Xen project Mailing List

Re: [Xen-devel] [PATCH] docs: add misc/qemu-backends.txt

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>

From: Juergen Gross <jgross@xxxxxxxx>

Date: Mon, 11 Apr 2016 06:52:21 +0200

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, jbeulich@xxxxxxxx

Delivery-date: Mon, 11 Apr 2016 04:52:57 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 10/04/16 22:00, Stefano Stabellini wrote: > On Thu, 7 Apr 2016, Juergen Gross wrote: >> Document the interface between qemu and libxl regarding backends >> supported by qemu. >> >> Signed-off-by: Juergen Gross <jgross@xxxxxxxx> >> --- >> docs/misc/qemu-backends.txt | 19 +++++++++++++++++++ >> 1 file changed, 19 insertions(+) >> create mode 100644 docs/misc/qemu-backends.txt >> >> diff --git a/docs/misc/qemu-backends.txt b/docs/misc/qemu-backends.txt >> new file mode 100644 >> index 0000000..f28755e >> --- /dev/null >> +++ b/docs/misc/qemu-backends.txt >> @@ -0,0 +1,19 @@ >> +In order to know whether qemu supports a specific backend type libxl >> +needs a way to obtain this information. >> + >> +As each qemu instance owns a path (named "<qemu>" from now on) in >> +Xenstore the backend information is presented there. <qemu> is built >> +from the domain id where the qemu instance is running <backend-dom> >> +and the domain id of the target domain of the qemu process <domid>: >> + >> +<qemu> = /local/domain/<backend-dom>/device-model/<domid> >> + >> +Before signalling qemu is running by writing "running" to <qemu>/state >> +qemu will create a Xenstore node for each supported backend under >> +<qemu>/backends with the backend type as name (e.g. >> +<qemu>/backends/qdisk for the qdisk backend). >> + >> +libxl can assume a backend of a specific type <type> is supported if: >> +- <qemu>/backends/<type> is existing in Xenstore >> +- or <qemu>/backends is not existing and <type> is one of: >> + "console", "vkbd", "vfb", "qdisk", "qnic" > > The thing to be careful about is that the plan just a few months ago was > to have QEMU restrict its own xenstore connection to the privilege level > of the guest VM it was servicing. Libxl would relax the xenstore access > rights to allow QEMU (and the gueest VM) access to > /local/domain/<backend-dom>/device-model/<domid>/physmap, but nothing > else. See: > > [1] http://marc.info/?l=qemu-devel&m=143317363104584&w=2 > [2] http://marc.info/?l=xen-devel&m=145081000327541 > > what that means is that QEMU wouldn't be able to write to > /local/domain/<backend-dom>/device-model/<domid>/backends, unless the > writing was done before calling xsrestrict, which should be > doable, but not what was done in [1]. > > Maybe we could add a note saying that these paths need to be written by > QEMU before dropping xenstore privileges? Okay. Juergen _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.