Commit Graph

42904 Commits

Author SHA1 Message Date
Daniel P. Berrange
7b36064c90 crypto: add ability to query hash digest len
Add a qcrypto_hash_digest_len() method which allows querying of
the raw digest size for a given hash algorithm.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-23 11:02:20 +00:00
Daniel P. Berrange
dd2bf9eb95 crypto: add additional query accessors for cipher instances
Adds new methods to allow querying the length of the cipher
key, block size and initialization vectors.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-23 11:02:20 +00:00
Peter Maydell
5dc42c186d -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJWeQ9nAAoJEJykq7OBq3PIn74IALimi9+E0Ng9fjDYSbfV/T9e
 xRWIOMxicWO+UfB+sVNdNUj9PUFBBWb5k163f2wvbhHQ8rm+/j/cG5X4fZ4bdyHR
 KZE0FHiqhEKE4Az1z8d01ojwXDeSq+feTZX2BlEvUqIfWJYUI7gH6XI92BMk4wen
 p/ISslPX33Le2nsd0vWuwtRcZ95CFVTcilYp4p+u5+o71z4+e7k46B0udw+awB6F
 1aAxWqe0tq+utLEOSF3RZfB2Md2o6yKLhWNCviIELqOc9ECkVUOJUyWZZHBj1k0p
 X9p3dL2hgqEok+fa8NRb5eIJ2b5jstq6Qs1phlEJ4j2LssmuU6FUzCcaLgYFUgU=
 =Fys+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Tue 22 Dec 2015 08:52:55 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  sdhci: add optional quirk property to disable card insertion/removal interrupts
  sdhci: don't raise a command index error for an unexpected response
  sd: sdhci: Delete over-zealous power check
  scripts/gdb: Fix a python exception in mtree.py
  parallels: add format spec
  block/mirror: replace IOV_MAX with blk_get_max_iov()
  block: replace IOV_MAX with BlockLimits.max_iov
  block-backend: add blk_get_max_iov()
  block: add BlockLimits.max_iov field
  virtio-blk: trivial code optimization

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-22 14:21:42 +00:00
Andrew Baumann
723697551a sdhci: add optional quirk property to disable card insertion/removal interrupts
This is needed for a quirk of the Raspberry Pi (bcm2835/6) MMC
controller, where the card insert bit is documented as unimplemented
(always reads zero, doesn't generate interrupts) but is in fact
observed on hardware as set at power on, but is cleared (and remains
clear) on subsequent controller resets.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1450738069-18664-4-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:34:26 +08:00
Andrew Baumann
62d32ec817 sdhci: don't raise a command index error for an unexpected response
This deletes a block of code that raised a command index error if a
command returned response data, but the guest did not set the
appropriate bits in the response register to handle such a response. I
cannot find any documentation that suggests the controller should
behave in this way, the error code doesn't make sense (command index
error is defined for the case where the index in a response does not
match that of the issued command), and in at least one case (CMD23
issued by UEFI on Raspberry Pi 2), actual hardware does not do this.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1450738069-18664-3-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:34:26 +08:00
Peter Crosthwaite
6890a695d9 sd: sdhci: Delete over-zealous power check
This check was conditionalising SD card operation on the card being
powered by the SDHCI host controller. It is however possible
(particularly in embedded systems) for the power control of the SD card
to be managed outside of SDHCI. This can be as trivial as hard-wiring
the SD slot VCC to a constant power-rail.

This means the guest SDHCI can validly opt-out of the SDHCI power
control feature while still using the card. So delete this check to
allow operation of the card with SDHCI power control.

This is needed for at least Xilinx Zynq and Raspberry Pi, and
also makes Freescale i.MX25 work for me. The digilent Zybo board
has a public schematic which shows SD VCC hardwiring:

http://digilentinc.com/Data/Products/ZYBO/ZYBO_sch_VB.3.pdf
bottom of page 3.

