Users complained that it is not obvious what to do when kvm refuses to
build or run due to an unsupported host kernel, so let's improve the
hints.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
When configuring for several targets, some with KVM and some without, CONFIG_KVM was accidentally disabled for some of the targets.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Try to detect the name of the pthread library.
Currently it looks for "-pthread" and "-pthreadGC2".
Signed-off-by: Sebastian Herbszt <herbszt@gmx.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Currently Qemu can read from posix I/O and NBD. This patch adds a
third protocol to the game: HTTP.
In certain situations it can be useful to access HTTP data directly,
for example if you want to try out an http provided OS image, but
don't know if you want to download it yet.
Using this patch you can now try it on on the fly. Just use it like:
qemu -cdrom http://host/path/my.iso
Signed-off-by: Alexander Graf <agraf@suse.de>
--disable-gfx-check predates VNC server support. It made sense back then
because the only thing you could do without SDL was use -nographic mode or
similar tricks. Since this is a very advanced mode of operation, gfx-check
provided a good safety net for casual users.
A casual user is very likely to use VNC to interact with a guest. In fact, it's
often frustrating to install QEMU on a server and have to specify
disable-gfx-check when you only want to use VNC.
This patch eliminates disable-gfx-check and makes SDL behave like every other
optional dependency. If SDL is not available, instead of failing ungracefully
if no special options are specified, we default to -vnc localhost:0,to=99.
When we do default to VNC, we also print a message to tell the user that we've
done this include which port we're currently listening on.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The only target dependency for most hardware is sizeof(target_phys_addr_t).
Build these files into a convenience library, and use that instead of
building for every target.
Remove and poison various target specific macros to avoid bogus target
dependencies creeping back in.
Big/Little endian is not handled because devices should not know or care
about this to start with.
Signed-off-by: Paul Brook <paul@codesourcery.com>
This is no user-flippable switch, and no arch makes use of disabling
gdbstub support. So it's pointless to keep the related #ifdefs and
configure hunks around - and risking breakages like 711c410fdd again.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
This adds domain building support for paravirtual domains to qemu.
This allows booting xen guests directly with qemu, without Xend
and the management stack.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7226 c046a42c-6fe2-441c-8c8c-71466251a162
- configure script and build system changes.
- wind up new machine type.
- add -xen-* command line options.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7219 c046a42c-6fe2-441c-8c8c-71466251a162
kqemu.o is compiled even if kqemu support is disabled. This is useless
(kqemu.o should provide nothing that is actually used in that case) and
slightly confusing. So introduce CONFIG_KQEMU for optionally compiling
kqemu.o.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7185 c046a42c-6fe2-441c-8c8c-71466251a162
attached patch makes qemu use install consistently.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7177 c046a42c-6fe2-441c-8c8c-71466251a162
Configure test was broken, so the breakage of the #ifdef'd
code was not noticed.
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7134 c046a42c-6fe2-441c-8c8c-71466251a162
Reported by Stefan Weil
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7121 c046a42c-6fe2-441c-8c8c-71466251a162
The openat/*at syscalls are incredibly common with modern coreutils,
calling them directly via syscalls breaks for example fakeroot. Use
glibc stubs whenever directly available and provide old syscall
calling for people still using older libc.
Patch originally from Mika Westerberg, Adapted to
apply to current trunk and cleaned up by Riku Voipio.
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7118 c046a42c-6fe2-441c-8c8c-71466251a162
This patch allows DEBUG_TCGV to be defined (and also prevents NDEBUG
from being defined) when passing an option to the configure script.
This should help to prevent any accidental changes that enable
DEBUG_TCGV in tcg/tcg.h from being committed in future, and may
help to encourage testing with DEBUG_TCGV enabled.
Signed-off-by: Stuart Brady <stuart.brady@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7105 c046a42c-6fe2-441c-8c8c-71466251a162
Allows distributors to identify their builds without needing to hack the
sources.
Signed-off-by: Paul Brook <paul@codesourcery.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7036 c046a42c-6fe2-441c-8c8c-71466251a162
This ties up the preadv/pwritev syscalls to qemu if they are declared in
unistd.h. This is the case currently on at least NetBSD and OpenBSD and
will hopefully soon be the case on Linux.
Thanks to Blue Swirl and Gerd Hoffmann for the configure autodetection
of preadv/pwritev.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7021 c046a42c-6fe2-441c-8c8c-71466251a162
It breaks the build.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6996 c046a42c-6fe2-441c-8c8c-71466251a162
This patch adds a new qemu-io tool that links against the block layer and
image formats and allow to exercise them without needing a guest image.
