Hi Alex, I'm also terribly sorry for the delay in responding to this. I'm only now having the time resources to come back to this topic and figure out a way forward with my proposal. Please see my notes below (quoting only the relevant sections). > On Nov 6, 2018, at 9:32 PM, Alex Williamson <alex.williamson@xxxxxxxxxx> wrote: > > There were mostly two main threads of discussion, the first was Filipe's > discussion of a socket interface making use of the VFIO ABI to > implement a userspace device model. For a VM use case, QEMU would be > modified to use a socket for the VFIO ABI, including shared memory for > DMA. Ideally this would be transparent for much of the QEMU vfio code > outside of setup. Effectively this becomes a userspace implementation > of mdev as this could already be done using mdev, but it requires a > vendor driver to expose the userspace interface and likely a longer > round trip through the kernel and back to userspace. Either path > allows device models in userspace that can be open or proprietary, but > this new proposal eliminates the vendor kernel driver component. Of > course non-upstream kernel mdev vendor drivers do taint the host > kernel, so they at least leave a breadcrumb. Spot on. This can be done today via mdev, but it would unnecessarily involve the kernel in the setup of devices. Also, since vfio is the only existing bus driver for mdev, it would make little sense to implement an mdev "physical" driver (which wouldn't have a physical backing device) just to talk a vfio-like abi back to userspace. This "vfio-user" proposal is a perfect fit for Qemu. I think the correct design is to slightly rearchitect the vfio implementation in Qemu to allow for userspace backends through unix sockets, very much like vhost-user does it for virtio devices today. As a matter of fact, with something like this in place, I think the Qemu code could potentially be simplified by moving some of the existing vhost-user offloading code underneath it. > I believe Filipe > mentioned a conversation after the BoF with Alex Graf who had a related > concern about using the socket approach to use this as a non-GPL > backdoor for device models in QEMU and a suggested approach was a GPL > handshake via the socket interface. Not exactly. The GPL-violating concerns came from Paolo and Stefan (cc'd). Alex Graf (cc'd) came up with a solution for the concern which involves adding a copyrighted "poem" to the protocol handshake. Qemu would then grant the copyright for GPL applications, hence limiting who can use the protocol. Vendors can obviously bypass this by using a GPL proxy application that talks to Qemu, but then uses a separate mechanism (possibly another unix socket) to talk to other non-GPL applications. Vendors which distribute Qemu can possibly also bypass this by modifying the protocol not to include the copyrighted messages. Using either legal loophole approach, however, can lead to a lot of public point and shame. The point I would like to discuss more widely (before going forwards with code) is whether vendors can actually make use of a GPL-only protocol. I understand the community desire of gathering efforts into GPL software, Qemu code and Virtio. A non-GPL implementation means that maybe some vendors cannot use this. I envision this protocol being used by userspace applications which _need_ to emulate a device outside Qemu for performance reasons, not license reasons (eg. a separate process can efficiently poll VQs from multiple VMs from a single core). Applications that already do that today, albeit open-source, are not GPL (eg. OVS, DPDK, SPDK). This is why I'd like to hear more from Paolo and Stefan on why making this non-GPL is so bad. It is already possible today (via mdev), and similar approaches already exist for a large number of device implementations via vhost-user. Additionally, I would also like to hear from willing vendors that feel they could _only_ benefit from this if it does not enforce GPL. Finally, I want to clarify I am not opposing making this GPL-only. I just want to make sure the effort is justifiable (ie. there is reason for this to enforce GPL peer applications given the existing vhost-user and mdev alternatives) and not in vain (ie. there are GPL use cases for this out there). Thanks, Felipe