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Sai Pavan Boddu <saipava@xilinx.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1450738069-18664-2-git-send-email-Andrew.Baumann@microsoft.com
[AB: Add Pi to list of devices fixed in commit message]
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:34:26 +08:00
Yang Wei
d6b6913276 scripts/gdb: Fix a python exception in mtree.py
The following exception is threw:
Python Exception <class 'NameError'> name 'long' is not defined:
Error occurred in Python command: name 'long' is not defined

Python 2.4+, int()/long() have been unified, so replace long
with int.

Signed-off-by: Yang Wei <w90p710@gmail.com>
Message-id: 1449316340-4030-1-git-send-email-w90p710@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:01:08 +08:00
Vladimir Sementsov-Ogievskiy
b4a9e25b7b parallels: add format spec
This specifies Parallels image format as implemented in Parallels Cloud
Server 6.10

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-id: 1448626806-17591-1-git-send-email-den@openvz.org
CC: Eric Blake <eblake@redhat.com>
CC: John Snow <jsnow@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:01:07 +08:00
Stefan Hajnoczi
3515727f31 block/mirror: replace IOV_MAX with blk_get_max_iov()
Use blk_get_max_iov() instead of hardcoding IOV_MAX, which may not apply
to all BlockDrivers.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:01:07 +08:00
Stefan Hajnoczi
222565f65c block: replace IOV_MAX with BlockLimits.max_iov
Request merging must not result in a huge request that exceeds the
maximum number of iovec elements.  Use BlockLimits.max_iov instead of
hardcoding IOV_MAX.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:01:07 +08:00
Stefan Hajnoczi
648296e067 block-backend: add blk_get_max_iov()
Add a function to query BlockLimits.max_iov.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:01:07 +08:00
Stefan Hajnoczi
bd44feb754 block: add BlockLimits.max_iov field
The maximum number of struct iovec elements depends on the
BlockDriverState.  The raw-posix and iSCSI protocols have a maximum of
IOV_MAX but others could have different values.

Cc: Peter Lieven <pl@kamp.de>
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:01:07 +08:00
Gonglei
49cffbc607 virtio-blk: trivial code optimization
1. avoid possible superflous checking
2. make code more robustness

["make code more robustness" refers to avoiding integer
underflows/overflows.
--Stefan]

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-id: 1447207166-12612-1-git-send-email-arei.gonglei@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:01:07 +08:00
Peter Maydell
c595b21888 NUMA queue, 2015-12-18
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJWdEgsAAoJECgHk2+YTcWm1J8P/0tI1tGWpq5CAEtewpmlEXLC
 +Ld7DBe6OMgW4CB3f/WqG7JqOfzPGrbPzaI22+gzMxZit6qPLqetwNYyxo2iTM/Y
 HZPSwN9uRQRSq4GB/jtG6k8cDtSpBEdLdEtXlsd5UCTWc1h6zDiiLdDD3wIXchI6
 EUp7XgWD2aepRi5bCMb1S3kOPWo8wAq2D4XmiRDR+m/IuXDeCTr5o1mGAUo4mSfz
 QwxOu7r9LfdGN5D2cHXm4GQG11ajqJsZXyKtEFbmCClRrVwaSb7iCxPxi2wWQL2U
 26Y+PkgTlg+WhgV6vhAAkz2ypdOoPtvWvEEwSmsS8F4+xDaiT/KN7KjFwPP7UO4O
 htXLq2Hut9XKesLw98rqVfi9kyBCYPX9kVdf1Kz6vfmZbj34+ze/ps0iygUKznKs
 CN1vpu0cPpumcPNRdPpkrF5qn4PKyp4RoiCft/vqL7MBSBo+728j0zZFsnTYgp46
 Tmn5n/rown7Apx4xS89XxhwQ0yKPMbghf7kirDNLEGltX94P5Lnqp1xvYOpSYnPz
 FvIFk+CgpB39lo8/or58Cff7XPPfA8mr79zRl1AtSpUFrhgaFV2Yqt8SAlFUh8zG
 si2R1YUId8tdnnn5uQ9Aiq1ZiYV0JYh+8FOYBqp723SsiTGGcMGQkboQKBGkager
 BRAvPHLSpkuBbOueEd4k
 =KG6V
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging

