +0800, You, Yongkang wrote:
> Hi Christian,
> 
> We worked out a simple patch and tried it well. Please apply. 

This part of the patch does not look correct:

-- a/tools/python/xen/xend/image.py	Thu Apr 12 13:18:08 2007 +0100
+++ b/tools/python/xen/xend/image.py	Thu Apr 12 13:21:26 2007 +0100
@@ -415,6 +415,8 @@ class HVMImageHandler(ImageHandler):
         else:
             ret.append('-nographic')
 
+        if int(vmConfig['platform'].get('monitor', 0)) != 0:
+            ret.append('-monitor vc')
         return ret
 
     def createDeviceModel(self, restore = False):

The '-monitor vc' is already the default for QEMU, so both branches of
that if end up reducing to the same functional state - the monitor being
enabled. You need to explicitly disable the monitor if the config file 
has monitor=0

I'm not sure this patch is a good idea long term though. If, as Anthony
suggests in previous thread, XenD takes control of the monitor and provides
an explicit 'xm monitor' command, then it'll be impossible to also make
the monitor also appear on a VC. 

This also doesn't address the issue that making the monitor appear on a
VC is fundamentally a security risk and so can never be enabled in any
production environment where you care about integrity of the Dom0 host. 
I don't see the point in introducing a config file setting which will 
have to go away once a sustainable 'xm monitor' patch is implemented.

For the timescales involved in 3.0.5 I think we should instead make sure
that 'xm block-configure' works correctly.

Dan
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

RE: Should Qemu monitor be enabled by default

[You, Yongkang]

[-- Attachment #1: Type: text/plain, Size: 2090 bytes --]

Hi Daniel,

>The '-monitor vc' is already the default for QEMU, so both branches of
>that if end up reducing to the same functional state - the monitor being
>enabled. You need to explicitly disable the monitor if the config file
>has monitor=0

Aha. Thanks for checking the patch. It is a typo. In the attachment patch, I have changed the monitor default value to 0. 

>
>I'm not sure this patch is a good idea long term though. If, as Anthony
>suggests in previous thread, XenD takes control of the monitor and provides
>an explicit 'xm monitor' command, then it'll be impossible to also make
>the monitor also appear on a VC.

Yes. It is not a long term solution like previous discussion. But 3.0.5 is near, we had better to use the interim method. 

>
>This also doesn't address the issue that making the monitor appear on a
>VC is fundamentally a security risk and so can never be enabled in any
>production environment where you care about integrity of the Dom0 host.
>I don't see the point in introducing a config file setting which will
>have to go away once a sustainable 'xm monitor' patch is implemented.
>
>For the timescales involved in 3.0.5 I think we should instead make sure
>that 'xm block-configure' works correctly.

Yes. I agree it has potential security issue. But from the original concern email, I just knew the cdrom option would cause possible normal user to write file as root privilege. But actually if we could assign 'readonly' permission for cdrom option, nobody could write the system file. But still have read permission security issue. 

Well, users are familiar with Qemu Monitor for a long time. And although we can use xm command to change the CD-ROM file, we hardly switch HVM console to ttyN or call HVM by "ctrl-alt-N" (monitor can send short keys to HVM). So if simply remove Monitor function, it would also lose an important function of HVM. IMHO, virtualization production would drop it. :) So we create such patch to do a compromise workaround and let user to choose. 

Best Regards,
Yongkang (Kangkang) 永康



[-- Attachment #2: qemu_monitor.patch --]
[-- Type: application/octet-stream, Size: 4025 bytes --]

Add Qemu Monitor enable/disable configuration from HVM config file.

