Re: [PATCH] virtio-9p: remove virtfs-proxy-helper

[Christian Schoenebeck via <qemu-devel@nongnu.org>]

On Thursday, September 5, 2024 10:22:59 AM CEST Paolo Bonzini wrote:
> It has been deprecated since 8.1; remove it and suggest using permission mapping
> or virtiofsd.

virtfs-proxy-helper is just one component and (implementation detail) being
removed. So I would change the commit log to:

  9p: remove 'proxy' filesystem backend driver

  It has been deprecated since 8.1; remove it and suggest using 'local' file 
  system backend driver instead or virtiofsd.

> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  MAINTAINERS                        |    8 -
>  docs/about/deprecated.rst          |   23 -
>  docs/about/removed-features.rst    |   14 +
>  docs/conf.py                       |    3 -
>  docs/meson.build                   |    1 -
>  docs/tools/index.rst               |    1 -
>  docs/tools/virtfs-proxy-helper.rst |   75 --
>  meson.build                        |    8 -
>  fsdev/qemu-fsdev.h                 |    1 -
>  fsdev/qemu-fsdev.c                 |   19 -
>  fsdev/virtfs-proxy-helper.c        | 1193 --------------------------
>  hw/9pfs/9p-proxy.c                 | 1279 ----------------------------
>  fsdev/meson.build                  |    8 -
>  hw/9pfs/meson.build                |    1 -
>  meson_options.txt                  |    2 -
>  qemu-options.hx                    |   46 -
>  scripts/meson-buildoptions.        |    0
>  scripts/meson-buildoptions.sh      |    4 -
>  18 files changed, 14 insertions(+), 2672 deletions(-)
>  delete mode 100644 docs/tools/virtfs-proxy-helper.rst
>  delete mode 100644 fsdev/virtfs-proxy-helper.c
>  delete mode 100644 hw/9pfs/9p-proxy.c
>  create mode 100644 scripts/meson-buildoptions.
[...]
> diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
> index 5ae730d02ae..41d3affabfc 100644
> --- a/docs/about/removed-features.rst
> +++ b/docs/about/removed-features.rst
> @@ -517,6 +517,20 @@ The virtio-blk SCSI passthrough feature is a legacy VIRTIO feature.  VIRTIO 1.0
>  and later do not support it because the virtio-scsi device was introduced for
>  full SCSI support.  Use virtio-scsi instead when SCSI passthrough is required.
>  
> +``-fsdev proxy`` and ``-virtfs proxy`` (since 9.2)
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +
> +The 9p ``proxy`` filesystem backend driver was originally developed to
> +enhance security by dispatching low level filesystem operations from 9p
> +server (QEMU process) over to a separate process (the virtfs-proxy-helper
> +binary). However the proxy backend was much slower than the local backend,
> +didn't see any development in years, and showed to be less secure,
> +especially due to the fact that its helper daemon must be run as root.
> +
> +Use ``local``, possibly mapping permissions et al by using its 'mapped'
> +security model option, or switch to ``virtiofs``.   The virtiofs daemon
> +``virtiofsd`` uses vhost to eliminate the high latency costs of the 9p
> +``proxy`` backend.

Probably helpful for users to be more explicit like:

  use ``-fsdev local`` or ``-virtfs local``

But in general LGTM, thanks!

Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>

Best regards,
Christian Schoenebeck