Re: Changing guest I/O path in KVM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Stefan Hajnoczi <stefanha <at> gmail.com> writes:

> 
> On Mon, Sep 30, 2013 at 08:29:30PM -0400, duy hai nguyen wrote:
> > I have this question regarding the way KVM handles I/O requests from a 
guest:
> > 
> > IO requests from a guest are trapped by KVM. KVM then forwards the
> > requests to QEMU to handle.
> > 
> > I am wondering if there is a way to make KVM forward the IO requests
> > to another guest instead of QEMU? I want this second guest to encrypt
> > the data before passing them to QEMU:
> > 
> > (I/O from VM1) -> KVM kernel -> VM2 -> QEMU
> 
> I don't really understand the trust model you are aiming for.  Since
> QEMU has full control over guest RAM and CPU state, QEMU is always
> capable of spying on the guest.
> 
> Anyway, QEMU doesn't have a built-in way to bounce the I/O through
> another guest without seeing the data first.
> 
> Use a network file system or iSCSI inside the guest.  Then VM2 can
> transform the data however you like and transport encryption can be
> used.
> 
> Stefan
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo <at> vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 

Thanks, Stefan!

In the network file system (NFS) approach you mentioned, I understand that 
the I/O requests will go directly from VM1 to VM2 via network before 
reaching QEMU for I/O handling. Please correct if I am wrong.

> Anyway, QEMU doesn't have a built-in way to bounce the I/O through
> another guest without seeing the data first.

I want to have I/O requests from VM1 go to VM2 first. In the current design 
of kvm kernel module, kvm forwards I/O requests to QEMU by setting some 
fields in the 'vcpu' structure and each QEMU thread keeps checking the 
content of their corresponding vcpu. Is this the part I can make changes to 
have my I/O path?

Thank you very much!

Best,
Hai

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux