Re: [Qemu-devel] Connecting virtio-9p-pci to a remote 9p server

[Chris Webb <chris@arachsys.com>]

Eric Van Hensbergen <ericvh@gmail.com> writes:

> A passthrough makes perfect sense, a couple summers ago we had an
> Extreme Blue team working on using 9p for a cloud hosting environment
> -- while they were primarily working on gatewaying through a host
> operating system we also discussed doing 9p passthrough (primarily for
> test, but my other motive was looking at direct 9p to back-end server
> connections).  I'm copying that team on this message to see if they
> have any additional thoughts.  On one end you lose a bit in that you
> are no longer taking advantage of the host file system cache, which
> can be useful, particularly if there is any consolidation among the
> different guests -- but as you point out, you eliminate several copies
> and transitions through kernel space by just going direct.

[Sorry for the extremely slow followup here. I got caught up bug squashing!]

Yes, that was my feeling. It also allows things like mounting a filesystem
from one VM that's exported by another on the same host. Doing this via the
host vfs would risk deadlock under memory pressure.

I would still be very interested to hear any thoughts from your team on the
best way to get access to the 9p streams from qemu directly if they did any
work in this area. If we're going to fund development work, I'm keen to
produce something as general-purpose and as widely-applicable for other
virtio-9p users as possible, rather than just a local hack for us.

> b) have qemu snoop and validate attach operations -- this may be what
> you were suggesting.  Essentially you can hardcode the attach to only
> validate from a single user (or restrict it to a set of users).  An
> alternative is to overload protocol semantics and have the initial
> version & attach (which could be sent by qemu) carry some significance
> with the server -- hardcoding the protocol parameters and user under
> whose authority all subsequent requests fall under.  This leaves much
> of the implementation details to the server

Yes, you're right, this was what I had in mind. However, I want to be able
to boot linux kernels with these filesystems as rootfs, so things that
involve auth and the like aren't ideal. I'd prefer not to modify the server
either. My plan was to filter the attach to only allow a specific path (or a
set of specific paths) which I can specify in the qemu command line. This
wouldn't require any server modifications, and would allow me to restrict
the guest to the right mountpoint(s) exported by the 9p server. Does that
sound sane?

Cheers,

Chris.