Only old machine types which don't use the acpi builder (qemu 1.7 + older)
have to load that file for proper acpi support.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Allow the IPMI interface to request a forced power off.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add a way for IPMI devices to register their firmware information
with the IPMI subsystem so that various firmware entities can pull
that information later for adding to firmware tables.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add some basic documentation for the IPMI device.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Test the KCS interface with a local BMC and a BT interface with an
external BMC.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This provides the simulation of the BT hardware interface for
IPMI.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This provides the simulation of the KCS hardware interface.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This adds an interface for IPMI that connects to a remote
BMC over a chardev (generally a TCP socket). The OpenIPMI
lanserv simulator describes this interface, see that for
interface details.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This provides a minimal local BMC, basically enough to comply with the
spec and provide a complete watchdog timer (including a sensor, SDR,
and event).
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add the basic IPMI types and infrastructure to QEMU. Low-level
interfaces and simulation interfaces will register with this; it's
kind of the go-between to tie them together.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Group related PCMachineState and PCMachineClass fields into
sections, and move existing field descriptions to doc comments.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
The field is not used for anything.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Add bus property to PC machines and use it when looking
for primary PCI root bus (bus 0).
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
The pxb-pcie is the counterpart of pxb for PCI express machines.
The new device re-uses the pxb code, but appears to the guests
as a different device. The pxb-pcie device does not have an internal
pci-pci bridge and exposes a PCIe root bus instead of a PCI one.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
A generic PCI Bus Expander doesn't necessary have a built-in PCI bridge.
Int this case the ACPI will include IO/MEM ranges per device. Try to merge
adjacent resources to reduce the ACPI tables length.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This way, these settings can be simply set on the corresponding
machine_options() function, instead of requiring code in
pc_compat_*() functions.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
The property is read-only and not used for anything.
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
enforce_aligned_dimm never changes after the machine is
initialized, so it can be simply set in PCMachineClass like all
the other compat fields.
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This way we don't need code in pc_compat_*() functions to set the legacy
acpi_data_size value.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
This way we can set legacy_acpi_table_size on the machine_options()
functions, instead of requirng code in pc_compat_*() functions.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
This way the compat flags can be initialized in the machine_options()
function. This will help us to eventually eliminate the pc_compat_*()
functions.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
The comment I put in mmap-alloc to document the ppc64 rules
refers to the previous revision of the patch:
we don't look at memory alignment anymore, we check
the fs from which the fd is mapped, instead.
It's also not clear what does "in this case" refer
to, rearrange text to make it clearer.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This is needed for a quirk of the Raspberry Pi (bcm2835/6) MMC
controller, where the card insert bit is documented as unimplemented
(always reads zero, doesn't generate interrupts) but is in fact
observed on hardware as set at power on, but is cleared (and remains
clear) on subsequent controller resets.
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1450738069-18664-4-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This deletes a block of code that raised a command index error if a
command returned response data, but the guest did not set the
appropriate bits in the response register to handle such a response. I
cannot find any documentation that suggests the controller should
behave in this way, the error code doesn't make sense (command index
error is defined for the case where the index in a response does not
match that of the issued command), and in at least one case (CMD23
issued by UEFI on Raspberry Pi 2), actual hardware does not do this.
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1450738069-18664-3-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This check was conditionalising SD card operation on the card being
powered by the SDHCI host controller. It is however possible
(particularly in embedded systems) for the power control of the SD card
to be managed outside of SDHCI. This can be as trivial as hard-wiring
the SD slot VCC to a constant power-rail.
This means the guest SDHCI can validly opt-out of the SDHCI power
control feature while still using the card. So delete this check to
allow operation of the card with SDHCI power control.
This is needed for at least Xilinx Zynq and Raspberry Pi, and
also makes Freescale i.MX25 work for me. The digilent Zybo board
has a public schematic which shows SD VCC hardwiring:
http://digilentinc.com/Data/Products/ZYBO/ZYBO_sch_VB.3.pdf
bottom of page 3.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Sai Pavan Boddu <saipava@xilinx.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1450738069-18664-2-git-send-email-Andrew.Baumann@microsoft.com
[AB: Add Pi to list of devices fixed in commit message]
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The following exception is threw:
Python Exception <class 'NameError'> name 'long' is not defined:
Error occurred in Python command: name 'long' is not defined
Python 2.4+, int()/long() have been unified, so replace long
with int.