NUMA queue, 2015-12-18

# gpg: Signature made Fri 18 Dec 2015 17:53:48 GMT using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"

* remotes/ehabkost/tags/numa-pull-request:
  numa: Clean up query-memdev error handling

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-18 18:47:17 +00:00
Markus Armbruster
2f6f826e03 numa: Clean up query-memdev error handling
qmp_query_memdev() has two error paths:

* When object_get_objects_root() returns null.  It never does, so
  simply drop the useless error handling.

* When query_memdev() fails.  It leaks err then.  But any failure
  there is actually a programming error.  Switch it to &error_abort,
  and drop the useless error handling.

Messed up in commit 76b5d85 "qmp: add query-memdev".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-12-18 15:50:24 -02:00
Peter Maydell
c688084506 Merge QCryptoSecret object support
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJWdDmJAAoJEL6G67QVEE/fJ4EP+gNC4ErBDpbg+I4RhLHv/FsF
 i2iEYkmBfFzUmiB8iSFlJY12XJ/CPnbrWks0WNHIoarUgtGuvfqH91KGkERxJQFE
 TkD65EOhNHWlP1zaI5r5ZMizhOdO6EPa0pbS/QH/UCy5qwu5IbG5EesOw00d7nL8
 5gT39ehXAFljutRygWsa1JyOkDB04WNehVsly/l2t9v16aQUDJOC5mWVuoInrDEo
 ye1VG2Cx7Y1/FRo3fFCDwzYD+8jgxIBAu8Igwjk/95VbfBVl769PBAilQRc5zMHt
 //eMNdul6GooVKmu/K1JWkmjIZJFUiboEMgPJElWV1y8bWmhh++4J6EVb55owoDk
 VRv84cqiaYErVb+56gaImr92GSKezll0APWz6YlDsFZgPClCPnUjDSr39+23t1h4
 LprirtbkAjw73T92kuQ7kzbXElWm7rSfcx5u1/S6YPP+EDzZpW9+h62lKGGnuS2M
 bzwFOOmWHe1MhbRSh+BOzGBf1wWhMSCKgLAOmPuRQ8slS91vfE66bIlqpIKBGgfn
 42t0wZCEW8bqIe8xry5pC5UoDfm3cVDhgGHGyMLWWDMez0qDchaAkWNkIDtc8Juv
 a1WqE/0lP/sVb36yLVANvt1/Qvpg6M3JwMbTjVaJl2eTDDtwho4PK+Chxx0a8BGl
 Z6oGj1rmvCDD2Dsi/EXI
 =g+9G
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1' into staging

Merge QCryptoSecret object support

# gpg: Signature made Fri 18 Dec 2015 16:51:21 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"

* remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1:
  crypto: add support for loading encrypted x509 keys
  crypto: add QCryptoSecret object class for password/key handling
  qga: convert to use error checked base64 decode
  qemu-char: convert to use error checked base64 decode
  util: add base64 decoding function

