From: Markus Armbruster <armbru@redhat.com>
To: Henning Schild <henning.schild@siemens.com>
Cc: Vincent JARDIN <vincent.jardin@6wind.com>,
qemu-devel@nongnu.org, kvm@vger.kernel.org,
virtualization@lists.linux-foundation.org
Subject: Why I advise against using ivshmem (was: [Qemu-devel] Using virtio for inter-VM communication)
Date: Thu, 12 Jun 2014 16:40:24 +0200 [thread overview]
Message-ID: <87vbs6qjhj.fsf_-_@blackfin.pond.sub.org> (raw)
In-Reply-To: <20140612094413.15e56938@nbschild1> (Henning Schild's message of "Thu, 12 Jun 2014 09:44:13 +0200")
Henning Schild <henning.schild@siemens.com> writes:
> On Thu, 12 Jun 2014 08:48:04 +0200
> Markus Armbruster <armbru@redhat.com> wrote:
>
>> Vincent JARDIN <vincent.jardin@6wind.com> writes:
>>
>> > On 10/06/2014 18:48, Henning Schild wrote:> Hi,
>> >> In a first prototype i implemented a ivshmem[2] device for the
>> >> hypervisor. That way we can share memory between virtual machines.
>> >> Ivshmem is nice and simple but does not seem to be used anymore.
>> >> And it
>> >> does not define higher level devices, like a console.
>> >
>> > FYI, ivhsmem is used here:
>> > http://dpdk.org/browse/memnic/tree/
>> >
>> > http://dpdk.org/browse/memnic/tree/pmd/pmd_memnic.c#n449
>> >
>> > There are some few other references too, if needed.
>>
>> It may be used, but that doesn't mean it's maintained, or robust
>> against abuse. My advice is to steer clear of it.
>
> Could you elaborate on why you advice against it?
Sure! The reasons for my dislike range from practical to philosophical.
My practical concerns include:
1. ivshmem code needs work, but has no maintainer
- Error handling is generally poor. For instance, "device_add
ivshmem" kills your guest instantly.
- More subjectively, I don't trust the code to be robust against
abuse by our own guest, or the other guests sharing the memory.
Convincing me would take a code audit.
- MAINTAINERS doesn't cover ivshmem.c.
- The last non-trivial commit that isn't obviously part of some
tree-wide infrastructure or cleanup work is from September 2012
(commit c08ba66).
2. There is no libvirt support
3. Out-of-tree server program required for full functionality
Interrupts require a "shared memory server" running in the host (see
docs/specs/ivshmem_device_spec.txt). It doesn't tell where to find
one. The initial commit 6cbf4c8 points to
<www.gitorious.org/nahanni>. That repository's last commit is from
September 2012. He's dead, Jim.
ivshmem_device_spec.txt is silent on what the server is supposed to
do.
If this server requires privileges: I don't trust it without an
audit.
4. Out-of-tree kernel uio driver required
The device is "intended to be used with the provided UIO driver"
(ivshmem_device_spec.txt again). As far as I can tell, the "provided
UIO driver" is the one in the dead Nahanni repo.
By now, you should be expecting this: I don't trust that one either.
These concerns are all fixable, but it'll take serious work, and time.
Something like:
* Find a maintainer for the device model
* Review and fix its code
* Get the required kernel module upstream
* Get all the required parts outside QEMU packaged in major distros, or
absorbed into QEMU
In short, create a viable community around ivshmem, either within the
QEMU community, or separately but cooperating.
On to the more philosophical ones.
5. Out-of-tree interface required
Paraphrasing an old quip: Some people, when confronted with a
problem, think "I know, I'll use shared memory." Now they have two
problems.
Shared memory is not an interface. It's at best something you can
use to build an interface.
I'd rather have us offer something with a little bit more structure.
Very fast guest-to-guest networking perhaps.
6. Device models belong into QEMU
Say you build an actual interface on top of ivshmem. Then ivshmem in
QEMU together with the supporting host code outside QEMU (see 3.) and
the lower layer of the code using it in guests (kernel + user space)
provide something that to me very much looks like a device model.
Device models belong into QEMU. It's what QEMU does.
To all currently using ivshmem or contemplating its use: I'd like to
invite you to work with the QEMU community to get your use case
served better. You could start worse than with explaining it to us.
In case you'd rather not work with the QEMU community: I'm not
passing judgement on that (heck, I have had days when I'd rather not,
too). But if somebody's reasons not to work with us include GPL
circumvention, then that somebody is a scoundrel.
