From: Juergen Gross <jgross@suse.com>
To: Stefano Stabellini <sstabellini@kernel.org>
Cc: xen-devel@lists.xenproject.org, ian.jackson@eu.citrix.com,
jbeulich@suse.com
Subject: Re: [PATCH] docs: add misc/qemu-backends.txt
Date: Mon, 11 Apr 2016 06:52:21 +0200 [thread overview]
Message-ID: <570B2D85.1000604@suse.com> (raw)
In-Reply-To: <alpine.DEB.2.10.1604101243220.13766@sstabellini-ThinkPad-X260>
On 10/04/16 22:00, Stefano Stabellini wrote:
> On Thu, 7 Apr 2016, Juergen Gross wrote:
>> Document the interface between qemu and libxl regarding backends
>> supported by qemu.
>>
>> Signed-off-by: Juergen Gross <jgross@suse.com>
>> ---
>> docs/misc/qemu-backends.txt | 19 +++++++++++++++++++
>> 1 file changed, 19 insertions(+)
>> create mode 100644 docs/misc/qemu-backends.txt
>>
>> diff --git a/docs/misc/qemu-backends.txt b/docs/misc/qemu-backends.txt
>> new file mode 100644
>> index 0000000..f28755e
>> --- /dev/null
>> +++ b/docs/misc/qemu-backends.txt
>> @@ -0,0 +1,19 @@
>> +In order to know whether qemu supports a specific backend type libxl
>> +needs a way to obtain this information.
>> +
>> +As each qemu instance owns a path (named "<qemu>" from now on) in
>> +Xenstore the backend information is presented there. <qemu> is built
>> +from the domain id where the qemu instance is running <backend-dom>
>> +and the domain id of the target domain of the qemu process <domid>:
>> +
>> +<qemu> = /local/domain/<backend-dom>/device-model/<domid>
>> +
>> +Before signalling qemu is running by writing "running" to <qemu>/state
>> +qemu will create a Xenstore node for each supported backend under
>> +<qemu>/backends with the backend type as name (e.g.
>> +<qemu>/backends/qdisk for the qdisk backend).
>> +
>> +libxl can assume a backend of a specific type <type> is supported if:
>> +- <qemu>/backends/<type> is existing in Xenstore
>> +- or <qemu>/backends is not existing and <type> is one of:
>> + "console", "vkbd", "vfb", "qdisk", "qnic"
>
> The thing to be careful about is that the plan just a few months ago was
> to have QEMU restrict its own xenstore connection to the privilege level
> of the guest VM it was servicing. Libxl would relax the xenstore access
> rights to allow QEMU (and the gueest VM) access to
> /local/domain/<backend-dom>/device-model/<domid>/physmap, but nothing
> else. See:
>
> [1] http://marc.info/?l=qemu-devel&m=143317363104584&w=2
> [2] http://marc.info/?l=xen-devel&m=145081000327541
>
> what that means is that QEMU wouldn't be able to write to
> /local/domain/<backend-dom>/device-model/<domid>/backends, unless the
> writing was done before calling xsrestrict, which should be
> doable, but not what was done in [1].
>
> Maybe we could add a note saying that these paths need to be written by
> QEMU before dropping xenstore privileges?
Okay.
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-04-11 4:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-07 6:24 [PATCH] docs: add misc/qemu-backends.txt Juergen Gross
2016-04-08 14:54 ` Konrad Rzeszutek Wilk
2016-04-08 18:20 ` Juergen Gross
2016-04-08 18:27 ` Andrew Cooper
2016-04-11 5:01 ` Juergen Gross
2016-04-10 20:00 ` Stefano Stabellini
2016-04-11 4:52 ` Juergen Gross [this message]
2016-04-11 10:33 ` Wei Liu
2016-04-11 10:57 ` Juergen Gross
2016-04-11 12:05 ` Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=570B2D85.1000604@suse.com \
--to=jgross@suse.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).