On Sat, Jun 27, 2020 at 10:09:42AM -0700, elena.ufimtseva@oracle.com wrote:
> diff --git a/docs/devel/multi-process.rst b/docs/devel/multi-process.rst
> new file mode 100644
> index 0000000000..406728854c
> --- /dev/null
> +++ b/docs/devel/multi-process.rst
> @@ -0,0 +1,957 @@
> +Multi-process QEMU
> +===================
> +
> +QEMU is often used as the hypervisor for virtual machines running in the
> +Oracle cloud. Since one of the advantages of cloud computing is the
> +ability to run many VMs from different tenants in the same cloud
> +infrastructure, a guest that compromised its hypervisor could
> +potentially use the hypervisor's access privileges to access data it is
> +not authorized for.
> +
> +QEMU can be susceptible to security attacks because it is a large,
> +monolithic program that provides many features to the VMs it services.
> +Many of these features can be configured out of QEMU, but even a reduced
> +configuration QEMU has a large amount of code a guest can potentially
> +attack. Separating QEMU reduces the attack surface by aiding to
> +limit each component in the system to only access the resources that
> +it needs to perform its job.

This document does not reflect the functionality, internals, or syntax
implemented in this patch series closely. It can still be useful as
background reading for someone interested in diving into the code, but
please add a disclaimer at the top to avoid confusion:

  This is the design document for multi-process QEMU. It does not
  necessarily reflect the status of the current implementation, which
  may lack features or be considerably different from what is described
  in this document. This document is still useful as a description of
  the goals and general direction of this feature.