WARNING: multiple messages have this Message-ID (diff)
From: Markus Armbruster <armbru@redhat.com>
To: Henning Schild <henning.schild@siemens.com>
Cc: Vincent JARDIN <vincent.jardin@6wind.com>,
qemu-devel@nongnu.org, kvm@vger.kernel.org,
virtualization@lists.linux-foundation.org
Subject: [Qemu-devel] Why I advise against using ivshmem (was: Using virtio for inter-VM communication)
Date: Thu, 12 Jun 2014 16:40:24 +0200 [thread overview]
Message-ID: <87vbs6qjhj.fsf_-_@blackfin.pond.sub.org> (raw)
In-Reply-To: <20140612094413.15e56938@nbschild1> (Henning Schild's message of "Thu, 12 Jun 2014 09:44:13 +0200")
Henning Schild <henning.schild@siemens.com> writes:
> On Thu, 12 Jun 2014 08:48:04 +0200
> Markus Armbruster <armbru@redhat.com> wrote:
>
>> Vincent JARDIN <vincent.jardin@6wind.com> writes:
>>
>> > On 10/06/2014 18:48, Henning Schild wrote:> Hi,
>> >> In a first prototype i implemented a ivshmem[2] device for the
>> >> hypervisor. That way we can share memory between virtual machines.
>> >> Ivshmem is nice and simple but does not seem to be used anymore.
>> >> And it
>> >> does not define higher level devices, like a console.
>> >
>> > FYI, ivhsmem is used here:
>> > http://dpdk.org/browse/memnic/tree/
>> >
>> > http://dpdk.org/browse/memnic/tree/pmd/pmd_memnic.c#n449
>> >
>> > There are some few other references too, if needed.
>>
>> It may be used, but that doesn't mean it's maintained, or robust
>> against abuse. My advice is to steer clear of it.
>
> Could you elaborate on why you advice against it?
Sure! The reasons for my dislike range from practical to philosophical.
My practical concerns include:
1. ivshmem code needs work, but has no maintainer
- Error handling is generally poor. For instance, "device_add
ivshmem" kills your guest instantly.
- More subjectively, I don't trust the code to be robust against
abuse by our own guest, or the other guests sharing the memory.
Convincing me would take a code audit.
- MAINTAINERS doesn't cover ivshmem.c.
- The last non-trivial commit that isn't obviously part of some
tree-wide infrastructure or cleanup work is from September 2012
(commit c08ba66).
2. There is no libvirt support
3. Out-of-tree server program required for full functionality
Interrupts require a "shared memory server" running in the host (see
docs/specs/ivshmem_device_spec.txt). It doesn't tell where to find
one. The initial commit 6cbf4c8 points to
<www.gitorious.org/nahanni>. That repository's last commit is from
September 2012. He's dead, Jim.
ivshmem_device_spec.txt is silent on what the server is supposed to
do.
If this server requires privileges: I don't trust it without an
audit.
4. Out-of-tree kernel uio driver required
The device is "intended to be used with the provided UIO driver"
(ivshmem_device_spec.txt again). As far as I can tell, the "provided
UIO driver" is the one in the dead Nahanni repo.
By now, you should be expecting this: I don't trust that one either.
These concerns are all fixable, but it'll take serious work, and time.
Something like:
* Find a maintainer for the device model
* Review and fix its code
* Get the required kernel module upstream
* Get all the required parts outside QEMU packaged in major distros, or
absorbed into QEMU
In short, create a viable community around ivshmem, either within the
QEMU community, or separately but cooperating.
On to the more philosophical ones.
5. Out-of-tree interface required
Paraphrasing an old quip: Some people, when confronted with a
problem, think "I know, I'll use shared memory." Now they have two
problems.
Shared memory is not an interface. It's at best something you can
use to build an interface.
I'd rather have us offer something with a little bit more structure.
Very fast guest-to-guest networking perhaps.
6. Device models belong into QEMU
Say you build an actual interface on top of ivshmem. Then ivshmem in
QEMU together with the supporting host code outside QEMU (see 3.) and
the lower layer of the code using it in guests (kernel + user space)
provide something that to me very much looks like a device model.
Device models belong into QEMU. It's what QEMU does.
To all currently using ivshmem or contemplating its use: I'd like to
invite you to work with the QEMU community to get your use case
served better. You could start worse than with explaining it to us.
In case you'd rather not work with the QEMU community: I'm not
passing judgement on that (heck, I have had days when I'd rather not,
too). But if somebody's reasons not to work with us include GPL
circumvention, then that somebody is a scoundrel.
