From: Anthony Liguori <anthony@codemonkey.ws>
To: Gerd Hoffmann <kraxel@redhat.com>, Kevin O'Connor <kevin@koconnor.net>
Cc: KVM devel mailing list <kvm@vger.kernel.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
seabios@seabios.org,
qemu-devel qemu-devel <qemu-devel@nongnu.org>,
Juan Quintela <quintela@redhat.com>,
dwmw2@infradead.org
Subject: Re: [Qemu-devel] [SeaBIOS] KVM call agenda for 2013-05-28
Date: Wed, 29 May 2013 11:18:03 -0500 [thread overview]
Message-ID: <871u8p92v8.fsf@codemonkey.ws> (raw)
In-Reply-To: <51A5C117.6000609@redhat.com>
Gerd Hoffmann <kraxel@redhat.com> writes:
> On 05/29/13 01:53, Kevin O'Connor wrote:
>> On Thu, May 23, 2013 at 03:41:32PM +0300, Michael S. Tsirkin wrote:
>>> Juan is not available now, and Anthony asked for
>>> agenda to be sent early.
>>> So here comes:
>>>
>>> Agenda for the meeting Tue, May 28:
>>>
>>> - Generating acpi tables
>>
>> I didn't see any meeting notes, but I thought it would be worthwhile
>> to summarize the call. This is from memory so correct me if I got
>> anything wrong.
>>
>> Anthony believes that the generation of ACPI tables is the task of the
>> firmware. Reasons cited include security implications of running more
>> code in qemu vs the guest context,
>
> I fail to see the security issues here. It's not like the apci table
> generation code operates on untrusted input from the guest ...
But possibly untrusted input from a malicious user. You can imagine
something like a IaaS provider that let's a user input arbitrary values
for memory, number of nics, etc.
It's a stretch of an example, I agree, but the general principle I think
is sound: we should push as much work as possible to the least
privileged part of the stack. In this case, firmware has much less
privileges than QEMU.
>> complexities in running iasl on
>> big-endian machines,
>
> We already have a bunch of prebuilt blobs in the qemu repo for simliar
> reasons, we can do that with iasl output too.
>
>> possible complexity of having to regenerate
>> tables on a vm reboot,
>
> Why tables should be regenerated at reboot? I remember hotplug being
> mentioned in the call. Hmm? Which hotplugged component needs acpi
> table updates to work properly? And what is the point of hotplugging if
> you must reboot the guest anyway to get the acpi updates needed?
> Details please.
See my response to Michael.
> Also mentioned in the call: "architectural reasons", which I understand
> as "real hardware works that way". Correct. But qemu's virtual
> hardware is configurable in more ways than real hardware, so we have
> different needs. For example: pci slots can or can't be hotpluggable.
> On real hardware this is fixed. IIRC this is one of the reasons why we
> have to patch acpi tables.
It's not really fixed. Hardware supports PCI expansion chassises.
Multi-node NUMA systems also affect the ACPI tables.
>> overall sloppiness of doing it in QEMU.
>
> /me gets the feeling that this is the *main* reason, given that the
> other ones don't look very convincing to me.
>
>> Raised
>> that QOM interface should be sufficient.
>
> Agree on this one. Ideally the acpi table generation code should be
> able to gather all information it needs from the qom tree, so it can be
> a standalone C file instead of being scattered over all qemu.
Ack. So my basic argument is why not expose the QOM interfaces to
firmware and move the generation code there? Seems like it would be
more or less a copy/paste once we had a proper implementation in QEMU.
>> There were discussions on potentially introducing a middle component
>> to generate the tables. Coreboot was raised as a possibility, and
>> David thought it would be okay to use coreboot for both OVMF and
>> SeaBIOS.
>
> Certainly an option, but that is a long-term project.
Out of curiousity, are there other benefits to using coreboot as a core
firmware in QEMU?
Is there a payload we would ever plausibly use besides OVMF and SeaBIOS?