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-18 17:04:15 +00:00
Peter Maydell
de532ff1df Block layer patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJWdAzvAAoJEH8JsnLIjy/WBk4P/RyU+ZJGEGNpcEK0OSwZ4Oi5
 L+JDbJnsYz9zsX2yFhxv1qaGt6Lft5GDWU/nwva+urPm+hPCg7P5gF5i69iQC7wQ
 PoRZY7UVGtE5EhmZW6KVp1B6tK1Xmfyuwvc+3jgxJdwUzDCZ6w818f2e1M3HfLsj
 FSMYa3Pxj1wSxIodxko+7S0n+PugpcOjvMoM3/5Lo067tgvCbU31WW8kmVBlq0mZ
 GEEVELsZ/sSXt7Rjq+Y4qC+zwWG5ZiX3opNOqydh7eltiINiIvWhvEs1WYbIyMPb
 hpX3UX8XqHQRl8NmWpvEzTkWY6z7C+g5G7znKtqvA/S6f8KxIVcdx7wsYZHWOZja
 xkB2nJXVLxn8ni5EMfG6OpfDNY1ZTaoSysLJ9mnRnEn6cNh7qzJa+dryt1vwDJw3
 INOtjdcBPPvkLjJ3SwXGFpwcIYcpkNXdSolNsCiihOtT/2gDhP2OAoowit8+miBI
 /pN0GkTSH+syNe7SPmApFqPVWoWNVFPkKm1nxzo1H1/dbA0P5O/ly3wlGZtRA4cj
 atenXuSpT6R/hPZs55HEVdwHNoleluRSHJ6BcLZzkS+fpz8zdgsXDsv0BK8s7jXC
 EUHKiBQacny7HzrZFjtqz0rO8iBIhw62R+gYBoALYuTszbFIAY29qLQFbC6iKec5
 MA4rwYOcpNVSII22zXcs
 =RcEq
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

# gpg: Signature made Fri 18 Dec 2015 13:41:03 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream: (48 commits)
  block/qapi: allow best-effort query
  qemu-img: abort when full_backing_filename not present
  block/qapi: explicitly warn if !has_full_backing_filename
  block/qapi: always report full_backing_filename
  block/qapi: do not redundantly print "actual path"
  qemu-iotests: s390x: fix test 068
  qemu-iotests: s390x: fix test 051
  qemu-iotests: refine common.config
  block: fix bdrv_ioctl called from coroutine
  block: use drained section around bdrv_snapshot_delete
  iotests: Update comments for bdrv_swap() in 094
  block: Remove prototype of bdrv_swap from header
  raw-posix: Make aio=native option binding
  qcow2: insert assert into qcow2_get_specific_info()
  iotests: Extend test 112 for qemu-img amend
  qcow2: Point to amend function in check
  qcow2: Invoke refcount order amendment function
  qcow2: Add function for refcount order amendment
  qcow2: Use intermediate helper CB for amend
  qcow2: Split upgrade/downgrade paths for amend
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-18 16:34:44 +00:00
Daniel P. Berrange
1d7b5b4afd crypto: add support for loading encrypted x509 keys
Make use of the QCryptoSecret object to support loading of
encrypted x509 keys. The optional 'passwordid' parameter
to the tls-creds-x509 object type, provides the ID of a
secret object instance that holds the decryption password
for the PEM file.

 # printf "123456" > mypasswd.txt
 # $QEMU \
    -object secret,id=sec0,filename=mypasswd.txt \
    -object tls-creds-x509,passwordid=sec0,id=creds0,\
            dir=/home/berrange/.pki/qemu,endpoint=server \
    -vnc :1,tls-creds=creds0

This requires QEMU to be linked to GNUTLS >= 3.1.11. If
GNUTLS is too old an error will be reported if an attempt
is made to pass a decryption password.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18 16:25:08 +00:00
Daniel P. Berrange
ac1d887849 crypto: add QCryptoSecret object class for password/key handling
Introduce a new QCryptoSecret object class which will be used
for providing passwords and keys to other objects which need
sensitive credentials.

The new object can provide secret values directly as properties,
or indirectly via a file. The latter includes support for file
descriptor passing syntax on UNIX platforms. Ordinarily passing
secret values directly as properties is insecure, since they
are visible in process listings, or in log files showing the
CLI args / QMP commands. It is possible to use AES-256-CBC to
encrypt the secret values though, in which case all that is
visible is the ciphertext.  For ad hoc developer testing though,
it is fine to provide the secrets directly without encryption
so this is not explicitly forbidden.

The anticipated scenario is that libvirtd will create a random
master key per QEMU instance (eg /var/run/libvirt/qemu/$VMNAME.key)
and will use that key to encrypt all passwords it provides to
QEMU via '-object secret,....'.  This avoids the need for libvirt
(or other mgmt apps) to worry about file descriptor passing.

It also makes life easier for people who are scripting the
management of QEMU, for whom FD passing is significantly more
complex.

