"Michael S. Tsirkin" <m...@redhat.com> writes: > On Tue, May 28, 2013 at 12:00:38PM -0500, Anthony Liguori wrote: >> Julian Stecklina <jstec...@os.inf.tu-dresden.de> writes: >> >> >> I don't see any compelling reason to do something like this. It's >> jumping through a tremendous number of hoops to avoid putting code that >> belongs in QEMU in tree. >> >> Regards, >> >> Anthony Liguori >> >> > >> > Julian > > OTOH an in-tree device that runs in a separate process would > be useful e.g. for security.
An *in-tree* device would at least be a reasonable place to have a discussion. I still think it's pretty hard to make work beyond just a hack. > For example, we could limit a virtio-net device process > to only access tap and vhost files. Stefano et al from the Xen community have some interest in this. I believe they've done some initial prototyping already. Regards, Anthony Liguori > We can kill this process if there's a bug > with the result that NIC gets stalled but everything else > keeps going. > Possibly restart on next guest reset. > There could be other advantages. > > -- > MST
