2 years ago · 71d72ececa
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2124,13 +2124,20 @@ S: Odd Fixes
 
				 W: https://wiki.qemu.org/Documentation/9p
			
 
				 F: hw/9pfs/
			
 
				 X: hw/9pfs/xen-9p*
			
 
				+X: hw/9pfs/9p-proxy*
			
 
				 F: fsdev/
			
 
				-F: docs/tools/virtfs-proxy-helper.rst
			
 
				+X: fsdev/virtfs-proxy-helper.c
			
 
				 F: tests/qtest/virtio-9p-test.c
			
 
				 F: tests/qtest/libqos/virtio-9p*
			
 
				 T: git https://gitlab.com/gkurz/qemu.git 9p-next
			
 
				 T: git https://github.com/cschoenebeck/qemu.git 9p.next
			
 
				 
			
 
				+virtio-9p-proxy
			
 
				+F: hw/9pfs/9p-proxy*
			
 
				+F: fsdev/virtfs-proxy-helper.c
			
 
				+F: docs/tools/virtfs-proxy-helper.rst
			
 
				+S: Obsolete
			
 
				+
			
 
				 virtio-blk
			
 
				 M: Stefan Hajnoczi <stefanha@redhat.com>
			
 
				 L: qemu-block@nongnu.org
			
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -343,6 +343,29 @@ the addition of volatile memory support, it is now necessary to distinguish
 
				 between persistent and volatile memory backends.  As such, memdev is deprecated
			
 
				 in favor of persistent-memdev.
			
 
				 
			
 
				+``-fsdev proxy`` and ``-virtfs proxy`` (since 8.1)
			
 
				+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
			
 
				+
			
 
				+The 9p ``proxy`` filesystem backend driver has been deprecated and will be
			
 
				+removed (along with its proxy helper daemon) in a future version of QEMU. Please
			
 
				+use ``-fsdev local`` or ``-virtfs local`` for using the 9p ``local`` filesystem
			
 
				+backend, or alternatively consider deploying virtiofsd instead.
			
 
				+
			
 
				+The 9p ``proxy`` backend was originally developed as an alternative to the 9p
			
 
				+``local`` backend. The idea was to enhance security by dispatching actual low
			
 
				+level filesystem operations from 9p server (QEMU process) over to a separate
			
 
				+process (the virtfs-proxy-helper binary). However this alternative never gained
			
 
				+momentum. The proxy backend is much slower than the local backend, hasn't seen
			
 
				+any development in years, and showed to be less secure, especially due to the
			
 
				+fact that its helper daemon must be run as root, whereas with the local backend
			
 
				+QEMU is typically run as unprivileged user and allows to tighten behaviour by
			
 
				+mapping permissions et al by using its 'mapped' security model option.
			
 
				+
			
 
				+Nowadays it would make sense to reimplement the ``proxy`` backend by using
			
 
				+QEMU's ``vhost`` feature, which would eliminate the high latency costs under
			
 
				+which the 9p ``proxy`` backend currently suffers. However as of to date nobody
			
 
				+has indicated plans for such kind of reimplemention unfortunately.
			
 
				+
			
 
				 
			
 
				 Block device options
			
 
				 ''''''''''''''''''''
			
--- a/docs/tools/virtfs-proxy-helper.rst
+++ b/docs/tools/virtfs-proxy-helper.rst
@@ -9,6 +9,9 @@ Synopsis
 
				 Description
			
 
				 -----------
			
 
				 
			
 
				+NOTE: The 9p 'proxy' backend is deprecated (since QEMU 8.1) and will be
			
 
				+removed, along with this daemon, in a future version of QEMU!
			
 
				+
			
 
				 Pass-through security model in QEMU 9p server needs root privilege to do
			
 
				 few file operations (like chown, chmod to any mode/uid:gid).  There are two
			
 
				 issues in pass-through security model:
			
--- a/fsdev/qemu-fsdev.c
+++ b/fsdev/qemu-fsdev.c
@@ -133,6 +133,14 @@ int qemu_fsdev_add(QemuOpts *opts, Error **errp)
 
				     }
			
 
				 
			
 
				     if (fsdriver) {
			
 
				+        if (strncmp(fsdriver, "proxy", 5) == 0) {
			
 
				+            warn_report(
			
 
				+                "'-fsdev proxy' and '-virtfs proxy' are deprecated, use "
			
 
				+                "'local' instead of 'proxy, or consider deploying virtiofsd "
			
 
				+                "as alternative to 9p"
			
 
				+            );
			
 
				+        }
			
 
				+
			
 
				         for (i = 0; i < ARRAY_SIZE(FsDrivers); i++) {
			
 
				             if (strcmp(FsDrivers[i].name, fsdriver) == 0) {
			
 
				                 break;
			
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -9,6 +9,11 @@
 
				  * the COPYING file in the top-level directory.
			
