Lines Matching full:be
8 may lack features or be considerably different from what is described
22 QEMU can be susceptible to security attacks because it is a large,
24 Many of these features can be configured out of QEMU, but even a reduced
33 QEMU can be broadly described as providing three main services. One is a
34 VM control point, where VMs can be created, migrated, re-configured, and
44 host processes. Each of these processes can be given only the privileges
45 it needs to provide its service, e.g., a disk service could be given
46 access only to the disk images it provides, and not be allowed to
48 this service would not be able to use this exploit to access files or
57 emulation. i.e., the control process would also be the CPU emulation
58 process. In a later phase, CPU emulation could be separated from the
67 be exploited, and, indeed, have been a source of exploits in the past.
70 can be separated from the QEMU functions that manage the emulation of
100 Virtio guest device drivers can be connected to vhost user applications
105 application is a daemon process that can be contacted via a known UNIX
114 process, the application can also be sent other file descriptors over
115 the socket, which then can be used by the vhost user application in
124 executes instructions that cannot be executed by virtual HW mode,
131 vhost user device, the memory operation would need to be sent over a
135 driver, instead of needing them to be sent to the QEMU process first.
154 These descriptors can be passed to ``mmap()`` by the vhost application
168 Much of the vhost model can be re-used by separated device emulation. In
172 should be re used.
186 desired, in which the emulation application should only be allowed to
194 QEMU one. This could be useful for disk device emulation, since its
210 modification. The device emulation objects will be also be based on the
211 QEMU code, because for anything but the simplest device, it would not be
216 sockets. The processes can be executed either as standalone processes,
217 or be executed by QEMU. In both cases, the host backends the emulation
219 be for QEMU. For example:
230 configuration might be to put all controllers of the same device class
232 the same type can be managed by a single QMP monitor.
237 The first argument to the remote emulation process will be a Unix domain
247 Remote emulation processes can be monitored via QMP, similar to QEMU
255 can be monitored over the UNIX socket path */tmp/disk-mon*.
264 be the same id as used in the remote process.
270 can be used to add a device emulated in a remote process
307 replace. i.e., the proxy object for an LSI SCSI controller will be a
319 which any other QEMU device would be initialized.
339 MMIO handlers, or creating a child bus that other proxy devices can be
342 Other tasks will be device-specific. For example, PCI device objects
365 PCI devices also have a configuration space that can be accessed by the
369 need to be propagated to the emulation process.
376 proxy object. This class's parent would be "pci-device" and it would
386 incoming interrupt indication would then be sent up to its bus parent to
387 be injected into the guest. For example, a PCI device object may use
395 remote device's *vmstate*; that will be handled by the remote process
401 Generic device operations, such as DMA, will be performed by the remote
407 DMA operations would be handled much like vhost applications do. One of
412 must be backed by shared file-backed memory, for example, using
425 within the DMA address space, an IOMMU notifier for unmaps will be added
434 *-device* command line option does. The remote process may either be one
435 started at QEMU startup, or be one added by the "add-process" QMP
447 incoming byte stream length and data will be saved as the proxy's
449 will be extracted, and a secondary socket file descriptor will be sent
469 will drive which objects need to be created.
474 memory regions must be configured with ``memory_map_init()``. This
483 will be supplied by the guest memory table from above. Those RAM regions
484 would then be added to the *system\_memory* memory region with
489 IO initialization will be driven by the JSON descriptions sent from the
490 QEMU process. For a PCI device, a PCI bus will need to be created with
491 ``pci_root_bus_new()``, and a PCI memory region will need to be created
504 handle MMIO requests from QEMU, the PCI physical addresses must be the
506 accomplish that, guest BAR programming must also be forwarded from QEMU
523 an emulation process would be to setup the root PCI bus driver (via
533 into the VM. A simple emulation process implementation would be to send
544 will be used to translate the DMA address to a local virtual address the
552 that physical address can be translated to a local virtual address. The
559 invoked, the IOTLB cache will be searched for an entry that will map the
560 DMA address to a guest PA. On a cache miss, a message will be sent back
561 to QEMU requesting the corresponding translation entry, which be both be
562 used to return a guest address and be added to the cache.
575 ``qio_channel_socket_new_fd()``. This channel will be used to create a
576 *QEMUfile* that can be passed to ``qemu_save_device_state()`` to send
577 the process's device state back to QEMU. This method will be reversed on
578 restore - the channel will be passed to ``qemu_loadvm_state()`` to
584 The messages that are required to be sent between QEMU and the emulation
588 The KVM file descriptors created would be passed to the emulation process
596 could, however, be expanded to cover more cases.
637 includes a sequence number that can be used to reply to the MMIO, and
667 MMIOs may be waiting to be consumed by an emulation program and multiple
668 threads may be waiting for MMIO replies. The scoreboard would contain a
670 be individually woken when the MMIO reply is received from the emulation
678 Some MMIO loads do not have device side-effects. These MMIOs can be
687 side-effects (and can be completed immediately), and which require a
695 The descriptor would be returned by the KVM driver when QEMU issues a
701 The *KVM\_DEV\_TYPE\_USER* operations vector will be registered by a
721 be passed to the device emulation program. Only one slave can be created
729 command can be executed while the guest is running, such as the case
733 register *kvm\_io\_device\_ops* callbacks to be invoked when the guest
758 request structures. Multiple structures can be returned if there are
761 space in the pending to add new MMIO operations, they will be woken
775 There are several ioctl()s that can be performed on the slave
779 allocate memory for the shadow image. This memory can later be
792 to determine if there are MMIO requests waiting to be read. It will
799 memory, changes with no side-effects will be reflected in the shadow,
808 matching *kvm\_io\_device* to see if the MMIO can be handled by the KVM
810 corresponding callback will be invoked.
815 Loads with side-effects must be handled synchronously, with the KVM
818 side-effects may be optimized by satisfying them from the shadow image,
825 Stores can be handled asynchronously unless the pending MMIO request
836 the device's corresponding interrupt to be triggered by the KVM driver.
845 irq file descriptor, a re-sampling file descriptor needs to be sent to
847 devices sharing an irq to be notified when the interrupt has been
857 The interrupt route can be found with
863 Intx routing can be changed when the guest programs the APIC the device
865 ``pci_device_set_intx_routing_notifier()`` to be informed of any guest
877 may need to be sent to the emulation program.
902 After IO services have been disaggregated, a second phase would be to
905 code, so the first task would be to create one.
923 need a separate user ID to provide access control, which is likely to be
939 allows rules to be written on what operations a process with a given
958 process's set is a superset of the file's set. This enforcement can be
962 each device emulation process could be provisioned with a separate
963 category. The different device emulation processes would not be able to
966 Alternatively, categories could be used in lieu of the type enforcement
967 scheme described above. In this scenario, different categories would be