Providing data inline (insecure, only for ad hoc dev testing)

  $QEMU -object secret,id=sec0,data=letmein

Providing data indirectly in raw format

  printf "letmein" > mypasswd.txt
  $QEMU -object secret,id=sec0,file=mypasswd.txt

Providing data indirectly in base64 format

  $QEMU -object secret,id=sec0,file=mykey.b64,format=base64

Providing data with encryption

  $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
        -object secret,id=sec0,data=[base64 ciphertext],\
	           keyid=master0,iv=[base64 IV],format=base64

Note that 'format' here refers to the format of the ciphertext
data. The decrypted data must always be in raw byte format.

More examples are shown in the updated docs.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18 16:25:08 +00:00
Daniel P. Berrange
920639cab0 qga: convert to use error checked base64 decode
Switch from using g_base64_decode over to qbase64_decode
in order to get error checking of the base64 input data.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18 16:25:08 +00:00
Daniel P. Berrange
e9cf2fe07f qemu-char: convert to use error checked base64 decode
Switch from using g_base64_decode over to qbase64_decode
in order to get error checking of the base64 input data.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18 16:25:08 +00:00
Daniel P. Berrange
89bc0b6cae util: add base64 decoding function
The standard glib provided g_base64_decode doesn't provide any
kind of sensible error checking on its input. Add a QEMU custom
wrapper qbase64_decode which can be used with untrustworthy
input that can contain invalid base64 characters, embedded
NUL characters, or not be NUL terminated at all.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18 16:25:08 +00:00
Peter Maydell
b06f904f2e Merge VNC conversion to I/O channels
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJWdCneAAoJEL6G67QVEE/f3x4QAKXoaXloAj84GRHu/ykBNlol
 4xd5oOE1oY2lDtiz3vEw51f+q/ouGwFn7p8EvKGYWotYHr4++lv8IYiy96LdZ3tx
 OB8PLwPGv782v2Z1d+PZlH3ZHD2Ljg+rnUlvipKZx5S8OmW4WZKyOfyNfNprlX2y
 MlbcMbeXIPtKfg8X9qIU5BzIFeBn6BbZ54J9HKu0xMO+pQKSWaQ9loiF2Gkyh/9C
 lAphFrz+218c7jUu7YqjoUa2u/kNVfWgQxu/QGC4r2lD81+Lbn89PWQ3G72BpMOM
 xHK673iQFglycp/301gWkpHT7goCO7rtGvHg9Y4u6NNRn0HpqFWjKSfJb/6EnDkq
 WJbZ53IceKhFrZUP7m/5MKCmHD3JsdJjvUBkldOFuoB2X96FrPPH7EBGUWkVDgGF
 2On0COHYUufBGqyAX0vDoM5OZikT8DcWge9Vizf50ZguwQIBb1eFpwQoDtU2gyXf
 YBpPvk35KbdNWCf4MlwEpe2aJHyIFDP5NWy+ZYYtX8bsU5DIxmEtW6bqgYouIs3B
 gX0s7nOpZawg3z5eju/noWrIg7P8KBHUV5rCRNpv7WcLxjJwQryp32aoHZNc74Pq
 og6IFYG297djyhTzD+cTSx9sxhM/yxOk/o4Yxceck57Q9myt3adKCfy3Bavoyd/o
 4C9wxqKcz+J1DPjgB99Y
 =1frf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/pull-io-channel-vnc-2015-12-18-1' into staging

Merge VNC conversion to I/O channels

# gpg: Signature made Fri 18 Dec 2015 15:44:30 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"

* remotes/berrange/tags/pull-io-channel-vnc-2015-12-18-1:
  ui: convert VNC server to use QIOChannelWebsock
  ui: convert VNC server to use QIOChannelTLS
  ui: convert VNC server to use QIOChannelSocket

