[libvirt] [PATCH v2 00/23] Use a slirp helper process
Michal Privoznik
mprivozn at redhat.com
Fri Sep 6 11:37:24 UTC 2019
On 8/8/19 4:54 PM, marcandre.lureau at redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau at redhat.com>
>
> Hi,
>
> SLIRP networking can be running in a separate process. This allows for
> stricter security policies for QEMU & SLIRP, as SLIRP is notoriously
> not very safe (discussed on ML, various CVEs, and even the code says
> so explicitly in the comments), yet people rely on it for various
> reasons.
>
> With this series, for a network interface "user", libvirt will:
> - check the slirp-helper presence and capabilites (see [1])
> - setup a socket pair between qemu and the helper
> - use -net socket
> - setup migration thanks to dbus-vmstate
>
> There are no changes required to domain configuration to benefit
> it. "guestfwd" isn't supported at this point, but it is known to be in
> a broken state with libvirt+qemu anyway.
>
> The dbus-vmstate is being proposed to QEMU.
>
> The libslirp-rs slirp-helper hasn't yet received a release. The
> current DBus p2p mode works ok, but is a hack. This is due to poor
> DBus support in Rust, and also relatively poor DBus p2p mode support
> in libdbus.
>
> fwiw, I have been working on an alternative rust-only implementation
> of a slirp-helper that will also follow [1], but I am now wondering if
> netstack or vpnkit could do the job.
>
> [1] https://gitlab.freedesktop.org/slirp/libslirp-rs/blob/master/src/bin/README.rst
>
> Marc-André Lureau (23):
> Add .editorconfig
> tests: fix xml2xml tpm-emulator.xml test
> dbus: correctly build reply message
> qemu: replace logCtxt with qemuDomainLogAppendMessage()
> qemu: add socket datagram capability
> qemu: add dbus-vmstate capability
> qemu: reset VM id after external devices stop
> qemu-security: add qemuSecurityCommandRun()
> qemu: add dbus-vmstate
> domain-conf: add network def private data
> qemu: add qemuDomainNetworkPrivate
> qemu-conf: add configurable slirp-helper location
> qemu-conf: add slirp state dir
> qemu: add slirp helper unit
> qemu-domain: save and restore slirp state
> qemu: add a flag to the cookie to prevent slirp-helper setup
> qemu-migration: prevent migration if dbus-vmstate is required
> qemu-migration: prevent migration if slirp cannot be migrated
> qemu-extdevice: prepare, start and stop slirp-helper
> qemu-command: use -net socket,fd= with slirp-helper
> qemu-process: prepare slirp-helper
> qemu-hotplug: handle hotplugging of slirp-helper
> tests: add slirp-helper qemuxml2argv test
>
> .editorconfig | 21 +
> m4/virt-driver-qemu.m4 | 5 +
> src/conf/domain_conf.c | 21 +-
> src/conf/domain_conf.h | 6 +
> src/qemu/Makefile.inc.am | 4 +
> src/qemu/libvirtd_qemu.aug | 1 +
> src/qemu/qemu.conf | 3 +
> src/qemu/qemu_alias.c | 17 +
> src/qemu/qemu_alias.h | 3 +
> src/qemu/qemu_capabilities.c | 8 +
> src/qemu/qemu_capabilities.h | 2 +
> src/qemu/qemu_command.c | 118 ++++-
> src/qemu/qemu_command.h | 6 +-
> src/qemu/qemu_conf.c | 11 +-
> src/qemu/qemu_conf.h | 2 +
> src/qemu/qemu_dbus.c | 94 ++++
> src/qemu/qemu_dbus.h | 42 ++
> src/qemu/qemu_domain.c | 220 ++++++++-
> src/qemu/qemu_domain.h | 20 +
> src/qemu/qemu_driver.c | 8 +
> src/qemu/qemu_extdevice.c | 82 ++--
> src/qemu/qemu_extdevice.h | 10 +-
> src/qemu/qemu_hotplug.c | 112 ++++-
> src/qemu/qemu_hotplug.h | 11 +
> src/qemu/qemu_interface.c | 27 ++
> src/qemu/qemu_interface.h | 4 +
> src/qemu/qemu_migration.c | 19 +
> src/qemu/qemu_monitor.c | 13 +-
> src/qemu/qemu_monitor.h | 3 +-
> src/qemu/qemu_process.c | 24 +-
> src/qemu/qemu_security.c | 22 +
> src/qemu/qemu_security.h | 6 +
> src/qemu/qemu_slirp.c | 448 ++++++++++++++++++
> src/qemu/qemu_slirp.h | 81 ++++
> src/qemu/qemu_tpm.c | 4 +-
> src/qemu/test_libvirtd_qemu.aug.in | 1 +
> src/util/virdbus.c | 18 +-
> src/util/virdbus.h | 6 +-
> .../caps_4.0.0.aarch64.xml | 1 +
> .../qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 1 +
> .../caps_4.0.0.riscv32.xml | 1 +
> .../caps_4.0.0.riscv64.xml | 1 +
> .../qemucapabilitiesdata/caps_4.0.0.s390x.xml | 1 +
> .../caps_4.0.0.x86_64.xml | 1 +
> .../caps_4.1.0.x86_64.xml | 1 +
> .../net-user.x86_64-4.0.0.args | 34 ++
> tests/qemuxml2argvdata/tpm-emulator.xml | 2 +-
> tests/qemuxml2argvtest.c | 16 +
> tests/testutilsqemu.h | 1 +
> tests/virfirewalltest.c | 9 +-
> tests/virpolkittest.c | 3 +-
> 51 files changed, 1498 insertions(+), 77 deletions(-)
> create mode 100644 .editorconfig
> create mode 100644 src/qemu/qemu_dbus.c
> create mode 100644 src/qemu/qemu_dbus.h
> create mode 100644 src/qemu/qemu_slirp.c
> create mode 100644 src/qemu/qemu_slirp.h
> create mode 100644 tests/qemuxml2argvdata/net-user.x86_64-4.0.0.args
>
I've made all the changes I'm suggesting, ACKed and pushed. Sorry for
taking it so long to review.
One thing though, this deserves a release note. Can you cook something
please? See docs/news.xml for more info.
Michal
More information about the libvir-list
mailing list