next prev parent reply other threads:[~2014-06-12 14:40 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-10 16:48 Using virtio for inter-VM communication Henning Schild
2014-06-10 16:48 ` [Qemu-devel] " Henning Schild
2014-06-10 22:15 ` Vincent JARDIN
2014-06-10 22:15 ` Vincent JARDIN
2014-06-10 22:15 ` [Qemu-devel] " Vincent JARDIN
2014-06-12 6:48 ` Markus Armbruster
2014-06-12 6:48 ` Markus Armbruster
2014-06-12 6:48 ` [Qemu-devel] " Markus Armbruster
2014-06-12 7:44 ` Henning Schild
2014-06-12 7:44 ` [Qemu-devel] " Henning Schild
2014-06-12 9:31 ` Vincent JARDIN
2014-06-12 9:31 ` Vincent JARDIN
2014-06-12 9:31 ` [Qemu-devel] " Vincent JARDIN
2014-06-12 12:55 ` Markus Armbruster
2014-06-12 14:40 ` Why I advise against using ivshmem (was: [Qemu-devel] Using virtio for inter-VM communication) Markus Armbruster
2014-06-12 14:40 ` Markus Armbruster [this message]
2014-06-12 14:40 ` [Qemu-devel] Why I advise against using ivshmem (was: " Markus Armbruster
2014-06-12 16:02 ` Why I advise against using ivshmem Vincent JARDIN
2014-06-12 16:02 ` [Qemu-devel] " Vincent JARDIN
2014-06-12 16:54 ` Paolo Bonzini
2014-06-12 16:54 ` [Qemu-devel] " Paolo Bonzini
2014-06-13 8:46 ` Markus Armbruster
2014-06-13 9:26 ` Vincent JARDIN
2014-06-13 9:31 ` Jobin Raju George
2014-06-13 9:31 ` Jobin Raju George
2014-06-13 9:31 ` Jobin Raju George
2014-06-13 9:48 ` Olivier MATZ
2014-06-13 9:48 ` Olivier MATZ
2014-06-13 9:48 ` Olivier MATZ
2014-06-13 10:09 ` Paolo Bonzini
2014-06-13 13:41 ` Vincent JARDIN
2014-06-13 13:41 ` Vincent JARDIN
2014-06-13 13:41 ` Vincent JARDIN
2014-06-13 14:10 ` Paolo Bonzini
2014-06-13 14:10 ` Paolo Bonzini
2014-06-14 18:01 ` Vincent JARDIN
2014-06-14 18:01 ` Vincent JARDIN
2014-06-17 2:54 ` Stefan Hajnoczi
2014-06-17 9:03 ` David Marchand
2014-06-17 9:03 ` David Marchand
2014-06-17 9:44 ` Paolo Bonzini
2014-06-18 10:48 ` Stefan Hajnoczi
2014-06-18 10:48 ` Stefan Hajnoczi
2014-06-18 14:57 ` David Marchand
2014-06-18 14:57 ` David Marchand
2014-06-18 14:57 ` David Marchand
2014-06-18 15:10 ` Paolo Bonzini
2014-06-21 9:34 ` Stefan Hajnoczi
2014-06-26 20:02 ` Cam Macdonell
2014-06-26 20:02 ` Cam Macdonell
2014-06-18 15:01 ` Andreas Färber
2014-06-18 15:01 ` Andreas Färber
2014-06-19 8:25 ` David Marchand
2014-06-19 8:25 ` David Marchand
2014-06-19 8:25 ` David Marchand
2014-06-18 15:01 ` Andreas Färber
2014-06-30 11:10 ` Markus Armbruster
2014-06-30 11:10 ` Markus Armbruster
2014-06-30 11:10 ` Markus Armbruster
2014-06-18 10:51 ` Stefan Hajnoczi
2014-06-18 10:51 ` Stefan Hajnoczi
2014-06-18 14:58 ` David Marchand
2014-06-18 14:58 ` David Marchand
2014-06-18 14:58 ` David Marchand
2014-06-18 14:22 ` Claudio Fontana
2014-06-17 9:03 ` David Marchand
2014-06-13 9:29 ` Jobin Raju George
2014-06-13 9:29 ` [Qemu-devel] " Jobin Raju George
2014-06-13 9:29 ` Jobin Raju George
2014-06-12 16:02 ` Vincent JARDIN
2014-06-12 2:27 ` Using virtio for inter-VM communication Rusty Russell
2014-06-12 2:27 ` Rusty Russell
2014-06-12 2:27 ` [Qemu-devel] " Rusty Russell
2014-06-12 5:32 ` Jan Kiszka
2014-06-12 5:32 ` [Qemu-devel] " Jan Kiszka
2014-06-13 0:47 ` Rusty Russell
2014-06-13 0:47 ` [Qemu-devel] " Rusty Russell
2014-06-13 6:23 ` Jan Kiszka
2014-06-13 6:23 ` [Qemu-devel] " Jan Kiszka
2014-06-13 8:45 ` Paolo Bonzini
2014-06-13 8:45 ` [Qemu-devel] " Paolo Bonzini
2014-06-15 6:20 ` Jan Kiszka
2014-06-15 6:20 ` Jan Kiszka
2014-06-15 6:20 ` [Qemu-devel] " Jan Kiszka
2014-06-17 5:24 ` Paolo Bonzini
2014-06-17 5:24 ` [Qemu-devel] " Paolo Bonzini
2014-06-17 5:57 ` Jan Kiszka
2014-06-17 5:57 ` Jan Kiszka
2014-06-17 5:57 ` [Qemu-devel] " Jan Kiszka
2014-06-17 5:24 ` Paolo Bonzini
2014-06-12 5:32 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vbs6qjhj.fsf_-_@blackfin.pond.sub.org \
--to=armbru@redhat.com \
--cc=henning.schild@siemens.com \
--cc=kvm@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=vincent.jardin@6wind.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.