aboutsummaryrefslogtreecommitdiff
path: root/vl.c
AgeCommit message (Collapse)AuthorFilesLines
2018-01-26Merge remote-tracking branch ↵Peter Maydell1-15/+0
'remotes/kraxel/tags/usb-20180126-v3-pull-request' into staging usb: -usbdevice cleanups, storage fix, QOMify ccid. # gpg: Signature made Fri 26 Jan 2018 08:04:49 GMT # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20180126-v3-pull-request: usb-ccid: convert CCIDCardClass::exitfn() -> unrealize() usb-ccid: inline ccid_card_initfn() in ccid_card_realize() hw/usb/ccid: Make ccid_card_init() take an error parameter usb-storage: Fix share-rw option parsing usb: Remove legacy -usbdevice options (host, serial, disk and net) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-26usb: Remove legacy -usbdevice options (host, serial, disk and net)Thomas Huth1-15/+0
The option have been marked as deprecated since QEMU 2.10, and so far nobody complained that the host, serial, disk and net options are urgently required anymore. So let's now get rid at least of this legacy pile, to simplify the usb code quite a bit. This patch removes the usbdevices host, serial, disk and net. These devices use their own complicated parameter parsing mechanisms, so they are just ugly to maintain, without real benefit for the users (the users can use the corresponding "-device" parameters instead which have the same complexity as the "-usbdevice" devices here). Note that the other rather simple -usbdevice options (mouse, tablet, etc.) are not removed yet (the code is really simple here, so it does not hurt much to keep it), as well as the two devices "braille" and "bt" which are easier to use with -usbdevice than with -device. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1515519171-20315-1-git-send-email-thuth@redhat.com [kraxel] delete some usb_host_device_open() leftovers. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-01-25sdl: reorganize -no-frame supportGerd Hoffmann1-2/+2
Drop no_frame flag from sdl_display_init argument list, use a global variable instead. This is temporary until -no-frame support is dropped altogether when we remove sdl1 support. Remove any traces of noframe from sdl2 code. It is just dead code as sdl2 doesn't support the SDL_NOFRAME window flag any more. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20180115154855.30850-3-kraxel@redhat.com
2018-01-19possible_cpus: add CPUArchId::type fieldIgor Mammedov1-2/+1
Remove dependency of possible_cpus on 1st CPU instance, which decouples configuration data from CPU instances that are created using that data. Also later it would be used for enabling early cpu to numa node configuration at runtime qmp_query_hotpluggable_cpus() should provide a list of available cpu slots at early stage, before machine_init() is called and the 1st cpu is created, so that mgmt might be able to call it and use output to set numa mapping. Use MachineClass::possible_cpu_arch_ids() callback to set cpu type info, along with the rest of possible cpu properties, to let machine define which cpu type* will be used. * for SPAPR it will be a spapr core type and for ARM/s390x/x86 a respective descendant of CPUClass. Move parse_numa_opts() in vl.c after cpu_model is parsed into cpu_type so that possible_cpu_arch_ids() would know which cpu_type to use during layout initialization. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <1515597770-268979-1-git-send-email-imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-16Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell1-3/+6
* QemuMutex tracing improvements (Alex) * ram_addr_t optimization (David) * SCSI fixes (Fam, Stefan, me) * do {} while (0) fixes (Eric) * KVM fix for PMU (Jan) * memory leak fixes from ASAN (Marc-André) * migration fix for HPET, icount, loadvm (Maria, Pavel) * hflags fixes (me, Tao) * block/iscsi uninitialized variable (Peter L.) * full support for GMainContexts in character devices (Peter Xu) * more boot-serial-test (Thomas) * Memory leak fix (Zhecheng) # gpg: Signature made Tue 16 Jan 2018 14:15:45 GMT # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (51 commits) scripts/analyse-locks-simpletrace.py: script to analyse lock times util/qemu-thread-*: add qemu_lock, locked and unlock trace events cpu: flush TB cache when loading VMState block/iscsi: fix initialization of iTask in iscsi_co_get_block_status find_ram_offset: Align ram_addr_t allocation on long boundaries find_ram_offset: Add comments and tracing