From: "Daniel P. Berrangé" <berrange@redhat.com>
To: "Hoffmann, Gerd" <kraxel@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [PATCH for-3.2 01/11] vhost-user: define conventions for vhost-user backends
Date: Tue, 11 Dec 2018 09:29:44 +0000 [thread overview]
Message-ID: <20181211092944.GA921@redhat.com> (raw)
In-Reply-To: <20181211074241.ovuharwewaw22ygq@sirius.home.kraxel.org>
On Tue, Dec 11, 2018 at 08:42:41AM +0100, Hoffmann, Gerd wrote:
> Hi,
>
> > Right. The main issue is that we need to make sure only
> > in-tree devices are supported.
>
> Well, that is under debate right now, see:
> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04912.html
I've previously been against the idea of external plugins for QEMU,
however, that was when the plugin was something that would be dlopen'd
by QEMU. That would cause our internal ABI to be exposed to 3rd parties
which is highly undesirable, even if they were open source to comply
with the license needs.
When the plugin is a completely isolated process communicating with a
well defined protocol, it is not placing a significant burden on the
QEMU developers' ongoing maintainence, nor has problems with license
compliance. The main problem would come from debugging the combined
system as the external process is essentially a black box from QEMU's
POV. Downstream OS vendors are free to place restrictions on which
backend processes they'd be willing to support with QEMU, and upstream
is under no obligation to debug stuff beyond the QEMU boundary.
We have already accepted that tradeoff with networking by supporting
vhost-user and have externals impls like DPDK, so I don't see a
compelling reason to try to restrict it for other vhost-user backends.
> > vhost-user by design
> > is for out of tree users. It needn't be hard,
> > maybe it's enough to just make qemu launch these processes
> > as opposed to connecting to them on command line.
>
> Not sure this is a good idea, with security being one of the motivating
> factors to move device emulation to other processes. When libvirt
> launches the processes it can place them in separate sandboxes ...
Yep, libvirt already turns on seccomp policies which forbid QEMU from
forking/execing anything, and we have no desire to go backwards here.
Any external processes have to be launched by libvirt ahead of time.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2018-12-11 9:30 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-26 12:42 [Qemu-devel] [PATCH for-3.2 00/11] vhost-user-backend & vhost-user-input Marc-André Lureau
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 01/11] vhost-user: define conventions for vhost-user backends Marc-André Lureau
2018-11-26 20:57 ` Eric Blake
2018-12-10 14:29 ` Gerd Hoffmann
2018-12-10 18:36 ` Marc-André Lureau
2018-12-10 23:37 ` Michael S. Tsirkin
2018-12-11 7:42 ` Hoffmann, Gerd
2018-12-11 9:29 ` Daniel P. Berrangé [this message]
2018-12-11 18:56 ` Michael S. Tsirkin
2018-12-18 18:35 ` Marc-André Lureau
2018-12-18 23:20 ` Michael S. Tsirkin
2018-12-19 8:01 ` Marc-André Lureau
2018-12-19 15:42 ` Michael S. Tsirkin
2018-12-20 12:40 ` Marc-André Lureau
2018-12-20 16:33 ` Michael S. Tsirkin
2019-01-08 13:23 ` Marc-André Lureau
2019-01-09 8:45 ` Hoffmann, Gerd
2019-01-09 20:53 ` Marc-André Lureau
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 02/11] vhost-user: simplify vhost_user_init/vhost_user_cleanup Marc-André Lureau
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 03/11] libvhost-user: exit by default on VHOST_USER_NONE Marc-André Lureau
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 04/11] vhost-user: wrap some read/write with retry handling Marc-André Lureau
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 05/11] Add vhost-user-backend Marc-André Lureau
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 06/11] vhost-user: split vhost_user_read() Marc-André Lureau
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 07/11] vhost-user: add vhost_user_input_get_config() Marc-André Lureau
2018-12-10 14:26 ` Gerd Hoffmann
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 08/11] libvhost-user-glib: export vug_source_new() Marc-André Lureau
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 09/11] libvhost-user: add vu_queue_unpop() Marc-André Lureau
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 10/11] Add vhost-user-input-pci Marc-André Lureau
2018-12-10 14:26 ` Gerd Hoffmann
2018-11-26 12:42 ` [Qemu-devel] [PATCH for-3.2 11/11] contrib: add vhost-user-input Marc-André Lureau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181211092944.GA921@redhat.com \
--to=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).