On Wed, Mar 14, 2012 at 06:57:59PM +0800, Wen Congyang wrote: > At 03/14/2012 06:52 PM, Gleb Natapov Wrote: > > On Wed, Mar 14, 2012 at 06:52:07PM +0800, Wen Congyang wrote: > >> At 03/14/2012 06:37 PM, Amit Shah Wrote: > >>> On (Wed) 14 Mar 2012 [17:53:00], Wen Congyang wrote: > >>>> At 03/14/2012 05:24 PM, Avi Kivity Wrote: > >>>>> On 03/14/2012 10:29 AM, Wen Congyang wrote: > >>>>>> At 03/13/2012 06:47 PM, Avi Kivity Wrote: > >>>>>>> On 03/13/2012 11:18 AM, Daniel P. Berrange wrote: > >>>>>>>> On Mon, Mar 12, 2012 at 12:33:33PM +0200, Avi Kivity wrote: > >>>>>>>>> On 03/12/2012 11:04 AM, Wen Congyang wrote: > >>>>>>>>>> Do you have any other comments about this patch? > >>>>>>>>>> > >>>>>>>>> > >>>>>>>>> Not really, but I'm not 100% convinced the patch is worthwhile. It's > >>>>>>>>> likely to only be used by Linux, which has kexec facilities, and you can > >>>>>>>>> put talk to management via virtio-serial and describe the crash in more > >>>>>>>>> details than a simple hypercall. > >>>>>>>> > >>>>>>>> As mentioned before, I don't think virtio-serial is a good fit for this. > >>>>>>>> We want something that is simple & guaranteed always available. Using > >>>>>>>> virtio-serial requires significant setup work on both the host and guest. > >>>>>>> > >>>>>>> So what? It needs to be done anyway for the guest agent. > >>>>>>> > >>>>>>>> Many management application won't know to make a vioserial device available > >>>>>>>> to all guests they create. > >>>>>>> > >>>>>>> Then they won't know to deal with the panic event either. > >>>>>>> > >>>>>>>> Most administrators won't even configure kexec, > >>>>>>>> let alone virtio serial on top of it. > >>>>>>> > >>>>>>> It should be done by the OS vendor, not the individual admin. > >>>>>>> > >>>>>>>> The hypercall requires zero host > >>>>>>>> side config, and zero guest side config, which IMHO is what we need for > >>>>>>>> this feature. > >>>>>>> > >>>>>>> If it was this one feature, yes. But we keep getting more and more > >>>>>>> features like that and we bloat the hypervisor. There's a reason we > >>>>>>> have a host-to-guest channel, we should use it. > >>>>>>> > >>>>>> > >>>>>> I donot know how to use virtio-serial. > >>>>> > >>>>> I don't either, copying Amit. > >>>>> > >>>>>> I start vm like this: > >>>>>> qemu ...\ > >>>>>> -device virtio-serial \ > >>>>>> -chardev socket,path=/tmp/foo,server,nowait,id=foo \ > >>>>>> -device virtserialport,chardev=foo,name=port1 ... > >>>>>> > >>>>>> You said that there are too many channels. Does it mean /tmp/foo is a channel? > >>>>> > >>>>> Probably. > >>>> > >>>> Hmm, if we use virtio-serial, the guest kernel writes something into the channel when > >>>> the os is panicked. Is it right? > >>> > >>> Depends on how you want to use it. It could be the kernel, or it > >>> could be a userspace program which monitors syslogs for panic > >>> information and passes on that info to the virtio-serial channel. > >> > >> When the kernel is panicked, we cannot use userspace program. > >> > >>> > >>>> If so, is this channel visible to guest userspace? If the channle is visible to guest > >>>> userspace, the program running in userspace may write the same message to the channel. > >>> > >>> Access control is via permissions. You can have udev scripts assign > >>> whatever uid and gid to the port of your interest. By default, all > >>> ports are only accessible to the root user. > >> > >> We should also prevent root user writing message to this channel if it is > >> used for panicked notification. > >> > > Why? Root user can also call panic hypercall if he wishes so. > > IIRC, the instruction vmcall needs to run on ring0. The root user is in ring3. > And who will stop the root from loading kernel module? -- Gleb. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