cpu_physical_memory_sync_dirty_bitmap: Another alignment fix checkpatch: Enforce proper do/while (0) style maint: Fix macros with broken 'do/while(0); ' usage tests: Avoid 'do/while(false); ' in vhost-user-bridge chardev: Clean up previous patch indentation chardev: Use goto/label instead of do/break/while(0) mips: Tweak location of ';' in macros net: Drop unusual use of do { } while (0); irq: fix memory leak cpus: unify qemu_*_wait_io_event icount: fixed saving/restoring of icount warp timers scripts/qemu-gdb/timers.py: new helper to dump timer state scripts/qemu-gdb: add simple tcg lock status helper target-i386: update hflags on Hypervisor.framework ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-16vl: fix direct firmware directories leakMarc-André Lureau1-3/+6
Note that data_dir[] will now point to allocated strings. Fixes: Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x7f1448181850 in malloc (/lib64/libasan.so.4+0xde850) #1 0x7f1446ed8f0c in g_malloc ../glib/gmem.c:94 #2 0x7f1446ed91cf in g_malloc_n ../glib/gmem.c:331 #3 0x7f1446ef739a in g_strsplit ../glib/gstrfuncs.c:2364 #4 0x55cf276439d7 in main /home/elmarco/src/qq/vl.c:4311 #5 0x7f143dfad039 in __libc_start_main (/lib64/libc.so.6+0x21039) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20180104160523.22995-10-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-15migration: finalize current_migration objectVladimir Sementsov-Ogievskiy1-0/+1
current_migration has .instance_finalize callback, but it is not called, because nobody unrefs current_migration. Fix that. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-12-22block: Remove the deprecated -hdachs optionThomas Huth1-84/+2
It's been marked as deprecated since QEMU v2.10.0, and so far nobody complained that we should keep it, so let's remove this legacy option now to simplify the code quite a bit. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-12-21Remove legacy -no-kvm-pit optionThomas Huth1-4/+0
It's only printing a warning since QEMU v1.3.0, so nobody should use this anymore today. Let's get rid of this now. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1513619065-31722-1-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-18hw/display/vga: extract public API from i386/pc to "hw/display/vga.h"Philippe Mathieu-Daudé1-1/+1
and remove the old i386/pc dependency. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-18misc: remove duplicated includesPhilippe Mathieu-Daudé1-1/+0
exec: housekeeping (funny since 02d0e095031) applied using ./scripts/clean-includes Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-14hmp-commands: Remove the deprecated usb_add and usb_delThomas Huth1-44/+0
It's easy to use device_add and device_del as replacement instead. The usb_add and usb_del commands are deprecated since QEMU 2.10, and nobody complained that they are still needed, so let's get rid of them now to make the HMP interface a little bit less overloaded. Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1512073140-17672-1-git-send-email-thuth@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-11-16NUMA: Enable adding NUMA node implicitlyDou Liyang1-2/+1
Linux and Windows need ACPI SRAT table to make memory hotplug work properly, however currently QEMU doesn't create SRAT table if numa options aren't present on CLI. Which breaks both linux and windows guests in certain conditions: * Windows: won't enable memory hotplug without SRAT table at all * Linux: if QEMU is started with initial memory all below 4Gb and no SRAT table present, guest kernel will use nommu DMA ops, which breaks 32bit hw drivers when memory is hotplugged and guest tries to use it with that drivers. Fix above issues by automatically creating a numa node when QEMU is started with memory hotplug enabled but without '-numa' options on CLI. (PS: auto-create numa node only for new machine types so not to break migration). Which would provide SRAT table to guests without explicit -numa options on CLI and would allow: * Windows: to enable memory hotplug * Linux: switch to SWIOTLB DMA ops, to bounce DMA transfers to 32bit allocated buffers that legacy drivers/hw can handle. [Rewritten by Igor] Reported-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Suggested-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Dou Liyang <douly.fnst@cn.fujitsu.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Marcel Apfelbaum <marcel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: David Hildenbrand <david@redhat.com> Cc: Thomas Huth <thuth@redhat.com> Cc: Alistair Francis <alistair23@gmail.com> Cc: Takao Indoh <indou.takao@jp.fujitsu.com> Cc: Izumi Taku <izumi.taku@jp.fujitsu.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-11-13hw: add .min_cpus and .default_cpus fields to machine_classEmilio G. Cota1-3/+18