Singed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
Singed-off-by: Yongkang You <yongkang.you@intel.com>

diff -r 3d356a2b1c75 tools/examples/xmexample.hvm
--- a/tools/examples/xmexample.hvm	Wed Apr 11 07:30:02 2007 -0600
+++ b/tools/examples/xmexample.hvm	Thu Apr 12 10:48:46 2007 +0800
@@ -170,6 +170,12 @@ serial='pty'
 
 
 #-----------------------------------------------------------------------------
+#   Qemu Monitor, default is disable
+#   Use ctrl-alt-2 to connect
+#monitor=0
+
+
+#-----------------------------------------------------------------------------
 #   enable sound card support, [sb16|es1370|all|..,..], default none
 #soundhw='sb16'
 
diff -r 3d356a2b1c75 tools/examples/xmexample.vti
--- a/tools/examples/xmexample.vti	Wed Apr 11 07:30:02 2007 -0600
+++ b/tools/examples/xmexample.vti	Thu Apr 12 10:48:32 2007 +0800
@@ -113,6 +113,11 @@ serial='pty'
 serial='pty'
 
 #-----------------------------------------------------------------------------
+#   Qemu Monitor, default is disable
+#   Use ctrl-alt-2 to connect
+#monitor=0
+
+#-----------------------------------------------------------------------------
 #   enable sound card support, [sb16|es1370|all|..,..], default none
 #soundhw='sb16'
 
diff -r bfe2136c163a tools/python/README.XendConfig
--- a/tools/python/README.XendConfig	Wed Apr 11 14:34:08 2007 +0100
+++ b/tools/python/README.XendConfig	Thu Apr 12 13:31:11 2007 +0800
@@ -115,6 +115,7 @@ otherConfig
                                 image.nographic
                                 image.vnc
                                 image.sdl
+                                image.monitor
                                 image.vncdisplay
                                 image.vncunused
                                 image.hvm.device_model
diff -r bfe2136c163a tools/python/README.sxpcfg
--- a/tools/python/README.sxpcfg	Wed Apr 11 14:34:08 2007 +0100
+++ b/tools/python/README.sxpcfg	Thu Apr 12 13:31:11 2007 +0800
@@ -63,6 +63,7 @@ image
   - fdb
   - soundhw
   - localtime
+  - monitor
   - serial
   - stdvga
   - isa
diff -r bfe2136c163a tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py	Wed Apr 11 14:34:08 2007 +0100
+++ b/tools/python/xen/xend/XendConfig.py	Thu Apr 12 13:31:11 2007 +0800
@@ -117,7 +117,7 @@ LEGACY_CFG_TO_XENAPI_CFG = reverse_dict(
 
 # Platform configuration keys.
 XENAPI_PLATFORM_CFG = [ 'acpi', 'apic', 'boot', 'device_model', 'display', 
-                        'fda', 'fdb', 'keymap', 'isa', 'localtime',
+                        'fda', 'fdb', 'keymap', 'isa', 'localtime', 'monitor', 
                         'nographic', 'pae', 'rtc_timeoffset', 'serial', 'sdl',
                         'soundhw','stdvga', 'usb', 'usbdevice', 'vnc',
                         'vncconsole', 'vncdisplay', 'vnclisten',
diff -r bfe2136c163a tools/python/xen/xend/image.py
--- a/tools/python/xen/xend/image.py	Wed Apr 11 14:34:08 2007 +0100
+++ b/tools/python/xen/xend/image.py	Thu Apr 12 13:40:09 2007 +0800
@@ -418,6 +418,8 @@ class HVMImageHandler(ImageHandler):
             pass
         else:
             ret.append('-nographic')

+        if int(vmConfig['platform'].get('monitor', 0)) != 0:
+            ret.append('-monitor vc')
         return ret
 
     def createDeviceModel(self, restore = False):
diff -r bfe2136c163a tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py	Wed Apr 11 14:34:08 2007 +0100
+++ b/tools/python/xen/xm/create.py	Thu Apr 12 13:31:11 2007 +0800
@@ -420,6 +420,10 @@ gopts.var('serial', val='FILE',
 gopts.var('serial', val='FILE',
           fn=set_value, default='',
           use="Path to serial or pty or vc")
+
+gopts.var('monitor', val='no|yes',
+          fn=set_bool, default=0,
+          use="""Should the device model use monitor?""")
 
