From: "Decker, Schorschi" <schorschi.decker@bankofamerica.com>
To: "Richard W.M. Jones" <rjones@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Cc: Avi Kivity <avi@redhat.com>, kvm <kvm@vger.kernel.org>
Subject: Re: Guest kernel device compatability auto-detection
Date: Thu, 25 Aug 2011 16:25:28 +0000 [thread overview]
Message-ID: <559DD0FA4608774CA06F6DFA0F16FE830C96C30D@ex2k.bankofamerica.com> (raw)
In-Reply-To: <20110825100124.GA3197@amd.home.annexia.org>
>From a security perspective, this not a great idea. Security isolation in virtualization is gaining ground, so anything that breaches the hypervisor/guest vale is by your typical enterprise/company security team considered completely illegal, a number of firms I have talked with all are talking about how their respective security teams are raising all kinds of hell/red flags, demanding disablement of features that breach the vale.
I would ask two things be done in the design if it goes forward, 1) have an explicit way to disable this feature, where the hypervisor cannot interact with the guest OS directly in any way if disablement is selected. 2) implement the feature as an agent in the guest OS where the hypervisor can only query the guest OS agent, using a standard TCP/IP methodology. Any under the hood, under the covers methodology, I can tell you for a fact, security teams will quash, or demand the feature is disabled. This goes for VM to VM communication as well that does not use a formal TCP/IP stack based method as well. Security teams want true OS isolation, point blank.
Schorschi Decker
VP; Sr. Consultant Engineer
ECT&O Emerging Technologies / Virtualization Platform Engineering Team
Bank of America
Office 213-345-4714
-----Original Message-----
From: kvm-owner@vger.kernel.org [mailto:kvm-owner@vger.kernel.org] On Behalf Of Richard W.M. Jones
Sent: Thursday, 25 August, 2011 03:01
To: qemu-devel@nongnu.org
Cc: Avi Kivity; kvm
Subject: Re: [Qemu-devel] Guest kernel device compatability auto-detection
On Thu, Aug 25, 2011 at 08:48:25AM +0100, Richard W.M. Jones wrote:
> On Thu, Aug 25, 2011 at 10:40:34AM +0300, Sasha Levin wrote:
> > From what I gathered libguestfs only provides access to the guests'
> > image.
>
> Correct.
>
> > Which part is doing the IKCONFIG or System.map probing? Or is it
> > done in a different way?
>
> You'll have to see what Matt's doing in the virt-v2v code for the
> details, but in general we have full access to:
>
> - grub.conf (to determine which kernel will boot)
> - the kernel image
> - the corresponding System.map and config
> - the modules directory
> - the Xorg config
> - boot.ini or BCD (to determine which NT kernel will boot)
> - the Windows Registry
> - the list of packages installed (to see if VMware-tools or some other
> guest agent is installed)
>
> So working out what drivers are available is just a tedious matter of
> iterating across each of these places in the filesystem.
We had some interesting discussion on IRC about this.
Detecting if a guest "supports virtio" is a tricky problem, and it goes beyond what the guest kernel can do. For Linux guests you also need to check what userspace can do. This means unpacking the initrd and checking for virtio drivers [in the general case this is intractable, but you can do it for specific distros].
You also need to check that udev has the correct rules and that LVM is configured to see VGs on /dev/vd* devices.
Console and Xorg configuration may also need to be checked (for virtio-console and Cirrus/QXL support resp.)
virt-v2v does quite a lot of work to *enable* virtio drivers
including:
- possibly installing a new kernel and updating grub
- rebuilding the initrd to include virtio drivers
- adjusting many different config files
- removing other guest tools and Xen drivers
- reconfiguring SELinux
- adding viostor driver to Windows and adjusting the Windows Registry
Critical Device Database
Of course virt-v2v confines itself to specific known guests, and we test it like crazy.
Here is the code:
http://git.fedorahosted.org/git/?p=virt-v2v.git;a=blob;f=lib/Sys/VirtConvert/Converter/RedHat.pm;hb=HEAD
http://git.fedorahosted.org/git/?p=virt-v2v.git;a=blob;f=lib/Sys/VirtConvert/Converter/Windows.pm;hb=HEAD
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/
--
To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
----------------------------------------------------------------------
This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:
http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.
WARNING: multiple messages have this Message-ID (diff)
From: "Decker, Schorschi" <schorschi.decker@bankofamerica.com>
To: "Richard W.M. Jones" <rjones@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Cc: Avi Kivity <avi@redhat.com>, kvm <kvm@vger.kernel.org>
Subject: Re: [Qemu-devel] Guest kernel device compatability auto-detection
Date: Thu, 25 Aug 2011 16:25:28 +0000 [thread overview]
Message-ID: <559DD0FA4608774CA06F6DFA0F16FE830C96C30D@ex2k.bankofamerica.com> (raw)
In-Reply-To: <20110825100124.GA3197@amd.home.annexia.org>
>From a security perspective, this not a great idea. Security isolation in virtualization is gaining ground, so anything that breaches the hypervisor/guest vale is by your typical enterprise/company security team considered completely illegal, a number of firms I have talked with all are talking about how their respective security teams are raising all kinds of hell/red flags, demanding disablement of features that breach the vale.