It is inspired by the xfs_io tool which does the same for plain file I/O.
In fact the libxcmd library which is the backend of xfs_io is reused by this
tool in a limited fashing (cmd.[ch] files).
This version tests out most of the plain block I/O commands with the
most notable absent commands beeing snapshot handling and real aio.
This tool is the basis of the I/O path test suite I'm working on right now.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6990 c046a42c-6fe2-441c-8c8c-71466251a162
Currently qemu unconditionally strips binaries on install. This
is a problem for packagers who may want to store/ship debug symbols
of compiled packages for debugging purposes.
Keep stripping as default for the oldtimers and add a
--disable-strip flag to override.
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6983 c046a42c-6fe2-441c-8c8c-71466251a162
On German Fedora 9, no KVM errors are displayed.
This is because configure greps for "error:", which is locale-sensitive.
Use LANG=C for configure to find and display errors as expected.
Signed-off-by: Andreas Faerber <andreas.faerber@web.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6791 c046a42c-6fe2-441c-8c8c-71466251a162
We want to globally define WIN_LEAN_AND_MEAN and WINVER to particular values so
let's do it in OS_CFLAGS.
Then, we can pepper in windows.h includes where using #includes that require it.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6783 c046a42c-6fe2-441c-8c8c-71466251a162
This patch introduces a generic internal API for access control lists
to be used by network servers in QEMU. It adds support for checking
these ACL in the VNC server, in two places. The first ACL is for the
SASL authentication mechanism, checking the SASL username. This ACL
is called 'vnc.username'. The second is for the TLS authentication
mechanism, when x509 client certificates are turned on, checking against
the Distinguished Name of the client. This ACL is called 'vnc.x509dname'
The internal API provides for an ACL with the following characteristics
- A unique name, eg vnc.username, and vnc.x509dname.
- A default policy, allow or deny
- An ordered series of match rules, with allow or deny policy
If none of the match rules apply, then the default policy is
used.
There is a monitor API to manipulate the ACLs, which I'll describe via
examples
(qemu) acl show vnc.username
policy: allow
(qemu) acl policy vnc.username denya
acl: policy set to 'deny'
(qemu) acl allow vnc.username fred
acl: added rule at position 1
(qemu) acl allow vnc.username bob
acl: added rule at position 2
(qemu) acl allow vnc.username joe 1
acl: added rule at position 1
(qemu) acl show vnc.username
policy: deny
0: allow fred
1: allow joe
2: allow bob
(qemu) acl show vnc.x509dname
policy: allow
(qemu) acl policy vnc.x509dname deny
acl: policy set to 'deny'
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
acl: added rule at position 1
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
acl: added rule at position 2
(qemu) acl show vnc.x509dname
policy: deny
0: allow C=GB,O=ACME,L=London,CN=*
1: allow C=GB,O=ACME,L=Boston,CN=bob
By default the VNC server will not use any ACLs, allowing access to
the server if the user successfully authenticates. To enable use of
ACLs to restrict user access, the ',acl' flag should be given when
starting QEMU. The initial ACL activated will be a 'deny all' policy
and should be customized using monitor commands.
eg enable SASL auth and ACLs
qemu .... -vnc localhost:1,sasl,acl
The next patch will provide a way to load a pre-defined ACL when
starting up
Makefile | 6 +
b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
b/acl.h | 74 ++++++++++++++++++++++
configure | 18 +++++
monitor.c | 95 ++++++++++++++++++++++++++++
qemu-doc.texi | 49 ++++++++++++++
vnc-auth-sasl.c | 16 +++-
vnc-auth-sasl.h | 7 ++
vnc-tls.c | 19 +++++
vnc-tls.h | 3
vnc.c | 21 ++++++
vnc.h | 3
12 files changed, 491 insertions(+), 5 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
This patch corrects SDL support on X11 hosts using evdev. It's losely based
on the previous patch by Dustin Kirkland and the evdev support code in gtk-vnc
written by Daniel Berrange.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6678 c046a42c-6fe2-441c-8c8c-71466251a162
The sysctl variable if we're 64-bit capable only exists on i386. So we should only check it if we're on i386.
This suppresses a warning on PowerPC spotted by Andreas Faerber.
Signed-off-by: Alexander Graf <alex@csgraf.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6640 c046a42c-6fe2-441c-8c8c-71466251a162
Mac OS X 10.5 supports 64-bit userspace on an x86_64 kernel and
by default uses 32-bit userspace applications, so the detection for
the host architecture fails.
This patch enabled building of x86_64 code on x86_64 capable CPUS
with Mac OS X.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6443 c046a42c-6fe2-441c-8c8c-71466251a162