 gopts.var('localtime', val='no|yes',
           fn=set_bool, default=0,

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: Should Qemu monitor be enabled by default

[Christian Limpach]

On 4/12/07, Daniel P. Berrange <berrange@redhat.com> wrote:
> This part of the patch does not look correct:
>
> -- a/tools/python/xen/xend/image.py     Thu Apr 12 13:18:08 2007 +0100
> +++ b/tools/python/xen/xend/image.py    Thu Apr 12 13:21:26 2007 +0100
> @@ -415,6 +415,8 @@ class HVMImageHandler(ImageHandler):
>          else:
>              ret.append('-nographic')
>
> +        if int(vmConfig['platform'].get('monitor', 0)) != 0:
> +            ret.append('-monitor vc')
>          return ret
>
>      def createDeviceModel(self, restore = False):
>
> The '-monitor vc' is already the default for QEMU, so both branches of
> that if end up reducing to the same functional state - the monitor being
> enabled. You need to explicitly disable the monitor if the config file
> has monitor=0

No, the monitor in qemu is off by default, the patch is correct as is.

> I'm not sure this patch is a good idea long term though. If, as Anthony
> suggests in previous thread, XenD takes control of the monitor and provides
> an explicit 'xm monitor' command, then it'll be impossible to also make
> the monitor also appear on a VC.
>
> This also doesn't address the issue that making the monitor appear on a
> VC is fundamentally a security risk and so can never be enabled in any
> production environment where you care about integrity of the Dom0 host.
> I don't see the point in introducing a config file setting which will
> have to go away once a sustainable 'xm monitor' patch is implemented.

Why shouldn't both co-exist?  You can have either monitor=pty or
monitor=vc.  This is how serial ports work already.

> For the timescales involved in 3.0.5 I think we should instead make sure
> that 'xm block-configure' works correctly.

How does it not work correctly?

     christian

Re: Should Qemu monitor be enabled by default

[Daniel P. Berrange]

On Thu, Apr 12, 2007 at 09:40:26PM +0100, Christian Limpach wrote:
> On 4/12/07, Daniel P. Berrange <berrange@redhat.com> wrote:
> >This part of the patch does not look correct:
> >
> >-- a/tools/python/xen/xend/image.py     Thu Apr 12 13:18:08 2007 +0100
> >+++ b/tools/python/xen/xend/image.py    Thu Apr 12 13:21:26 2007 +0100
> >@@ -415,6 +415,8 @@ class HVMImageHandler(ImageHandler):
> >         else:
> >             ret.append('-nographic')
> >
> >+        if int(vmConfig['platform'].get('monitor', 0)) != 0:
> >+            ret.append('-monitor vc')
> >         return ret
> >
> >     def createDeviceModel(self, restore = False):
> >
> >The '-monitor vc' is already the default for QEMU, so both branches of
> >that if end up reducing to the same functional state - the monitor being
> >enabled. You need to explicitly disable the monitor if the config file
> >has monitor=0
> 
> No, the monitor in qemu is off by default, the patch is correct as is.

Is that a recent Xen-specific change to QEMU ? The regular QEMU has always 
had the monitor on by default - and its on by default in Xen 3.0.3/4 :

  http://fabrice.bellard.free.fr/qemu/qemu-doc.html#SEC10

 "-monitor dev
    Redirect the monitor to host device dev (same devices as the serial port). 
    The default device is vc in graphical mode and stdio in non graphical mode."

> >I'm not sure this patch is a good idea long term though. If, as Anthony
> >suggests in previous thread, XenD takes control of the monitor and provides
> >an explicit 'xm monitor' command, then it'll be impossible to also make
> >the monitor also appear on a VC.
> >
> >This also doesn't address the issue that making the monitor appear on a
> >VC is fundamentally a security risk and so can never be enabled in any
> >production environment where you care about integrity of the Dom0 host.
> >I don't see the point in introducing a config file setting which will
> >have to go away once a sustainable 'xm monitor' patch is implemented.
> 
> Why shouldn't both co-exist?  You can have either monitor=pty or
> monitor=vc.  This is how serial ports work already.