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-18 16:04:31 +00:00
Peter Maydell
6126bc5522 XSA-155 fixes
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJWdCNCAAoJEIlPj0hw4a6QdgQQANgyTTcN0lKonOn+FunmRl3I
 K0en2SEck+kS6vr0SlAkIi6uur3XMATsMZPbGf+kn2+7v92sKf7DG2iS0Vszng49
 IjMOVaGo1ujzMWHqOq6y29gfxOANXCvnGW9YTIJ3S4xfqJdGqdZ9JY/BpAAVPaVA
 hjJqKCQZE1bN1LpPYfkG9UZwR3rzWNDeDZBm4uqJ1wSY74+39E8Ocb+r1LlfghmU
 DR9L1ObTXvMLWB6/h0JRkPhKkAvxku8tmN9CDD+RxGvzSkSkRg7bLXVpY1eOwawn
 EgNAr1MV5fUFYMMKKuFWeXGuqYd1sa6u5Ggm2lt5lzZ/9jRp5+Xk7KHbav23clSh
 pydVTRYFWE1jtve7E/HsB0Xry5J2V+EH9XuTxMVWUlEadBtb+Ic2Mt5GTaClY0aD
 e7qKUpolBOvPOtEMklB8BRt8pAs2Y+m7tr5+n3q90yb757yOtjY/4Pvij3FgGBRW
 /j43fYck5UX96KlwQzSZmX+7EuaeBFNY1fHTyg2F9DDpens/1sLdykXWdp9SvjAf
 iUxpjb9VZwn2BkvEm1mm2gJcEHuxbaHyLdReOv+Hlx1HwYoIMXT+RLnUxsnIjH1I
 ipYoiUnjSPzz7wy5SM9+mTsHFiM37tIoVrPNfwPM9Oi0dBNyl8u+Hg9e4uW/8gwn
 +Hf6qccip0YGLGfD1ujq
 =9VGa
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/sstabellini/tags/xsa155' into staging

XSA-155 fixes

# gpg: Signature made Fri 18 Dec 2015 15:16:18 GMT using RSA key ID 70E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"

* remotes/sstabellini/tags/xsa155:
  xenfb: avoid reading twice the same fields from the shared page
  xen/blkif: Avoid double access to src->nr_segments

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-18 15:32:32 +00:00
Stefano Stabellini
7ea11bf376 xenfb: avoid reading twice the same fields from the shared page
Reading twice the same field could give the guest an attack of
opportunity. In the case of event->type, gcc could compile the switch
statement into a jump table, effectively ending up reading the type
field multiple times.

This is part of XSA-155.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-12-18 15:10:09 +00:00
Stefano Stabellini
f9e98e5d7a xen/blkif: Avoid double access to src->nr_segments
src is stored in shared memory and src->nr_segments is dereferenced
twice at the end of the function.  If a compiler decides to compile this
into two separate memory accesses then the size limitation could be
bypassed.

Fix it by removing the double access to src->nr_segments.

This is part of XSA-155.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-12-18 15:09:58 +00:00
Daniel P. Berrange
d5f042232c ui: convert VNC server to use QIOChannelWebsock
Remove custom websock handling code from the VNC server and use
the QIOChannelWebsock class instead.

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18 15:02:11 +00:00
Daniel P. Berrange
2cc452281e ui: convert VNC server to use QIOChannelTLS
Switch VNC server over to using the QIOChannelTLS object for
the TLS session. This removes all remaining VNC specific code
for dealing with TLS handshakes.

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18 15:02:11 +00:00
Daniel P. Berrange
04d2529da2 ui: convert VNC server to use QIOChannelSocket
The minimal first step conversion to use QIOChannelSocket
classes instead of directly using POSIX sockets API. This
will later be extended to also cover the TLS, SASL and
websockets code.

