1. Patchew
  2. Libvirt
  3. View series

[libvirt] [PATCH v2 00/23] Use a slirp helper process

marcandre.lureau@redhat.com posted 23 patches 4 years, 8 months ago
Test syntax-check failed
Failed in applying to current master (apply log)
.editorconfig                                 |  21 +
m4/virt-driver-qemu.m4                        |   5 +
src/conf/domain_conf.c                        |  21 +-
src/conf/domain_conf.h                        |   6 +
src/qemu/Makefile.inc.am                      |   4 +
src/qemu/libvirtd_qemu.aug                    |   1 +
src/qemu/qemu.conf                            |   3 +
src/qemu/qemu_alias.c                         |  17 +
src/qemu/qemu_alias.h                         |   3 +
src/qemu/qemu_capabilities.c                  |   8 +
src/qemu/qemu_capabilities.h                  |   2 +
src/qemu/qemu_command.c                       | 118 ++++-
src/qemu/qemu_command.h                       |   6 +-
src/qemu/qemu_conf.c                          |  11 +-
src/qemu/qemu_conf.h                          |   2 +
src/qemu/qemu_dbus.c                          |  94 ++++
src/qemu/qemu_dbus.h                          |  42 ++
src/qemu/qemu_domain.c                        | 220 ++++++++-
src/qemu/qemu_domain.h                        |  20 +
src/qemu/qemu_driver.c                        |   8 +
src/qemu/qemu_extdevice.c                     |  82 ++--
src/qemu/qemu_extdevice.h                     |  10 +-
src/qemu/qemu_hotplug.c                       | 112 ++++-
src/qemu/qemu_hotplug.h                       |  11 +
src/qemu/qemu_interface.c                     |  27 ++
src/qemu/qemu_interface.h                     |   4 +
src/qemu/qemu_migration.c                     |  19 +
src/qemu/qemu_monitor.c                       |  13 +-
src/qemu/qemu_monitor.h                       |   3 +-
src/qemu/qemu_process.c                       |  24 +-
src/qemu/qemu_security.c                      |  22 +
src/qemu/qemu_security.h                      |   6 +
src/qemu/qemu_slirp.c                         | 448 ++++++++++++++++++
src/qemu/qemu_slirp.h                         |  81 ++++
src/qemu/qemu_tpm.c                           |   4 +-
src/qemu/test_libvirtd_qemu.aug.in            |   1 +
src/util/virdbus.c                            |  18 +-
src/util/virdbus.h                            |   6 +-
.../caps_4.0.0.aarch64.xml                    |   1 +
.../qemucapabilitiesdata/caps_4.0.0.ppc64.xml |   1 +
.../caps_4.0.0.riscv32.xml                    |   1 +
.../caps_4.0.0.riscv64.xml                    |   1 +
.../qemucapabilitiesdata/caps_4.0.0.s390x.xml |   1 +
.../caps_4.0.0.x86_64.xml                     |   1 +
.../caps_4.1.0.x86_64.xml                     |   1 +
.../net-user.x86_64-4.0.0.args                |  34 ++
tests/qemuxml2argvdata/tpm-emulator.xml       |   2 +-
tests/qemuxml2argvtest.c                      |  16 +
tests/testutilsqemu.h                         |   1 +
tests/virfirewalltest.c                       |   9 +-
tests/virpolkittest.c                         |   3 +-
51 files changed, 1498 insertions(+), 77 deletions(-)
create mode 100644 .editorconfig
create mode 100644 src/qemu/qemu_dbus.c
create mode 100644 src/qemu/qemu_dbus.h
create mode 100644 src/qemu/qemu_slirp.c
create mode 100644 src/qemu/qemu_slirp.h
create mode 100644 tests/qemuxml2argvdata/net-user.x86_64-4.0.0.args
[libvirt] [PATCH v2 00/23] Use a slirp helper process
Posted by marcandre.lureau@redhat.com 4 years, 8 months ago 
From: Marc-André Lureau <marcandre.lureau@redhat.com>

Hi,

SLIRP networking can be running in a separate process. This allows for
stricter security policies for QEMU & SLIRP, as SLIRP is notoriously
not very safe (discussed on ML, various CVEs, and even the code says
so explicitly in the comments), yet people rely on it for various
reasons.