Signed-off-by: Yang Wei <w90p710@gmail.com>
Message-id: 1449316340-4030-1-git-send-email-w90p710@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This specifies Parallels image format as implemented in Parallels Cloud
Server 6.10
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-id: 1448626806-17591-1-git-send-email-den@openvz.org
CC: Eric Blake <eblake@redhat.com>
CC: John Snow <jsnow@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Request merging must not result in a huge request that exceeds the
maximum number of iovec elements. Use BlockLimits.max_iov instead of
hardcoding IOV_MAX.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The maximum number of struct iovec elements depends on the
BlockDriverState. The raw-posix and iSCSI protocols have a maximum of
IOV_MAX but others could have different values.
Cc: Peter Lieven <pl@kamp.de>
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
1. avoid possible superflous checking
2. make code more robustness
["make code more robustness" refers to avoiding integer
underflows/overflows.
--Stefan]
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-id: 1447207166-12612-1-git-send-email-arei.gonglei@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qmp_query_memdev() has two error paths:
* When object_get_objects_root() returns null. It never does, so
simply drop the useless error handling.
* When query_memdev() fails. It leaks err then. But any failure
there is actually a programming error. Switch it to &error_abort,
and drop the useless error handling.
Messed up in commit 76b5d85 "qmp: add query-memdev".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJWdAzvAAoJEH8JsnLIjy/WBk4P/RyU+ZJGEGNpcEK0OSwZ4Oi5
L+JDbJnsYz9zsX2yFhxv1qaGt6Lft5GDWU/nwva+urPm+hPCg7P5gF5i69iQC7wQ
PoRZY7UVGtE5EhmZW6KVp1B6tK1Xmfyuwvc+3jgxJdwUzDCZ6w818f2e1M3HfLsj
FSMYa3Pxj1wSxIodxko+7S0n+PugpcOjvMoM3/5Lo067tgvCbU31WW8kmVBlq0mZ
GEEVELsZ/sSXt7Rjq+Y4qC+zwWG5ZiX3opNOqydh7eltiINiIvWhvEs1WYbIyMPb
hpX3UX8XqHQRl8NmWpvEzTkWY6z7C+g5G7znKtqvA/S6f8KxIVcdx7wsYZHWOZja
xkB2nJXVLxn8ni5EMfG6OpfDNY1ZTaoSysLJ9mnRnEn6cNh7qzJa+dryt1vwDJw3
INOtjdcBPPvkLjJ3SwXGFpwcIYcpkNXdSolNsCiihOtT/2gDhP2OAoowit8+miBI
/pN0GkTSH+syNe7SPmApFqPVWoWNVFPkKm1nxzo1H1/dbA0P5O/ly3wlGZtRA4cj
atenXuSpT6R/hPZs55HEVdwHNoleluRSHJ6BcLZzkS+fpz8zdgsXDsv0BK8s7jXC
EUHKiBQacny7HzrZFjtqz0rO8iBIhw62R+gYBoALYuTszbFIAY29qLQFbC6iKec5
MA4rwYOcpNVSII22zXcs
=RcEq
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches
# gpg: Signature made Fri 18 Dec 2015 13:41:03 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream: (48 commits)
block/qapi: allow best-effort query
qemu-img: abort when full_backing_filename not present
block/qapi: explicitly warn if !has_full_backing_filename
block/qapi: always report full_backing_filename
block/qapi: do not redundantly print "actual path"
qemu-iotests: s390x: fix test 068
qemu-iotests: s390x: fix test 051
qemu-iotests: refine common.config
block: fix bdrv_ioctl called from coroutine
block: use drained section around bdrv_snapshot_delete
iotests: Update comments for bdrv_swap() in 094
block: Remove prototype of bdrv_swap from header
raw-posix: Make aio=native option binding
qcow2: insert assert into qcow2_get_specific_info()
iotests: Extend test 112 for qemu-img amend
qcow2: Point to amend function in check
qcow2: Invoke refcount order amendment function
qcow2: Add function for refcount order amendment
qcow2: Use intermediate helper CB for amend
qcow2: Split upgrade/downgrade paths for amend
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Make use of the QCryptoSecret object to support loading of
encrypted x509 keys. The optional 'passwordid' parameter
to the tls-creds-x509 object type, provides the ID of a
secret object instance that holds the decryption password
for the PEM file.
# printf "123456" > mypasswd.txt
# $QEMU \
-object secret,id=sec0,filename=mypasswd.txt \
-object tls-creds-x509,passwordid=sec0,id=creds0,\
dir=/home/berrange/.pki/qemu,endpoint=server \
-vnc :1,tls-creds=creds0
This requires QEMU to be linked to GNUTLS >= 3.1.11. If
GNUTLS is too old an error will be reported if an attempt
is made to pass a decryption password.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Introduce a new QCryptoSecret object class which will be used
for providing passwords and keys to other objects which need
sensitive credentials.
