Hello Jag, It's quite nice of you to give me so much details about this feature. I tried with this repo by using the python script. The server and client qemu processes are created successfully.
I'm interested in it due to the requirement for higher security level in cloud environment. We're taking efforts to enhance the security of the VMs and hosts. I read on the page below https://www.qemu.org/docs/master/devel/multi-process.html that "an attacker who compromised this service would not be able to use this exploit to access files or devices beyond what the disk service was given access to". This is the feature which can reduce the risk due to a compromised device emulation code. It doesn't matter which specific device can be emulated in a separated process. It matters that the device emulation service can be separated from the qemu main process. Another aspect I'd like to know is, could the multi-processes be live migrated just as the single qemu process? Thank you so much for your time and patience. Wish you all the best, Yu Zhang 07.06.2022 On Fri, Jun 3, 2022 at 7:37 PM Jag Raman <[email protected]> wrote: > > > On Jun 3, 2022, at 11:34 AM, Yu Zhang <[email protected]> wrote: > > Hello Dongli, Elena, John, and Jagannathan, > > I'm interested in the "multi-process QEMU" feature and got the kind reply > by Mr. Vivier that I may contact you for this. > On one of the QEMU docs [1] I saw the command line: > > + /usr/bin/qemu-system-x86_64 \ > + -machine x-remote \ > + -device lsi53c895a,id=lsi0 \ > + -drive id=drive_image2,file=/build/ol7-nvme-test-1.qcow2 \ > + -device scsi-hd,id=drive2,drive=drive_image2,bus=lsi0.0,scsi-id=0 \ > + -object x-remote-object,id=robj1,devid=lsi1,fd=4, > > It seems that the man page of qemu contains no parameter and option yet > for this feature. The qemu docs, such as [2][3][4] are either not > up-to-date or "doesn't reflect the current status of the implementation". > So may I know whether is it still in experimental stage or mature enough > for use? And even a few further questions: > > > Hello Yu, > > We are working on vfio-user for QEMU which would supersede multi-process > QEMU. > The vfio-user feature is currently under review for merging with QEMU. We > would drop > multi-process QEMU support after the vfio-user changes are merged. > > We use the following repo for testing vfio-user before sending the patches > for > review. You may be interested in checking it out: > https://github.com/oracle/qemu/tree/master > > > - When creating the orchestrator, can we specify a machine type such as > pc-i440fx-7.0 for -machine? > > > For vfio-user, the machine type on the remote QEMU process (server) is > always “x-remote”. The client QEMU could be of any machine type. > > - Can each device has a dedicated emulation process or shares one process > for emulating multiple devices? > > > Each device could be running in a dedicated process, or multiple > devices could share one process. > > - Can we find more command line examples showing the combination of > orchestrator, remote emulation process, memory-backend-memfd and > x-pci-proxy-dev? > > > For vfio-user, we could give you a heads up once they are merged into > QEMU. We > are using the following for testing our changes, which you could checkout > in the meanwhile: > scripts/vfiouser-launcher.py > > Could you please give us more details about what you’re trying to do? Which > devices are you trying to emulate in the remote process? > > Thank you! > -- > Jag > > > Thank you very much and all the best > > Yu Zhang > 03.06.2022 > > [1] https://www.qemu.org/docs/master/system/multi-process.html > [2] https://wiki.qemu.org/Features/MultiProcessQEMU > [3] > https://lxr.missinglinkelectronics.com/qemu+v7.0.0/docs/devel/multi-process.rst > [4] https://qemu.readthedocs.io/en/latest/devel/multi-process.html > > ---------- Forwarded message --------- > From: Laurent Vivier <[email protected]> > Date: Fri, Jun 3, 2022 at 4:14 PM > Subject: Re: about the current status of Multi-process QEMU / > out-of-process emulation > To: Yu Zhang <[email protected]> > > > Hi Yu, > > I'm not the author of this documentation, only the person that has merged > the last change in the repo. > > According to the logs you should contact Dongli Zhang < > [email protected]>, Elena Ufimtseva > <[email protected]>, John G Johnson <[email protected]> > or Jagannathan Raman > <[email protected]> . > > Thanks, > Laurent > > Le 03/06/2022 à 12:17, Yu Zhang a écrit : > > Dear Mr. Vivier, > > > > I saw that you authored the QEMU page for "Multi-process QEMU". > > (https://www.qemu.org/docs/master/system/multi-process.html > > <https://www.qemu.org/docs/master/system/multi-process.html>) > > > > I'm interested in this feature, but feel a little confused with the > command line: > > > > + /usr/bin/qemu-system-x86_64 > \ > > + -machine x-remote > \ > > + -device lsi53c895a,id=lsi0 > \ > > + -drive id=drive_image2,file=/build/ol7-nvme-test-1.qcow2 > \ > > + -device scsi-hd,id=drive2,drive=drive_image2,bus=lsi0.0,scsi-id=0 > \ > > + -object x-remote-object,id=robj1,devid=lsi1,fd=4, > > > > It seems that the man page of qemu command contains no parameter and > option yet for this feature. > > May I know whether is it still in experimental stage? And even a few > more questions: > > > > - Is "x-remote" a standalone machine type for creating the orchestrator? > > - Can each device has a dedicated emulation process or shares one > process for emulating multiple > > devices? > > - Can I find more command line examples illustrating the combination of > orchestrator, remote > > emulation process, memory-backend-memfd and x-pci-proxy-dev? > > > > Thank you very much > > Kind regard > > > > Yu Zhang > > 03.06.2022 > > >