I would ask two things be done in the design if it goes forward, 1) have an explicit way to disable this feature, where the hypervisor cannot interact with the guest OS directly in any way if disablement is selected. 2) implement the feature as an agent in the guest OS where the hypervisor can only query the guest OS agent, using a standard TCP/IP methodology. Any under the hood, under the covers methodology, I can tell you for a fact, security teams will quash, or demand the feature is disabled. This goes for VM to VM communication as well that does not use a formal TCP/IP stack based method as well. Security teams want true OS isolation, point blank.
Schorschi Decker
VP; Sr. Consultant Engineer
ECT&O Emerging Technologies / Virtualization Platform Engineering Team
Bank of America
Office 213-345-4714
-----Original Message-----
From: kvm-owner@vger.kernel.org [mailto:kvm-owner@vger.kernel.org] On Behalf Of Richard W.M. Jones
Sent: Thursday, 25 August, 2011 03:01
To: qemu-devel@nongnu.org
Cc: Avi Kivity; kvm
Subject: Re: [Qemu-devel] Guest kernel device compatability auto-detection
On Thu, Aug 25, 2011 at 08:48:25AM +0100, Richard W.M. Jones wrote:
> On Thu, Aug 25, 2011 at 10:40:34AM +0300, Sasha Levin wrote:
> > From what I gathered libguestfs only provides access to the guests'
> > image.
>
> Correct.
>
> > Which part is doing the IKCONFIG or System.map probing? Or is it
> > done in a different way?
>
> You'll have to see what Matt's doing in the virt-v2v code for the
> details, but in general we have full access to:
>
> - grub.conf (to determine which kernel will boot)
> - the kernel image
> - the corresponding System.map and config
> - the modules directory
> - the Xorg config
> - boot.ini or BCD (to determine which NT kernel will boot)
> - the Windows Registry
> - the list of packages installed (to see if VMware-tools or some other
> guest agent is installed)
>
> So working out what drivers are available is just a tedious matter of
> iterating across each of these places in the filesystem.
We had some interesting discussion on IRC about this.
Detecting if a guest "supports virtio" is a tricky problem, and it goes beyond what the guest kernel can do. For Linux guests you also need to check what userspace can do. This means unpacking the initrd and checking for virtio drivers [in the general case this is intractable, but you can do it for specific distros].
You also need to check that udev has the correct rules and that LVM is configured to see VGs on /dev/vd* devices.
Console and Xorg configuration may also need to be checked (for virtio-console and Cirrus/QXL support resp.)
virt-v2v does quite a lot of work to *enable* virtio drivers
including:
- possibly installing a new kernel and updating grub
- rebuilding the initrd to include virtio drivers
- adjusting many different config files
- removing other guest tools and Xen drivers
- reconfiguring SELinux
- adding viostor driver to Windows and adjusting the Windows Registry
Critical Device Database
Of course virt-v2v confines itself to specific known guests, and we test it like crazy.
Here is the code:
http://git.fedorahosted.org/git/?p=virt-v2v.git;a=blob;f=lib/Sys/VirtConvert/Converter/RedHat.pm;hb=HEAD
http://git.fedorahosted.org/git/?p=virt-v2v.git;a=blob;f=lib/Sys/VirtConvert/Converter/Windows.pm;hb=HEAD
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/
--
To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
----------------------------------------------------------------------
This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:
http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.
next prev parent reply other threads:[~2011-08-25 16:25 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-25 5:21 Guest kernel device compatability auto-detection Sasha Levin
2011-08-25 5:21 ` [Qemu-devel] " Sasha Levin
2011-08-25 5:33 ` Avi Kivity
2011-08-25 7:32 ` Richard W.M. Jones
2011-08-25 7:32 ` Richard W.M. Jones
2011-08-25 7:40 ` Sasha Levin
2011-08-25 7:40 ` Sasha Levin
2011-08-25 7:48 ` Richard W.M. Jones
2011-08-25 10:01 ` Richard W.M. Jones
2011-08-25 16:25 ` Decker, Schorschi [this message]
2011-08-25 16:25 ` Decker, Schorschi
2011-08-26 6:22 ` Sasha Levin
2011-08-26 6:22 ` Sasha Levin
2011-08-26 8:04 ` Richard W.M. Jones
2011-08-26 8:04 ` [Qemu-devel] " Richard W.M. Jones
2011-08-26 10:18 ` Sasha Levin
2011-08-26 10:18 ` Sasha Levin
2011-08-26 10:28 ` Richard W.M. Jones
2011-08-26 10:28 ` Richard W.M. Jones
2011-08-25 21:48 ` Anthony Liguori
2011-08-25 21:48 ` [Qemu-devel] " Anthony Liguori
2011-08-26 6:08 ` Sasha Levin
2011-08-26 6:08 ` [Qemu-devel] " Sasha Levin
2011-08-26 8:43 ` Richard W.M. Jones
2011-08-26 8:43 ` Richard W.M. Jones
2011-08-26 8:40 ` Richard W.M. Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=559DD0FA4608774CA06F6DFA0F16FE830C96C30D@ex2k.bankofamerica.com \
--to=schorschi.decker@bankofamerica.com \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=rjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.