With this series, for a network interface "user", libvirt will:
- check the slirp-helper presence and capabilites (see [1])
- setup a socket pair between qemu and the helper
- use -net socket
- setup migration thanks to dbus-vmstate

There are no changes required to domain configuration to benefit
it. "guestfwd" isn't supported at this point, but it is known to be in
a broken state with libvirt+qemu anyway.

The dbus-vmstate is being proposed to QEMU.

The libslirp-rs slirp-helper hasn't yet received a release. The
current DBus p2p mode works ok, but is a hack. This is due to poor
DBus support in Rust, and also relatively poor DBus p2p mode support
in libdbus.

fwiw, I have been working on an alternative rust-only implementation
of a slirp-helper that will also follow [1], but I am now wondering if
netstack or vpnkit could do the job.

[1] https://gitlab.freedesktop.org/slirp/libslirp-rs/blob/master/src/bin/README.rst

Marc-André Lureau (23):
  Add .editorconfig
  tests: fix xml2xml tpm-emulator.xml test
  dbus: correctly build reply message
  qemu: replace logCtxt with qemuDomainLogAppendMessage()
  qemu: add socket datagram capability
  qemu: add dbus-vmstate capability
  qemu: reset VM id after external devices stop
  qemu-security: add qemuSecurityCommandRun()
  qemu: add dbus-vmstate
  domain-conf: add network def private data
  qemu: add qemuDomainNetworkPrivate
  qemu-conf: add configurable slirp-helper location
  qemu-conf: add slirp state dir
  qemu: add slirp helper unit
  qemu-domain: save and restore slirp state
  qemu: add a flag to the cookie to prevent slirp-helper setup
  qemu-migration: prevent migration if dbus-vmstate is required
  qemu-migration: prevent migration if slirp cannot be migrated
  qemu-extdevice: prepare, start and stop slirp-helper
  qemu-command: use -net socket,fd= with slirp-helper
  qemu-process: prepare slirp-helper
  qemu-hotplug: handle hotplugging of slirp-helper
  tests: add slirp-helper qemuxml2argv test

 .editorconfig                                 |  21 +
 m4/virt-driver-qemu.m4                        |   5 +
 src/conf/domain_conf.c                        |  21 +-
 src/conf/domain_conf.h                        |   6 +
 src/qemu/Makefile.inc.am                      |   4 +
 src/qemu/libvirtd_qemu.aug                    |   1 +
 src/qemu/qemu.conf                            |   3 +
 src/qemu/qemu_alias.c                         |  17 +
 src/qemu/qemu_alias.h                         |   3 +
 src/qemu/qemu_capabilities.c                  |   8 +
 src/qemu/qemu_capabilities.h                  |   2 +
 src/qemu/qemu_command.c                       | 118 ++++-
 src/qemu/qemu_command.h                       |   6 +-
 src/qemu/qemu_conf.c                          |  11 +-
 src/qemu/qemu_conf.h                          |   2 +
 src/qemu/qemu_dbus.c                          |  94 ++++
 src/qemu/qemu_dbus.h                          |  42 ++
 src/qemu/qemu_domain.c                        | 220 ++++++++-
 src/qemu/qemu_domain.h                        |  20 +
 src/qemu/qemu_driver.c                        |   8 +
 src/qemu/qemu_extdevice.c                     |  82 ++--
 src/qemu/qemu_extdevice.h                     |  10 +-
 src/qemu/qemu_hotplug.c                       | 112 ++++-
 src/qemu/qemu_hotplug.h                       |  11 +
 src/qemu/qemu_interface.c                     |  27 ++
 src/qemu/qemu_interface.h                     |   4 +
 src/qemu/qemu_migration.c                     |  19 +
 src/qemu/qemu_monitor.c                       |  13 +-
 src/qemu/qemu_monitor.h                       |   3 +-
 src/qemu/qemu_process.c                       |  24 +-
 src/qemu/qemu_security.c                      |  22 +
 src/qemu/qemu_security.h                      |   6 +
 src/qemu/qemu_slirp.c                         | 448 ++++++++++++++++++
 src/qemu/qemu_slirp.h                         |  81 ++++
 src/qemu/qemu_tpm.c                           |   4 +-
 src/qemu/test_libvirtd_qemu.aug.in            |   1 +
 src/util/virdbus.c                            |  18 +-
 src/util/virdbus.h                            |   6 +-
 .../caps_4.0.0.aarch64.xml                    |   1 +
 .../qemucapabilitiesdata/caps_4.0.0.ppc64.xml |   1 +
 .../caps_4.0.0.riscv32.xml                    |   1 +
 .../caps_4.0.0.riscv64.xml                    |   1 +
 .../qemucapabilitiesdata/caps_4.0.0.s390x.xml |   1 +
 .../caps_4.0.0.x86_64.xml                     |   1 +
 .../caps_4.1.0.x86_64.xml                     |   1 +
 .../net-user.x86_64-4.0.0.args                |  34 ++
 tests/qemuxml2argvdata/tpm-emulator.xml       |   2 +-
 tests/qemuxml2argvtest.c                      |  16 +
 tests/testutilsqemu.h                         |   1 +
 tests/virfirewalltest.c                       |   9 +-
 tests/virpolkittest.c                         |   3 +-
 51 files changed, 1498 insertions(+), 77 deletions(-)
 create mode 100644 .editorconfig
 create mode 100644 src/qemu/qemu_dbus.c
 create mode 100644 src/qemu/qemu_dbus.h
 create mode 100644 src/qemu/qemu_slirp.c
 create mode 100644 src/qemu/qemu_slirp.h
 create mode 100644 tests/qemuxml2argvdata/net-user.x86_64-4.0.0.args

