Re: [Qemu-devel] [RFC 0/3] qemu-ga: support for sending events

["Tomáš Golembiovský" <tgolembi@redhat.com>]

On Fri, 7 Jul 2017 15:55:31 -0500
Eric Blake <eblake@redhat.com> wrote:

> On 06/23/2017 08:02 AM, Tomáš Golembiovský wrote:
> > This is just a draft, or a request for comments if you will.
> > 
> > This patch sets drafts the support of sending events by QEMU Guest Agent.
> > Events can plan important role in monitoring of the guest OS behaviour. The
> > range of use cases ranges from events important for scheduling, e.g. memory and
> > CPU usage statistics, to things like changes to IP addresses on network
> > interfaces to for example changes in the list of active users.
> > 
> > For now the patch set adds single periodic callback function to the GA main
> > loop that can perform checks and trigger events that have occured since
> > previous run of the callback.  
> 
> How do we guarantee that the guest cannot flood qemu with too many events?
> 
> Obviously, qga is already used where we (in general) trust the guest to
> not be malicious, but we still have to assume that a guest can be
> compromised, and will try to abuse qga to escape to an attack against qemu.
> 

If you mean situation where something in guest will be triggering events
that qga will be sending then we can implement some throttling in qga. I
belive qemu does something similar for QMP events.

But if you're considering situation where something kills qga and will
attach itself to the serial channel then this is of course more
complex issue.

> > 
> > We can of course take it one step further and add a general framwork for
> > periodically running any of the already implemented commands. Add a function
> > that would maintain a list of registered checks. Client would use some command
> > (register-monitor-command) passing it a command name and timeout in seconds and
> > the monitoring handler would then run the specified command and report the
> > result... or report only if the return value changed since previous invocation.
> > This feature would remove part of the communication overhead between client and
> > GA.
> > 
> > So before I invest any more time in either of these approaches, tell me. Would
> > somethign like this be wanted or is that too controversial? Any other thoughts
> > and ideas?
> >   
> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.           +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org
> 


-- 
Tomáš Golembiovský <tgolembi@redhat.com>