Versions Compared

Old Version 27

changes.mady.by.user Gunnar Andersson

Saved on

compared with

New Version 28

changes.mady.by.user Gunnar Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Tried to clean 9pfs chapter

...

  • To not impede efficient development, text consoles shall be according to the operating systems' normal standards so that they can be connected to any normal development flow.
  • Text consoles are often connected to a shell capable of running commmands.  For security reasons, text consoles MUST be possible to shut off entirely in the configuration of a production system.  This configuration MUST be not modifiable from within any guest operating system.
  • It is also recommended that countermeasures are introduced in place and documented during the development phase ensuring that there is no way to forget to disable these consoles in the final production system.


5.1 9pfs and hostHost-to-vm filesystem sharing

Host to VM disk sharing

The function of providing disk access in the form of a "shared folder" or full disk passthrough is a function that seems mostly used by desktop virtualization of the type where for .  For example the user wants to run for example run  Microsoft Windows in combination with a MacOS host, or to run Linux by running it in a virtual machine hosted by another main operating system.It on a Windows-based corporate workstation.  Host-to-VM filsystem sharing might serve some purpose also in server virtualization if that also it is based on a Type-2 hypervisor which is in itself an operating system kernel, but also hosting hosts multiple virtualized environment.

Requirements:

  • Implementation of host-to-vm disk sharing using to the 9pfs protocol is optional.

Discussion:

For the automotive use case, the working group found little need for this host-to-vm disk sharing, but we summarize the situation opportunities here if the need arises for some particular product.

[VIRTIO] describes one network disk protocol for the purpose of hypervisor-to-vm storage sharing, which is 9pfs.  It is a part of a set of protocols defined by the Plan9 operating system.

Most systems will be able to accomodate any network disk protocol needs by implementing the network protocol in one or several of the VMs. Typical The typical systems we deal with are large enough to include can implement a more complete standard and more standard capable protocol such as NFS within the normal operating system environment that is running in he the VM and share storage between them over the (virtual) network they have. In other words, for many use cases it this sharing need not be implemented in the hypervisor itself.

In [VIRTIO] describes one network disk protocol for the purpose of hypervisor-to-vm storage sharing. The , the protocol 9pfs is mentioned in two ways: A PCI type device can indicate that it is going to use the 9P protocol. The specification also has 9P as a specific separate device type. There seems to be no strict definition (or even specific reference) to the protocol itself and it is assumed to be well known by name and possible to find online. The specification is thus complemented only by scattered information regarding the specific implementations (Xen, KVM, QEMU, ...)

REQ X:Y: Implementation of host-to-vm disk sharing using to the 9pfs protocol is optional.

The 9pfs protocol seems proven and supposedly OK for what it does. Possibly more security features are needed, depending on use-case. VIRTIO however seems to defer the definition completely to "somewhere else"? At least a reference to a canonical specification would seem appropriate.found on the web regarding the specific implementations (Xen, KVM, QEMU, ...) 

9pfs is a minimalistic network file-system protocol that the working group figures is appropriate for the task. Other network protocols like NFS, SMB/SAMBA etc. would be too heavy. 9pfs however feels a bit esoteric, and while "reinventing" is usually unnecessary there might be an appropriate opportunity to do that here, with a new modern protocol plus, a reference open-source implementation. It ought to take a closer look particularly at flexibility a flexible and reliable security model, which seem somewhat glossed over in the current 9pfs description which .  It briefly  references only "fixed user" or "pass-through" for mapping ownership on files in guest/host.

Links: Virtio 1.0 spec : {PCI-9P, 9P device type}.
Kernel support: Xen/Linux 4.12+ FE driver Xen implementation details

References: Some found references include: (these are not linked here since we cannot at the moment evaluate if they should be considered official or complete).
A set of man pages seemingly defining that seem to be the definition of P9? intro, others    QEMU instruction how to set up a VirtFS (P9).  Example/info how to natively mount a 9P network filesystem, Source code for 9pfs FUSE driver

...