From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <discuss-bounces@spectrum-os.org>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DATE_IN_PAST_03_06,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,
	FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE autolearn=no
	autolearn_force=no version=3.4.4
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id E55D014FEF; Wed, 10 Mar 2021 19:50:54 +0000 (UTC)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 371331502A;
	Wed, 10 Mar 2021 19:50:33 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id 686FC14FBE; Wed, 10 Mar 2021 19:50:31 +0000 (UTC)
Received: from mail-vs1-f47.google.com (mail-vs1-f47.google.com [209.85.217.47])
	by atuin.qyliss.net (Postfix) with ESMTPS id A614414FBC
	for <discuss@spectrum-os.org>; Wed, 10 Mar 2021 19:50:28 +0000 (UTC)
Received: by mail-vs1-f47.google.com with SMTP id a12so9401166vsd.3
        for <discuss@spectrum-os.org>; Wed, 10 Mar 2021 11:50:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=q2QtrYrfnyirhzebxuyp707Ze+XoZkTdAAsJ6UxP0Ho=;
        b=W77r6brpe7BVoR/WSB5J0du8B1peA1Jgfsq7VVQwGVBl5CwLfCewH790GuM5dZazip
         vqrQZK3RiwsTdSETM1eXUi1rYX8/7sNdVlkNhuJbp7OzlYRd+GhkujebPnmM4GZFCU7E
         FbZEQW6d226XeUQIauLs0rb0R8L7yiJNZrq82Ph7XyabMS9eo8P243ww25G3VFCy7/pw
         edPmLOWARSF0mgbJ1ezGw9KepamZHd6njAf60kNSzLNfPyAKaTm2gLYhq2m27eqBvVqQ
         adp/OdYScWIaXv88K/bfH1aVTgJ8sm59kIbv8eUipamCGTlqu6ryvgGEPdqTUiQOoCO2
         x3gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=q2QtrYrfnyirhzebxuyp707Ze+XoZkTdAAsJ6UxP0Ho=;
        b=tyit8WdEBIi96aEuEpGtd7AX39UnJCmZUq4Mj1p5dmCjyL8uX5SC7FG0aorxfuIt51
         ELyIvMdXKVCOCN3iIUe/+XRcTxLxiwBWnn6ns1uHzoufxcysn4/w+MwjpcsOdjc0sgBm
         xYdXP/sY1qxQ7ZzHuj8bWHfQBNF7xbII62kEU8i5o49AgtQ0W+KP86zQvyt/ilNqNqj8
         N0Jj+mRZq02P2JNqY5PY4XYE1nd/HXniBuzyo83DaBv2E8olZ9O066T/ecSxh2MRho6D
         hFcBwbO6GuYPgdXm+698+Gxv12MCP5PWKa61XFFhTRuOcvPuIyzLDA3aSugM8tah6maI
         yrKg==
X-Gm-Message-State: AOAM531a6iZbCUdwAxfeI1KEbjaWsGtNmmOatIJAZaHsTgWuOPFCz0LH
	6OJrE3A17iEVCKbbzAnrb+rozA3dYLQgQqpfMow=
X-Google-Smtp-Source: ABdhPJwl4Asa+BdkFWXH6RUwf/z0hAOesvbHviMHhY+dLZ0t/xRvdSbbsJPM1QGoMT7Qb1333MMH46xzfGvKDBm3KMQ=
X-Received: by 2002:a67:ed41:: with SMTP id m1mr3204602vsp.57.1615405826915;
 Wed, 10 Mar 2021 11:50:26 -0800 (PST)
MIME-Version: 1.0
References: <CAG4opy_hz_ESEpY0TqJy7u3ZSiOOMPWmQkmmDZbi-pjY3cF=YQ@mail.gmail.com>
 <87ble2czx6.fsf@alyssa.is> <CAG4opy_9Q2aeX1UZkksnVfZbeA51UoL6xFkY5N4xny=XFUdnYQ@mail.gmail.com>
 <87lfcvn1ln.fsf@alyssa.is> <87bldrn0kh.fsf@alyssa.is> <CAG4opy8Y6qw=ZVuJtHFs_dDvr7GcD0EhLkj17c1-Ug7CVV4Jng@mail.gmail.com>
 <CAG4opy9Uym9qknH-ROOC4717UJ7_micr=JoRexepJ71ALAZaow@mail.gmail.com>
 <CAG4opy8BZn2pXDRBHOjcENFBHJON1LoG7A8GPdP0Wt_3KLaHyw@mail.gmail.com> <20210309165922.mg6hdqzzeurdmjsq@x220.qyliss.net>
In-Reply-To: <20210309165922.mg6hdqzzeurdmjsq@x220.qyliss.net>
From: Thomas Leonard <talex5@gmail.com>
Date: Wed, 10 Mar 2021 14:19:49 +0000
Message-ID: <CAG4opy-5u1hn3jZPJgh+NnGFjX7J2gb_ytFETFsKX2g_Rp2Dig@mail.gmail.com>
Subject: Re: Qubes-lite With KVM and Wayland
To: Alyssa Ross <hi@alyssa.is>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: XYQOCXFDYWVYP236DXVFEG4P5WO3QC6A
X-Message-ID-Hash: XYQOCXFDYWVYP236DXVFEG4P5WO3QC6A
X-MailFrom: talex5@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header
CC: Michael Raskin <7c6f434c@mail.ru>, discuss@spectrum-os.org
X-Mailman-Version: 3.3.1
Precedence: list
List-Id: General high-level discussion about Spectrum <discuss.spectrum-os.org>
Archived-At: <https://spectrum-os.org/lists/hyperkitty/list/discuss@spectrum-os.org/message/XYQOCXFDYWVYP236DXVFEG4P5WO3QC6A/>
List-Archive: <https://spectrum-os.org/lists/hyperkitty/list/discuss@spectrum-os.org/>
List-Help: <mailto:discuss-request@spectrum-os.org?subject=help>
List-Post: <mailto:discuss@spectrum-os.org>
List-Subscribe: <mailto:discuss-join@spectrum-os.org>
List-Unsubscribe: <mailto:discuss-leave@spectrum-os.org>

