From mboxrd@z Thu Jan 1 00:00:00 1970 From: Juan Quintela Subject: Re: KVM call for 2017-03-14 Date: Mon, 13 Mar 2017 15:12:07 +0100 Message-ID: <871su1w9jc.fsf@secure.mitica> References: <87tw6y8bs8.fsf@secure.mitica> Reply-To: quintela@redhat.com Mime-Version: 1.0 Content-Type: text/plain Cc: KVM devel mailing list , QEMU Developer To: Peter Maydell Return-path: Received: from mx1.redhat.com ([209.132.183.28]:39858 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751415AbdCMOMK (ORCPT ); Mon, 13 Mar 2017 10:12:10 -0400 In-Reply-To: (Peter Maydell's message of "Mon, 13 Mar 2017 11:02:01 +0100") Sender: kvm-owner@vger.kernel.org List-ID: Peter Maydell wrote: > On 12 March 2017 at 21:45, Juan Quintela wrote: >> >> >> Hi >> >> Please, send any topic that you are interested in covering. >> >> So far the agenda is: >> >> - Direction of QEMU and toolstack in light of Google Cloud blog: >> https://cloudplatform.googleblog.com/2017/01/7-ways-we-harden-our-KVM-hypervisor-at-Google-Cloud-security-in-plaintext.html > > > Ah, I'd forgotten that this was on the call agenda. I actually > had an interesting conversation with Alex Graf last week about > some similar topics, which I guess you could generally summarize > as "what are the issues we need to address as a project in order > to not become irrelevant in five years time". Since I wrote them > up for an internal "what I did on my holi^Wconference trip" report > I might as well repost them here: > > - on the "VM support" side, QEMU is more used because it's the only > production-quality option in this space, rather than because its > users love it. (cf the Google choice to replace it.) It's also got > a pretty poor security record. On a previous life, I have to work on making qemu pass Common Criteria. Not to be able to remove large bits of it that we were not interested was a mess (basically we care about kvm + a bunch of devices, but it was impossible to remove things like TCG). > It wouldn't be too surprising if > some time in the next five years somebody writes a replacement in > a safer language (perhaps also targeting only the VM support role) > and it got enough mindshare and takeup to eclipse QEMU. > [Is it too early/daft to think about prototyping being able to > write QEMU device emulation in Rust ?] > If the "VM support" usecase moves to another project then QEMU > will become a very quiet backwater... > - on the "emulation" side, nobody is clearly articulating a purpose > for QEMU, a reason why you should use it rather than other modelling > technologies (or rather than using real hardware). As a result the > efforts applied to QEMU are somewhat unfocused. Are we trying to be: > . a dev platform before easy h/w availability? > [not easy for QEMU for several reasons] > . a dev tool that provides better introspection into guest > behaviour than running on h/w? > [if so we should put more work into improving our introspection > and guest tracing capabilities!] > . primarily a tool for doing automated CI testing and one-off > developer smoke-testing that's easier to set up and scale than > trying to test on real h/w? > . something else? > [your idea goes here!] > - in all areas our legacy code and back-compatibility requirements > are threatening to choke forward progress if we don't make serious > efforts to get on top of them But how? and When? If you get some new interfaces and some devices are not ported, what are we going to do? - require the people that do the new interfaces to update the legacy code (and they will get bored) - remove the unmaintained code after some time Both approaches have its advantages and disadvantages. > - there's no easy way for people to use parts of QEMU like the CPU > emulation, or to add their own devices without having to write lots > of C code (we're firmly in a "one monolithic blob of code" setup > right now and disentangling and setting clear API dividing lines > will be a lot of work) > [Making QEMU more modular would help with defeating the legacy > and back-compat dragons, though] That would be ideal, but where to start? Think of something as "simple" asd adding a struct of operations that implement the differences for TCG, xen and kvm. And you see that you get into having to rewrite lot of code after moving to that abstraction just the more simple operations. Later, Juan. