On Tue, Mar 26, 2019 at 03:00:05PM +0800, Xiao Guangrong wrote: > On 3/26/19 7:18 AM, Paolo Bonzini wrote: > > On 25/03/19 12:46, Yang Zhong wrote: > > > Hello all, > > > > > > Rust-VMM has started to make all features and common modules to crates, > > > and CSP can > > > deploy their VMM on demand. This afternoon, Xiao guangrong and i talked > > > about the light > > > weight VM solitions,and we thought QEMU can do same thing like Rust-vmm, > > > although we can > > > make all modules or features in QEMU configurable, but making features > > > and modules to libs > > > are still valuable for QEMU. Any comments are welcome! thanks! > > > > What features/modules were you thinking of? Were you thinking of > > turning them into dynamically loaded libraries, or spinning them out > > into separate projects (such as libslirp)? > > We are considering make QEMU's device emulations to dynamically libraries > that include > virtio devices, IO controller and even vCPU emulations plus some hooks into > it, and so > on. > > > > > Also, what is the use case? Is it to reduce the attack surface without > > having multiple QEMU binaries? > > > > Security is one story we concern, only the essential and audited > modules/libraries > can be loaded into memory.
QEMU's build system supports dynamically loaded "modules" (shared libraries). You can build all features but only load a subset of them at runtime. You can also install just a subset of modules on a host. Examples are the block drivers and audio drivers. See ./configure and block/Makefile.objs. QEMU's build system has 'y', 'n', and 'm' (for module). So far no emulated devices are built as modules, but this would be a good area to explore. Do you think modules satisfy your requirements? > Another story is that lightweight virt. becomes more and more important to > run VM-based > workload in the public Cloud. However, QEMU is too huge and cumbersome to > fill our > requirements, e.g, QEMU-lites has been being developed for a long time but > still lacks > a way into mainline or Intel's nEMU more radically. It's worth noting that NEMU functionality is being upstreamed or inspired upstream work. QEMU recently got Kconfig (better compile-time dependency management) and PVH fast guest kernel loading. If you are interested in lightweight VMs, check out those features. Stefan
signature.asc
Description: PGP signature