Regards,
Anthony Liguori
next prev parent reply other threads:[~2013-05-29 16:18 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-23 12:41 [Qemu-devel] KVM call agenda for 2013-05-28 Michael S. Tsirkin
2013-05-24 3:02 ` [Qemu-devel] [SeaBIOS] " li guang
2013-05-28 23:53 ` [Qemu-devel] " Kevin O'Connor
2013-05-29 8:45 ` Michael S. Tsirkin
2013-05-29 16:12 ` Anthony Liguori
2013-05-29 16:19 ` Michael S. Tsirkin
2013-05-30 6:37 ` Gerd Hoffmann
2013-06-02 15:05 ` [Qemu-devel] [SeaBIOS] " Gleb Natapov
2013-06-02 15:09 ` Michael S. Tsirkin
2013-06-02 15:40 ` Gleb Natapov
2013-06-02 15:53 ` Michael S. Tsirkin
2013-06-03 6:25 ` Paolo Bonzini
2013-05-29 8:49 ` Gerd Hoffmann
2013-05-29 9:17 ` Michael S. Tsirkin
2013-05-29 9:42 ` Gerd Hoffmann
2013-05-29 9:46 ` Michael S. Tsirkin
2013-05-29 16:18 ` Anthony Liguori [this message]
2013-05-29 16:28 ` Michael S. Tsirkin
2013-05-29 18:17 ` Michael S. Tsirkin
2013-05-29 16:35 ` Markus Armbruster
2013-05-30 1:12 ` Kevin O'Connor
2013-05-31 12:16 ` David Woodhouse
2013-05-30 6:12 ` Gerd Hoffmann
2013-05-30 9:23 ` David Woodhouse
2013-05-30 11:13 ` Laszlo Ersek
2013-05-30 12:19 ` David Woodhouse
2013-05-30 12:27 ` Michael S. Tsirkin
2013-05-30 12:43 ` Laszlo Ersek
2013-05-30 16:20 ` Jordan Justen
2013-05-30 16:41 ` Laszlo Ersek
2013-05-30 16:57 ` Jordan Justen
2013-05-30 17:37 ` Laszlo Ersek
2013-05-30 17:45 ` Michael S. Tsirkin
2013-05-31 9:32 ` Gerd Hoffmann
2013-05-31 9:55 ` Peter Stuge
2013-05-31 23:01 ` Jordan Justen
2013-06-03 5:28 ` Gerd Hoffmann
2013-05-30 17:44 ` Michael S. Tsirkin
2013-05-31 12:09 ` David Woodhouse
2013-05-31 19:48 ` Patrick Georgi
2013-05-29 9:54 ` [Qemu-devel] " Michael S. Tsirkin
2013-05-31 2:34 ` Kevin O'Connor
2013-05-31 7:09 ` Jordan Justen
2013-05-31 8:13 ` [Qemu-devel] [SeaBIOS] " Peter Stuge
2013-05-31 10:05 ` Gerd Hoffmann
2013-05-31 13:03 ` Laszlo Ersek
2013-06-01 3:41 ` Kevin O'Connor
2013-05-31 11:45 ` [Qemu-devel] " Laszlo Ersek
2013-05-31 13:04 ` Anthony Liguori
2013-05-31 14:08 ` David Woodhouse
2013-05-31 14:28 ` Laszlo Ersek
2013-05-31 15:43 ` Anthony Liguori
2013-05-31 16:33 ` David Woodhouse
2013-05-31 16:54 ` Laszlo Ersek
2013-05-31 17:06 ` Anthony Liguori
2013-05-31 18:09 ` Paolo Bonzini
2013-05-31 18:35 ` Anthony Liguori
2013-05-31 19:28 ` Jordan Justen
2013-05-31 20:44 ` Anthony Liguori
2013-05-31 16:45 ` Laszlo Ersek
[not found] ` <51A8AD52.3070901@redhat.com>
2013-05-31 14:38 ` Anthony Liguori
2013-05-31 16:36 ` Laszlo Ersek
2013-05-31 17:10 ` Anthony Liguori
2013-05-31 19:02 ` Jordan Justen
2013-05-31 20:27 ` Anthony Liguori
2013-05-31 21:03 ` Jordan Justen
2013-06-01 0:01 ` Laszlo Ersek
2013-06-01 3:16 ` Jordan Justen
2013-06-02 9:43 ` Michael S. Tsirkin
2013-06-03 7:24 ` Jordan Justen
2013-05-31 12:58 ` Anthony Liguori
2013-05-31 13:02 ` David Woodhouse
2013-06-01 3:11 ` Kevin O'Connor
2013-06-02 9:54 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871u8p92v8.fsf@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=dwmw2@infradead.org \
--cc=kevin@koconnor.net \
--cc=kraxel@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=seabios@seabios.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).