Re: [Qemu-devel] [PATCH 00/16] QEMU vhost-scsi support

[ronnie sahlberg]

On Fri, Apr 20, 2012 at 5:00 PM, Nicholas A. Bellinger
<address@hidden> wrote:
> On Thu, 2012-04-19 at 19:20 -0500, Anthony Liguori wrote:
>> Hi Nicholas,
>>
>> On 04/19/2012 06:53 PM, Nicholas A. Bellinger wrote:
>> > On Thu, 2012-04-19 at 07:30 -0500, Anthony Liguori wrote:
>> >> However, for storage, be it scsi or direct access, the same problem really
>> >> doesn't exist.  There isn't an obvious benefit to being in the kernel.
>> >>
>> >
>> > In the modern Linux v3.x tree, it was decided there is an obvious
>> > benefit to fabric drivers developers for going ahead and putting proper
>> > SCSI target logic directly into the kernel..  ;)
>>
>> I'm sure there are obvious benefits to having the kernel have SCSI target 
>> logic.
>>   I'm not claiming that there isn't.
>>
>> But there is not an obvious benefit to doing SCSI emulation *for virtual
>> machine* guests in the kernel.
>>
>> Guests are unconditionally hostile.  There is no qualification here.  Public
>> clouds are the obvious example of this.
>>
>> TCM runs in the absolute most privileged context possible.  When you're 
>> dealing
>> with extremely hostile input, it's pretty obvious that you want to run it in 
>> the
>> lowest privileged context as humanly possible.
>>
>
> The argument that a SCSI target for virtual machines is so complex that
> it can't possibly be implemented properly in the kernel is a bunch of
> non-sense.

There are also other benefits to NOT implement scsi emulation in the
kernel, aside from the security aspect of running large amounts of
code inside kernel context vs within restricted userspace context.

I am very happy to be able to add emulation of new opcodes or new
features to tgtd WITHOUT having to recompile my kernel.


regards
ronnie sahlberg