The new object can provide secret values directly as properties,
or indirectly via a file. The latter includes support for file
descriptor passing syntax on UNIX platforms. Ordinarily passing
secret values directly as properties is insecure, since they
are visible in process listings, or in log files showing the
CLI args / QMP commands. It is possible to use AES-256-CBC to
encrypt the secret values though, in which case all that is
visible is the ciphertext. For ad hoc developer testing though,
it is fine to provide the secrets directly without encryption
so this is not explicitly forbidden.
The anticipated scenario is that libvirtd will create a random
master key per QEMU instance (eg /var/run/libvirt/qemu/$VMNAME.key)
and will use that key to encrypt all passwords it provides to
QEMU via '-object secret,....'. This avoids the need for libvirt
(or other mgmt apps) to worry about file descriptor passing.
It also makes life easier for people who are scripting the
management of QEMU, for whom FD passing is significantly more
complex.
Providing data inline (insecure, only for ad hoc dev testing)
$QEMU -object secret,id=sec0,data=letmein
Providing data indirectly in raw format
printf "letmein" > mypasswd.txt
$QEMU -object secret,id=sec0,file=mypasswd.txt
Providing data indirectly in base64 format
$QEMU -object secret,id=sec0,file=mykey.b64,format=base64
Providing data with encryption
$QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
-object secret,id=sec0,data=[base64 ciphertext],\
keyid=master0,iv=[base64 IV],format=base64
Note that 'format' here refers to the format of the ciphertext
data. The decrypted data must always be in raw byte format.
More examples are shown in the updated docs.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Switch from using g_base64_decode over to qbase64_decode
in order to get error checking of the base64 input data.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Switch from using g_base64_decode over to qbase64_decode
in order to get error checking of the base64 input data.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The standard glib provided g_base64_decode doesn't provide any
kind of sensible error checking on its input. Add a QEMU custom
wrapper qbase64_decode which can be used with untrustworthy
input that can contain invalid base64 characters, embedded
NUL characters, or not be NUL terminated at all.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJWdCneAAoJEL6G67QVEE/f3x4QAKXoaXloAj84GRHu/ykBNlol
4xd5oOE1oY2lDtiz3vEw51f+q/ouGwFn7p8EvKGYWotYHr4++lv8IYiy96LdZ3tx
OB8PLwPGv782v2Z1d+PZlH3ZHD2Ljg+rnUlvipKZx5S8OmW4WZKyOfyNfNprlX2y
MlbcMbeXIPtKfg8X9qIU5BzIFeBn6BbZ54J9HKu0xMO+pQKSWaQ9loiF2Gkyh/9C
lAphFrz+218c7jUu7YqjoUa2u/kNVfWgQxu/QGC4r2lD81+Lbn89PWQ3G72BpMOM
xHK673iQFglycp/301gWkpHT7goCO7rtGvHg9Y4u6NNRn0HpqFWjKSfJb/6EnDkq
WJbZ53IceKhFrZUP7m/5MKCmHD3JsdJjvUBkldOFuoB2X96FrPPH7EBGUWkVDgGF
2On0COHYUufBGqyAX0vDoM5OZikT8DcWge9Vizf50ZguwQIBb1eFpwQoDtU2gyXf
YBpPvk35KbdNWCf4MlwEpe2aJHyIFDP5NWy+ZYYtX8bsU5DIxmEtW6bqgYouIs3B
gX0s7nOpZawg3z5eju/noWrIg7P8KBHUV5rCRNpv7WcLxjJwQryp32aoHZNc74Pq
og6IFYG297djyhTzD+cTSx9sxhM/yxOk/o4Yxceck57Q9myt3adKCfy3Bavoyd/o
4C9wxqKcz+J1DPjgB99Y
=1frf
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/berrange/tags/pull-io-channel-vnc-2015-12-18-1' into staging
Merge VNC conversion to I/O channels
# gpg: Signature made Fri 18 Dec 2015 15:44:30 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
* remotes/berrange/tags/pull-io-channel-vnc-2015-12-18-1:
ui: convert VNC server to use QIOChannelWebsock
ui: convert VNC server to use QIOChannelTLS
ui: convert VNC server to use QIOChannelSocket
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reading twice the same field could give the guest an attack of
opportunity. In the case of event->type, gcc could compile the switch
statement into a jump table, effectively ending up reading the type
field multiple times.
This is part of XSA-155.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
src is stored in shared memory and src->nr_segments is dereferenced
twice at the end of the function. If a compiler decides to compile this
into two separate memory accesses then the size limitation could be
bypassed.
Fix it by removing the double access to src->nr_segments.
This is part of XSA-155.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Remove custom websock handling code from the VNC server and use
the QIOChannelWebsock class instead.
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Switch VNC server over to using the QIOChannelTLS object for
the TLS session. This removes all remaining VNC specific code
for dealing with TLS handshakes.
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>