On Tue, 9 Mar 2021 at 16:59, Alyssa Ross <hi@alyssa.is> wrote:
>
> On Sun, Mar 07, 2021 at 12:52:36PM +0000, Thomas Leonard wrote:
> > On Wed, 27 Jan 2021 at 17:31, Thomas Leonard <talex5@gmail.com> wrote:
> > [...]
> > > If any of this sounds useful for spectrum let me know. I can try and
> > > tidy it up; it's all a huge mess at the moment!
> >
> > I got a bit further (fixed my sommelier problems), but have run out of
> > time for now :-(
> >
> > I've written up where I got to here:
> >
> > https://roscidus.com/blog/blog/2021/03/07/qubes-lite-with-kvm-and-wayla=
nd/
>
> I saw this online the other day and started reading it without realising
> it was you, and then I saw you were using Nix and thought "wow, that's
> close to what I'm (not) doing", and then I saw the Spectrum section, and
> then realised who the author was. :)

:-)

> I'll quote a little from it and reply to bits:
>
> > When I wanted a newer package (socat with vsock support, only just
> > released) I just told Nix to install it from the latest Git checkout of
> > nixpkgs.
>
> I'm excited to learn that socat has vsock support now!  That's going to
> be very useful.  I have a half-done patch somewhere that adds vsock
> support to strace that I should finish up as well.

Yeah, I'm using it as a hacky replacement for qrexec for now. The fact
that it connects to the network system, and allows you to specify the
target VM ID, makes it look like it's designed to go between VMs, but
it doesn't seem like it does. I worry that they'll enable that at some
point and create a sudden security problem...

> > True, my squashfs image is getting a bit big. Maybe I should instead
> > make a minimal squashfs boot image, plus a shared directory of hard
> > links to the required files. That would allow sharing the data with the
> > host. I could also just share the whole /nix/store directory, if I
> > wanted to make all host software available to guests.
>
> I think the solution I will end up going with for this will be a custom
> virtiofsd implementation that can implement some access controls.

Sounds sensible.

> > I didn=E2=80=99t have time to write and debug C++ code for every missin=
g
> > Wayland protocol, so I took a short-cut: I wrote my own Wayland library=
,
> > ocaml-wayland, and then used that to write my own version of sommelier.
> > With that, adding support for copying text was fairly easy.
>
> Well this is interesting!  I definitely want to learn more about this.

I've put it up here: https://github.com/talex5/wayland-virtwl-proxy

There's a default.nix file, so it should build easily enough (make
sure to git clone with submodules). I'd be interested to know if it
works for other people. I've been using it for about a week now, and
it seems fine with firefox, evince and xfce4-terminal (the apps I
use).

But e.g. kitty won't run because there's no `wl_drm` support. I don't
know anything about graphics acceleration. But someone on Hacker News
commented that you did panfrost, so I guess you know about that sort
of thing.

> > * One problem with virtwl is that, while we can receive shared
> >   memory FDs from the host, we can=E2=80=99t export guest  memory to th=
e
> >   host. This is unfortunate, because in Wayland the shared memory for
> >   window contents is allocated by  the application from guest memory,
> >   and the proxy therefore has to copy each frame. If the host
> >   provided the  memory to the guest, this wouldn=E2=80=99t be needed. T=
here
> >   is a wl_drm protocol for allocating video memory, which might  help
> >   here, but I don=E2=80=99t know how that works and, like many Wayland
> >   specifications, it seems to be in the process of being replaced by
> >   something else.
>
> Yeah, this comes up on the virtio mailing list from time to time.  It's
> a very difficult problem to solve, but there might be a solution some
> day.  I think I've written about my own explorations in this area on
> this list before.
>
> > I=E2=80=99m not sure how guest-to-guest communication works with KVM.
>
> It... doesn't really, at least not the way it does with Xen.
> virtio-vhost-user[1] is promising, but very early stages.  I've talked
> in quite a lot of detail about how that works on this list before as
> well.  guest-to-guest communication was my main area of work for most of
> the second half of last year (and what ended up causing me to burn out).

I guess once you've got shared memory and inter-VM interrupts it might
be possible to reuse the Xen protocols and drivers. I made a firewall
VM on Qubes that did that a few years ago
(https://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos=
/).
But the virtio protocols will probably be more widely supported in
future.

> [1]: https://wiki.qemu.org/Features/VirtioVhostUser
>
> > I hope the SpectrumOS project will resume at some point
>
> Me too!  Maybe it's resuming right now!  (Although I'm not committing --
> just because I'm feeling ready to get back into it today doesn't mean
> that's going to be sustainable again yet.)

:-)


--=20
talex5 (GitHub/Twitter)        http://roscidus.com/blog/
GPG: 5DD5 8D70 899C 454A 966D  6A51 7513 3C8F 94F6 E0CC