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18 15:02:11 +00:00
Kevin Wolf
9d4a6cf0ea block-next patches from before the 2.5.0 release.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJWdAxkAAoJEDuxQgLoOKytMf0IAI448PEH3LNGDlmxXmJ8yZUM
 SaZnqXQI8i5KQpSUYSQX9QhogAPa2/OSmFgBgmTxymfoZSa8U9Fw8DSv85+kadIS
 DdULHn5TUfuJSWVRZEeg/ljnksAecje0YhQmXWkxw8xUWuG7pejupobalg81Oi3Q
 PiyF3tI3mvZzagdmGwe0Z9w4ZktB9E6/Q04KqJoKHWYbIQmcovh/sldH9nxR9ulV
 fHHC3fHCQvrgdObZWVWNnAz7UY4oCwQuIxJPM3MJUZkszRb8k0NnshCUC4dRYZDK
 2XwaeGac58TIayutJDEtzWUhVbW9BdrmD2nqugOuoHUlcglrtIduxpL+G9k6I+I=
 =MAdb
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'mreitz/tags/pull-block-for-kevin-2015-12-18' into queue-block

block-next patches from before the 2.5.0 release.

# gpg: Signature made Fri Dec 18 14:38:44 2015 CET using RSA key ID E838ACAD
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>"

* mreitz/tags/pull-block-for-kevin-2015-12-18:
  block/qapi: allow best-effort query
  qemu-img: abort when full_backing_filename not present
  block/qapi: explicitly warn if !has_full_backing_filename
  block/qapi: always report full_backing_filename
  block/qapi: do not redundantly print "actual path"
  qemu-iotests: s390x: fix test 068
  qemu-iotests: s390x: fix test 051
  qemu-iotests: refine common.config

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:40:35 +01:00
John Snow
a5002d5302 block/qapi: allow best-effort query
For more complex BDS trees that can be created under normal circumstances,
we lose the ability to issue query commands because of our inability to
re-construct the absolute filename.

Instead, omit this field when it is a problem and present as much information
as we can.

This will change the expected output in iotest 110, where we will now see a
json filename and the lack of an absolute filename instead of an error.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1450122916-4706-6-git-send-email-jsnow@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-12-18 14:36:17 +01:00
John Snow
92d617abc5 qemu-img: abort when full_backing_filename not present
...But only if we have the backing_filename. It means something Scary
happened and we can't really be quite exactly sure if we can trust the
backing_filename.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1450122916-4706-5-git-send-email-jsnow@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-12-18 14:36:17 +01:00
John Snow
5c9d9ca597 block/qapi: explicitly warn if !has_full_backing_filename
Disambiguate "Backing filename and full backing filename are equivalent"
from "full backing filename could not be determined."

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1450122916-4706-4-git-send-email-jsnow@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-12-18 14:36:17 +01:00
John Snow
12dcb1c018 block/qapi: always report full_backing_filename
Always report full_backing_filename, even if it's the same as
backing_filename. In the next patch, full_backing_filename may be
omitted if it cannot be generated instead of allowing e.g. drive_query
to abort if it runs into this scenario.

The presence or absence of the "full" field becomes useful information.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1450122916-4706-3-git-send-email-jsnow@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-12-18 14:36:17 +01:00
John Snow
548e1ff379 block/qapi: do not redundantly print "actual path"
If it happens to match the backing path, that was the actual path.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1450122916-4706-2-git-send-email-jsnow@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-12-18 14:36:17 +01:00
Bo Tu
a41aa71c15 qemu-iotests: s390x: fix test 068
Now, s390-virtio-ccw is default machine and s390-ccw.img is default boot
loader. If the s390-virtio-ccw machine finds no device to load from and
errors out, then emits a panic and exits the vm. This breaks test cases
068 for s390x.
Adding the parameter of "-no-shutdown" for s390-ccw-virtio will pause VM
before shutdown.

Acked-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Signed-off-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1449136891-26850-4-git-send-email-tubo@linux.vnet.ibm.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-12-18 14:36:17 +01:00
Bo Tu
289f3ebae8 qemu-iotests: s390x: fix test 051
The tests for ide device should only be tested for the pc
platform.
Set device_id to "drive0", and replace every "-drive file..."
by "-drive file=...,if=none,id=$device_id", then x86 and s390x
can get the common output in the test of "Snapshot mode".
Warning message expected for s390x when drive without device.
A x86 platform specific output file is also needed.

Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Signed-off-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1449136891-26850-3-git-send-email-tubo@linux.vnet.ibm.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-12-18 14:36:17 +01:00
Bo Tu
8a7607c2e2 qemu-iotests: refine common.config
Replacing awk with sed, then it's easier to read.
Replacing "[ ! -z "$default_alias_machine" ]" with
"[[ $default_alias_machine ]]", then it's slightly shorter.

Reviewed-by: Max Reitz <mreitz@redhat.com>
Suggested-By: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Eric Blake   <eblake@redhat.com>
Signed-off-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1449136891-26850-2-git-send-email-tubo@linux.vnet.ibm.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-12-18 14:36:17 +01:00
Paolo Bonzini
ba88944495 block: fix bdrv_ioctl called from coroutine
When called from a coroutine, bdrv_ioctl must be asynchronous just like
e.g. bdrv_flush.  The code was incorrectly making it synchronous, fix
it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:44 +01:00
Paolo Bonzini
27a7649a48 block: use drained section around bdrv_snapshot_delete
Do not use bdrv_drain, since by itself it does not guarantee
anything.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:44 +01:00
Fam Zheng
8382ba6153 iotests: Update comments for bdrv_swap() in 094
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:44 +01:00
Fam Zheng
bbe1ef2686 block: Remove prototype of bdrv_swap from header
The function has gone.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:43 +01:00
Kevin Wolf
d657c0c289 raw-posix: Make aio=native option binding
Traditionally, aio=native was treated as an advice that could simply be
ignored if an error occurs while initialising Linux AIO or the feature
wasn't compiled in. This behaviour was deprecated in commit 96518254
(qemu 2.3; error during init) and commit 1501ecc1 (qemu 2.5; not
compiled in).

This patch changes raw-posix to error out in these cases instead of
printing a deprecation warning.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-18 14:34:43 +01:00
Denis V. Lunev
b1fc8f934b qcow2: insert assert into qcow2_get_specific_info()
s->qcow_version is always set to 2 or 3. Let's assert if this is wrong.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Roman Kagan <rkagan@virtuozzo.com>
CC: Max Reitz <mreitz@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:43 +01:00
Max Reitz
e9dbdc5e46 iotests: Extend test 112 for qemu-img amend
Add tests for conversion between different refcount widths.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:43 +01:00
Max Reitz
03bb78ed25 qcow2: Point to amend function in check
If a reference count is not representable with the current refcount
order, the image check should point to qemu-img amend for increasing the
refcount order. However, qemu-img amend needs write access to the image
which cannot be provided if the image is marked corrupt; and the image
check will not mark the image consistent unless everything actually is
consistent.

Therefore, if an image is marked corrupt and the image check encounters
a reference count overflow, it cannot be fixed by using qemu-img amend
to increase the refcount order. Instead, one has to use qemu-img convert
to create a completely new copy of the image in this case.

Alternatively, we may want to give the user a way of manually removing
the corrupt flag, maybe through qemu-img amend, but this is not part of
this patch.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:43 +01:00
Max Reitz
61ce55fc02 qcow2: Invoke refcount order amendment function
Make use of qcow2_change_refcount_order() to support changing the
refcount order with qemu-img amend.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:43 +01:00
Max Reitz
791c9a004e qcow2: Add function for refcount order amendment
Add a function qcow2_change_refcount_order() which allows changing the
refcount order of a qcow2 image.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:43 +01:00
Max Reitz
c293a80927 qcow2: Use intermediate helper CB for amend
If there is more than one time-consuming operation to be performed for
qcow2_amend_options(), we need an intermediate CB which coordinates the
progress of the individual operations and passes the result to the
original status callback.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:43 +01:00
Max Reitz
1038bbb803 qcow2: Split upgrade/downgrade paths for amend
If the image version should be upgraded, that is the first we should do;
if it should be downgraded, that is the last we should do. So split the
version change block into an upgrade part at the start and a downgrade
part at the end.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-12-18 14:34:43 +01:00