-- 
2.23.0.rc1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 00/23] Use a slirp helper process
Posted by Michal Privoznik 4 years, 7 months ago 
On 8/8/19 4:54 PM, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
> 
> Hi,
> 
> SLIRP networking can be running in a separate process. This allows for
> stricter security policies for QEMU & SLIRP, as SLIRP is notoriously
> not very safe (discussed on ML, various CVEs, and even the code says
> so explicitly in the comments), yet people rely on it for various
> reasons.
> 
> With this series, for a network interface "user", libvirt will:
> - check the slirp-helper presence and capabilites (see [1])
> - setup a socket pair between qemu and the helper
> - use -net socket
> - setup migration thanks to dbus-vmstate
> 
> There are no changes required to domain configuration to benefit
> it. "guestfwd" isn't supported at this point, but it is known to be in
> a broken state with libvirt+qemu anyway.
> 
> The dbus-vmstate is being proposed to QEMU.
> 
> The libslirp-rs slirp-helper hasn't yet received a release. The
> current DBus p2p mode works ok, but is a hack. This is due to poor
> DBus support in Rust, and also relatively poor DBus p2p mode support
> in libdbus.
> 
> fwiw, I have been working on an alternative rust-only implementation
> of a slirp-helper that will also follow [1], but I am now wondering if
> netstack or vpnkit could do the job.
> 
> [1] https://gitlab.freedesktop.org/slirp/libslirp-rs/blob/master/src/bin/README.rst
> 
> Marc-André Lureau (23):
>    Add .editorconfig
>    tests: fix xml2xml tpm-emulator.xml test
>    dbus: correctly build reply message
>    qemu: replace logCtxt with qemuDomainLogAppendMessage()
>    qemu: add socket datagram capability
>    qemu: add dbus-vmstate capability
>    qemu: reset VM id after external devices stop
>    qemu-security: add qemuSecurityCommandRun()
>    qemu: add dbus-vmstate
>    domain-conf: add network def private data
>    qemu: add qemuDomainNetworkPrivate
>    qemu-conf: add configurable slirp-helper location
>    qemu-conf: add slirp state dir
>    qemu: add slirp helper unit
>    qemu-domain: save and restore slirp state
>    qemu: add a flag to the cookie to prevent slirp-helper setup
>    qemu-migration: prevent migration if dbus-vmstate is required
>    qemu-migration: prevent migration if slirp cannot be migrated
>    qemu-extdevice: prepare, start and stop slirp-helper
>    qemu-command: use -net socket,fd= with slirp-helper
>    qemu-process: prepare slirp-helper
>    qemu-hotplug: handle hotplugging of slirp-helper
>    tests: add slirp-helper qemuxml2argv test
> 
>   .editorconfig                                 |  21 +
>   m4/virt-driver-qemu.m4                        |   5 +
>   src/conf/domain_conf.c                        |  21 +-
>   src/conf/domain_conf.h                        |   6 +
>   src/qemu/Makefile.inc.am                      |   4 +
>   src/qemu/libvirtd_qemu.aug                    |   1 +
>   src/qemu/qemu.conf                            |   3 +
>   src/qemu/qemu_alias.c                         |  17 +
>   src/qemu/qemu_alias.h                         |   3 +