 
				  */
			
 
				 
			
 
				+/*
			
 
				+ * NOTE: The 9p 'proxy' backend is deprecated (since QEMU 8.1) and will be
			
 
				+ * removed in a future version of QEMU!
			
 
				+ */
			
 
				+
			
 
				 #include "qemu/osdep.h"
			
 
				 #include <glib/gstdio.h>
			
 
				 #include <sys/resource.h>
			
@@ -1057,6 +1062,10 @@ int main(int argc, char **argv)
 
				     struct statfs st_fs;
			
 
				 #endif
			
 
				 
			
 
				+    fprintf(stderr, "NOTE: The 9p 'proxy' backend is deprecated (since "
			
 
				+                    "QEMU 8.1) and will be removed in a future version of "
			
 
				+                    "QEMU!\n");
			
 
				+
			
 
				     prog_name = g_path_get_basename(argv[0]);
			
 
				 
			
 
				     is_daemon = true;
			
--- a/hw/9pfs/9p-proxy.c
+++ b/hw/9pfs/9p-proxy.c
@@ -15,6 +15,11 @@
 
				  * https://wiki.qemu.org/Documentation/9p
			
 
				  */
			
 
				 
			
 
				+/*
			
 
				+ * NOTE: The 9p 'proxy' backend is deprecated (since QEMU 8.1) and will be
			
 
				+ * removed in a future version of QEMU!
			
 
				+ */
			
 
				+
			
 
				 #include "qemu/osdep.h"
			
 
				 #include <sys/socket.h>
			
 
				 #include <sys/un.h>
			
--- a/hw/9pfs/9p-proxy.h
+++ b/hw/9pfs/9p-proxy.h
@@ -10,6 +10,11 @@
 
				  * the COPYING file in the top-level directory.
			
 
				  */
			
 
				 
			
 
				+/*
			
 
				+ * NOTE: The 9p 'proxy' backend is deprecated (since QEMU 8.1) and will be
			
 
				+ * removed in a future version of QEMU!
			
 
				+ */
			
 
				+
			
 
				 #ifndef QEMU_9P_PROXY_H
			
 
				 #define QEMU_9P_PROXY_H
			
 
				 
			
--- a/meson.build
+++ b/meson.build
@@ -4179,7 +4179,7 @@ if have_block
 
				   summary_info += {'Block whitelist (ro)': get_option('block_drv_ro_whitelist')}
			
 
				   summary_info += {'Use block whitelist in tools': get_option('block_drv_whitelist_in_tools')}
			
 
				   summary_info += {'VirtFS (9P) support':    have_virtfs}
			
 
				-  summary_info += {'VirtFS (9P) Proxy Helper support': have_virtfs_proxy_helper}
			
 
				+  summary_info += {'VirtFS (9P) Proxy Helper support (deprecated)': have_virtfs_proxy_helper}
			
 
				   summary_info += {'Live block migration': config_host_data.get('CONFIG_LIVE_BLOCK_MIGRATION')}
			
 
				   summary_info += {'replication support': config_host_data.get('CONFIG_REPLICATION')}
			
 
				   summary_info += {'bochs support':     get_option('bochs').allowed()}
			
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1735,7 +1735,9 @@ SRST
 
				         Accesses to the filesystem are done by QEMU.
			
 
				 
			
 
				     ``proxy``
			
 
				-        Accesses to the filesystem are done by virtfs-proxy-helper(1).
			
 
				+        Accesses to the filesystem are done by virtfs-proxy-helper(1). This
			
 
				+        option is deprecated (since QEMU 8.1) and will be removed in a future
			
 
				+        version of QEMU. Use ``local`` instead.
			
 
				 
			
 
				     ``synth``
			
 
				         Synthetic filesystem, only used by QTests.
			
@@ -1867,6 +1869,8 @@ SRST
 
				 
			
 
				     ``proxy``
			
 
				         Accesses to the filesystem are done by virtfs-proxy-helper(1).
			
 
				+        This option is deprecated (since QEMU 8.1) and will be removed in a
			
 
				+        future version of QEMU. Use ``local`` instead.
			
 
				 
			
 
				     ``synth``
			
 
				         Synthetic filesystem, only used by QTests.