QMP Notes

Copyright 2016 by Assured Information Security, Inc. Created by Ross Philipson <philipsonr@ainfosec.com>. This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.

QMP

The basics on QMP can be found here:

http://wiki.qemu.org/QMP

QMP Helper

When QEMU is run in dom0 with the toolstack (xl in this case), it will typically be setup to create a UNIX socket that xl can connect to and communicate with QEMU. This is done using a QEMU command line argument like this (where N is the quest's domain ID):

-qmp unix:/var/run/xen/qmp-libxl-N,server,nowait

The argument after unix: is the name of the UNIX socket that is created and set to listen for connections.

When QEMU is moved to a stub-domain, this communication method is no longer available. The QMP helper is the means by which QMP communications can be established with a QEMU running in a stub-domain. The QMP helper bits work a lot like the other stub-domain helpers in xctools.git. It consists of two components:

A chardrv implementation that is introduced into the qemu-char.c code. This new type of chardrv can sit below other monitors and consoles and route traffic over V4V.
A proxy process called qmp_helper runs in dom0 and can talk to the V4V chardrv in QEMU in the stubdom. The qmp_helper also creates a UNIX socket exactly as QEMU would have above in dom0. The toolstack (xl) can then connect directly to the UNIX socket and the rest is invisible to it.

The qmp_helper must be started with the stub-domain ID where the QEMU it wants to talk to lives. There is an instance of qmp_helper per stub-domain. The QEMU instance in the stub-domain must be started with this version of the QMP parameter:

-qmp v4v

The QMP helper also needs changes to SELinux and the V4V firewall before it will work properly. If those changes are not yet implemented, QMP helper can still be tested by putting SELinux in permissive mode and flushing all the V4V firewall rules:

$ nr

$ setenforce 0

$ viptables -F

NOTE: the implementations currently resides here until it is brought into OpenXT proper:

https://github.com/rossphilipson/xenclient-oe/blob/qmp_helper/recipes-openxt/qemu-dm/qemu-dm-1.4/0036-qmp-v4v-char-driver.patch

https://github.com/rossphilipson/xctools/tree/qmp_helper/qmp_helper

QMP Shell

The QMP shell is a great tool for testing QMP stuffs. It is a set of python scripts that can basically send any QMP command to QEMU and receive any asynchronous events of the QMP channel that QEMU sends. First Python must be installed in dom0 to use it. Before doing this, create some space in the rootfs using the instructions here: Create Space on Target. The following set of additional packages must be installed to get Python support:

$ opkg install libpython2.7-1.0_2.7.9-r1_core2-32.ipk python-core_2.7.9-r1_core2-32.ipk python-lang_2.7.9-r1_core2-32.ipk python-re_2.7.9-r1_core2-32.ipk python-json_2.7.9-r1_core2-32.ipk python-codecs_2.7.9-r1_core2-32.ipk python-math_2.7.9-r1_core2-32.ipk python-crypt_2.7.9-r1_core2-32.ipk python-netclient_2.7.9-r1_core2-32.ipk python-mime_2.7.9-r1_core2-32.ipk python-datetime_2.7.9-r1_core2-32.ipk python-io_2.7.9-r1_core2-32.ipk python-logging_2.7.9-r1_core2-32.ipk python-textutils_2.7.9-r1_core2-32.ipk python-contextlib_2.7.9-r1_core2-32.ipk python-pickle_2.7.9-r1_core2-32.ipk python-stringold_2.7.9-r1_core2-32.ipk python-readline_2.7.9-r1_core2-32.ipk python-pprint_2.7.9-r1_core2-32.ipk

Next locate the files qmp-shell and qmp.py under the QMP directory in the qemu-1.4.1 tree. These files an be copied together anywhere in the dom0. Once the shell is running, tabbing will auto-complete showing a list of commands. Hitting enter with no commands will show any asynchronous messages that may have arrived.