Internships/ProjectIdeas/VhostUserMemoryIsolation
vhost-user memory isolation
Summary: Add a new mode for vhost-user devices that does not expose guest RAM as shared memory.
vhost-user enables VIRTIO devices to be implemented as separate processes outside of QEMU. This allows device emulation code to be written in any programming language, sharing of device emulation code with other emulators besides QEMU, and complex device implementations that would not fit well into the QEMU process. vhost-user achieves good performance by directly accessing guest RAM through shared memory. Exposing guest RAM is not always desirable for security reasons and is sometimes not possible due to lack of host platform support. This project will add an alternative mode for vhost-user devices where guest RAM is not exposed.
Today, QEMU configures the guest in such a way that the vhost-user device is directly notified when I/O requests are ready for processing by the device. Similarly, when the vhost-user device completes I/O requests, it directly notifies the guest. The vhost-user device has full access to guest RAM via shared memory in order to transfer data buffers while processing I/O requests. This project will add a mode where QEMU intercepts I/O requests, copies data buffers between guest RAM and a vhost-user isolated memory area that the vhost-user device can access, and then forwards the notifications between the guest and the vhost-user device.
This approach of intercepting I/O requests is already being used in certain live migration scenarios and is called Shadow Virtqueue. The project will involve reusing the Shadow Virtqueue implementation and integrating it into the vhost-user code. It is important that existing vhost-user devices work with memory isolation and no vhost-user protocol changes are required.
You will gain experience with QEMU internals, VIRTIO, and vhost-user.
Internship tasks:
- Add a bool "memory-isolation" qdev property to QEMU's vhost-user devices.
- Modify hw/virtio/vhost-user.c to intercept and forward the vhost-user callfd and kickfd eventfds when memory isolation is enabled.
- Manage an area of memory where I/O requests will be copied.
- Integrate the existing Shadow Virtqueue (SVQ) code into hw/virtio/vhost-user.c so that vhost-user devices see the SVQ instead of the guest's virtqueue.
- Extend tests/qtest/vhost-user-test.c to run with memory-isolation=on, proving that the feature works.
Links:
- vDPA-net Live Migration with Shadow VirtQueue (PDF)
- vhost-user protocol
- Virtqueue description in the VIRTIO specification
- vhost-user.c
- vhost-shadow-virtqueue.c
Details:
- Project size: 350 hours
- Skill level: intermediate
- Language: C
- Mentor: Stefano Garzarella <sgarzare@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, Eugenio Perez Martin <eperezma@redhat.com>, Hanna Czenczek <hreitz@redhat.com>