>   src/qemu/qemu_capabilities.c                  |   8 +
>   src/qemu/qemu_capabilities.h                  |   2 +
>   src/qemu/qemu_command.c                       | 118 ++++-
>   src/qemu/qemu_command.h                       |   6 +-
>   src/qemu/qemu_conf.c                          |  11 +-
>   src/qemu/qemu_conf.h                          |   2 +
>   src/qemu/qemu_dbus.c                          |  94 ++++
>   src/qemu/qemu_dbus.h                          |  42 ++
>   src/qemu/qemu_domain.c                        | 220 ++++++++-
>   src/qemu/qemu_domain.h                        |  20 +
>   src/qemu/qemu_driver.c                        |   8 +
>   src/qemu/qemu_extdevice.c                     |  82 ++--
>   src/qemu/qemu_extdevice.h                     |  10 +-
>   src/qemu/qemu_hotplug.c                       | 112 ++++-
>   src/qemu/qemu_hotplug.h                       |  11 +
>   src/qemu/qemu_interface.c                     |  27 ++
>   src/qemu/qemu_interface.h                     |   4 +
>   src/qemu/qemu_migration.c                     |  19 +
>   src/qemu/qemu_monitor.c                       |  13 +-
>   src/qemu/qemu_monitor.h                       |   3 +-
>   src/qemu/qemu_process.c                       |  24 +-
>   src/qemu/qemu_security.c                      |  22 +
>   src/qemu/qemu_security.h                      |   6 +
>   src/qemu/qemu_slirp.c                         | 448 ++++++++++++++++++
>   src/qemu/qemu_slirp.h                         |  81 ++++
>   src/qemu/qemu_tpm.c                           |   4 +-
>   src/qemu/test_libvirtd_qemu.aug.in            |   1 +
>   src/util/virdbus.c                            |  18 +-
>   src/util/virdbus.h                            |   6 +-
>   .../caps_4.0.0.aarch64.xml                    |   1 +
>   .../qemucapabilitiesdata/caps_4.0.0.ppc64.xml |   1 +
>   .../caps_4.0.0.riscv32.xml                    |   1 +
>   .../caps_4.0.0.riscv64.xml                    |   1 +
>   .../qemucapabilitiesdata/caps_4.0.0.s390x.xml |   1 +
>   .../caps_4.0.0.x86_64.xml                     |   1 +
>   .../caps_4.1.0.x86_64.xml                     |   1 +
>   .../net-user.x86_64-4.0.0.args                |  34 ++
>   tests/qemuxml2argvdata/tpm-emulator.xml       |   2 +-
>   tests/qemuxml2argvtest.c                      |  16 +
>   tests/testutilsqemu.h                         |   1 +
>   tests/virfirewalltest.c                       |   9 +-
>   tests/virpolkittest.c                         |   3 +-
>   51 files changed, 1498 insertions(+), 77 deletions(-)
>   create mode 100644 .editorconfig
>   create mode 100644 src/qemu/qemu_dbus.c
>   create mode 100644 src/qemu/qemu_dbus.h
>   create mode 100644 src/qemu/qemu_slirp.c
>   create mode 100644 src/qemu/qemu_slirp.h
>   create mode 100644 tests/qemuxml2argvdata/net-user.x86_64-4.0.0.args
> 

I've made all the changes I'm suggesting, ACKed and pushed. Sorry for 
taking it so long to review.

One thing though, this deserves a release note. Can you cook something 
please? See docs/news.xml for more info.

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.