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52373) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cnQhp-0006Vk-NS for qemu-devel@nongnu.org; Mon, 13 Mar 2017 10:12:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cnQhm-0007bx-Ha for qemu-devel@nongnu.org; Mon, 13 Mar 2017 10:12:13 -0400 Received: from mx1.redhat.com ([209.132.183.28]:59428) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cnQhm-0007bc-8a for qemu-devel@nongnu.org; Mon, 13 Mar 2017 10:12:10 -0400 From: Juan Quintela In-Reply-To: (Peter Maydell's message of "Mon, 13 Mar 2017 11:02:01 +0100") References: <87tw6y8bs8.fsf@secure.mitica> Reply-To: quintela@redhat.com Date: Mon, 13 Mar 2017 15:12:07 +0100 Message-ID: <871su1w9jc.fsf@secure.mitica> MIME-Version: 1.0 Content-Type: text/plain Subject: Re: [Qemu-devel] KVM call for 2017-03-14 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: KVM devel mailing list , QEMU Developer Peter Maydell wrote: > On 12 March 2017 at 21:45, Juan Quintela wrote: >> >> >> Hi >> >> Please, send any topic that you are interested in covering. >> >> So far the agenda is: >> >> - Direction of QEMU and toolstack in light of Google Cloud blog: >> https://cloudplatform.googleblog.com/2017/01/7-ways-we-harden-our-KVM-hypervisor-at-Google-Cloud-security-in-plaintext.html > > > Ah, I'd forgotten that this was on the call agenda. I actually > had an interesting conversation with Alex Graf last week about > some similar topics, which I guess you could generally summarize > as "what are the issues we need to address as a project in order > to not become irrelevant in five years time". Since I wrote them > up for an internal "what I did on my holi^Wconference trip" report > I might as well repost them here: > > - on the "VM support" side, QEMU is more used because it's the only > production-quality option in this space, rather than because its > users love it. (cf the Google choice to replace it.) It's also got > a pretty poor security record. On a previous life, I have to work on making qemu pass Common Criteria. Not to be able to remove large bits of it that we were not interested was a mess (basically we care about kvm + a bunch of devices, but it was impossible to remove things like TCG). > It wouldn't be too surprising if > some time in the next five years somebody writes a replacement in > a safer language (perhaps also targeting only the VM support role) > and it got enough mindshare and takeup to eclipse QEMU. > [Is it too early/daft to think about prototyping being able to > write QEMU device emulation in Rust ?] > If the "VM support" usecase moves to another project then QEMU > will become a very quiet backwater... > - on the "emulation" side, nobody is clearly articulating a purpose > for QEMU, a reason why you should use it rather than other modelling > technologies (or rather than using real hardware). As a result the > efforts applied to QEMU are somewhat unfocused. Are we trying to be: > . a dev platform before easy h/w availability? > [not easy for QEMU for several reasons] > . a dev tool that provides better introspection into guest > behaviour than running on h/w? > [if so we should put more work into improving our introspection > and guest tracing capabilities!] > . primarily a tool for doing automated CI testing and one-off > developer smoke-testing that's easier to set up and scale than > trying to test on real h/w? > . something else? > [your idea goes here!] > - in all areas our legacy code and back-compatibility requirements > are threatening to choke forward progress if we don't make serious > efforts to get on top of them But how? and When? If you get some new interfaces and some devices are not ported, what are we going to do? - require the people that do the new interfaces to update the legacy code (and they will get bored) - remove the unmaintained code after some time Both approaches have its advantages and disadvantages. > - there's no easy way for people to use parts of QEMU like the CPU > emulation, or to add their own devices without having to write lots > of C code (we're firmly in a "one monolithic blob of code" setup > right now and disentangling and setting clear API dividing lines > will be a lot of work) > [Making QEMU more modular would help with defeating the legacy > and back-compat dragons, though] That would be ideal, but where to start? Think of something as "simple" asd adding a struct of operations that implement the differences for TCG, xen and kvm. And you see that you get into having to rewrite lot of code after moving to that abstraction just the more simple operations. Later, Juan.