What I mean is that if we wanted to implement a 'xm monitor' command,
then XenD would need to launch QEMU with '-monitor pty' (or equivalent)
at which point you'd be unable to also have '-monitor vc' on the same
command line.

> >For the timescales involved in 3.0.5 I think we should instead make sure
> >that 'xm block-configure' works correctly.
> 
> How does it not work correctly?

I've not had any trouble with it myself, but I've not tested it much.
I was refering to the earlier mail in this thread

http://lists.xensource.com/archives/html/xen-devel/2007-04/msg00222.html

where Nishi indicated his motivation for wanting access to the monitor
via a VC was that block-configure wasn't reliable. 

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

Re: Should Qemu monitor be enabled by default

[Christian Limpach]

On 4/12/07, Daniel P. Berrange <berrange@redhat.com> wrote:
> > No, the monitor in qemu is off by default, the patch is correct as is.
>
> Is that a recent Xen-specific change to QEMU ? The regular QEMU has always
> had the monitor on by default - and its on by default in Xen 3.0.3/4 :

Yes it is.  The default is not suitable.

> > Why shouldn't both co-exist?  You can have either monitor=pty or
> > monitor=vc.  This is how serial ports work already.
>
> What I mean is that if we wanted to implement a 'xm monitor' command,
> then XenD would need to launch QEMU with '-monitor pty' (or equivalent)
> at which point you'd be unable to also have '-monitor vc' on the same
> command line.

Which is why the monitor option should take a string, it can then
default to whatever is useable for "xm monitor".  "xm monitor" should
imho be xm console with an option to make it connect to the monitor
pty.

> I've not had any trouble with it myself, but I've not tested it much.
> I was refering to the earlier mail in this thread
>
> http://lists.xensource.com/archives/html/xen-devel/2007-04/msg00222.html
>
> where Nishi indicated his motivation for wanting access to the monitor
> via a VC was that block-configure wasn't reliable.

You should have read the replies as well, before making claims that
something doesn't work.

    christian

Re: Should Qemu monitor be enabled by default

[Daniel P. Berrange]

On Thu, Apr 12, 2007 at 10:00:45PM +0100, Christian Limpach wrote:
> >What I mean is that if we wanted to implement a 'xm monitor' command,
> >then XenD would need to launch QEMU with '-monitor pty' (or equivalent)
> >at which point you'd be unable to also have '-monitor vc' on the same
> >command line.
> 
> Which is why the monitor option should take a string, it can then
> default to whatever is useable for "xm monitor".  "xm monitor" should
> imho be xm console with an option to make it connect to the monitor
> pty.

Yes, that would work pretty well - and shouldn't require much code at
all - 'xm monitor' impl would pretty much be identical to that for the
existing 'xm console' code, merely looking up a different PTY path in
XenStored.

> >I've not had any trouble with it myself, but I've not tested it much.
> >I was refering to the earlier mail in this thread
> >
> >http://lists.xensource.com/archives/html/xen-devel/2007-04/msg00222.html
> >
> >where Nishi indicated his motivation for wanting access to the monitor
> >via a VC was that block-configure wasn't reliable.
> 
> You should have read the replies as well, before making claims that
> something doesn't work.

Sorry, that's cleared things up.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

Re: Should Qemu monitor be enabled by default

[Christian Limpach]

On 4/12/07, Christian Limpach <christian.limpach@gmail.com> wrote:
> Why shouldn't both co-exist?  You can have either monitor=pty or
> monitor=vc.  This is how serial ports work already.

Actually, the patch is quite bad in this regard -- the monitor option
should not take an integer but a string, so that the monitor option
works like the serial option.

     christian