max_cpus needs to be an upper bound on the number of vCPUs initialized; otherwise TCG region initialization breaks. Some boards initialize a hard-coded number of vCPUs, which is not captured by the global max_cpus and therefore breaks TCG initialization. Fix it by adding the .min_cpus field to machine_class. This commit also changes some user-facing behaviour: we now die if -smp is below this hard-coded vCPU minimum instead of silently ignoring the passed -smp value (sometimes announcing this by printing a warning). However, the introduction of .default_cpus lessens the likelihood that users will notice this: if -smp isn't set, we now assign the value in .default_cpus to both smp_cpus and max_cpus. IOW, if a user does not set -smp, they always get a correct number of vCPUs. This change fixes 3468b59 ("tcg: enable multiple TCG contexts in softmmu", 2017-10-24), which broke TCG initialization for some ARM boards. Fixes: 3468b59e18b179bc63c7ce934de912dfa9596122 Reported-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Emilio G. Cota <cota@braap.org> Message-id: 1510343626-25861-6-git-send-email-cota@braap.org Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-10-25vl: remove unnecessary #ifdef CONFIG_TPMPhilippe Mathieu-Daudé1-2/+0
a stub is now provided. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-10-13tpm: Move tpm_cleanup() to right placeAmarnath Valluri1-0/+1
As Emulator TPM backend uses chardev, tpm cleanup should happen before chardev similar to other vhost-users. Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-10-09vl: exit if maxcpus is negativeSeeteena Thoufeek1-3/+3
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> ---Steps to Reproduce--- When passed a negative number to 'maxcpus' parameter, Qemu aborts with a core dump. Run the following command with maxcpus argument as negative number ppc64-softmmu/qemu-system-ppc64 --nographic -vga none -machine pseries,accel=kvm,kvm-type=HV -m size=200g -device virtio-blk-pci, drive=rootdisk -drive file=/home/images/pegas-1.0-ppc64le.qcow2, if=none,cache=none,id=rootdisk,format=qcow2 -monitor telnet :127.0.0.1:1234,server,nowait -net nic,model=virtio -net user -redir tcp:2000::22 -device nec-usb-xhci -smp 8,cores=1, threads=1,maxcpus=-12 (process:12149): GLib-ERROR **: gmem.c:130: failed to allocate 18446744073709550568 bytes Trace/breakpoint trap Reported-by: R.Nageswara Sastry <rnsastry@linux.vnet.ibm.com> Signed-off-by: Seeteena Thoufeek <s1seetee@linux.vnet.ibm.com> Message-Id: <1504511031-26834-1-git-send-email-s1seetee@linux.vnet.ibm.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-10-09vl: Eliminate defconfig variableEduardo Habkost1-4/+1
Both -nodefconfig and -no-user-config options do the same thing today, we only need one variable to keep track of them. Suggested-by: Markus Armbruster <armbru@redhat.com> Acked-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20171004030025.7866-2-ehabkost@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-09-26Add --firmwarepath to configureGerd Hoffmann1-3/+9
Add a firmware path config option to configure. Multiple directories are accepted, with the usual colon as separator. Default value is ${prefix}/share/qemu-firmware. The path is searched in addition to the current search path (typically ${prefix}/share/qemu). This prepares qemu for the planned split of the prebuilt firmware blobs into a separate project. Distributions can also use this to get rid of the firmware symlink farm and add -- for example -- /usr/share/seabios to the firmware path instead. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20170914114236.25343-3-kraxel@redhat.com
2017-09-26add qemu_add_data_dir()Gerd Hoffmann1-11/+23
Add helper function to add a directory to the qemu search path, so we don't duplicate the checks. Add a check for duplicate entries, so we stop trying to open files twice. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20170914114236.25343-2-kraxel@redhat.com
2017-09-23Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell1-1/+2
* Speed up AddressSpaceDispatch creation (Alexey) * Fix kvm.c assert (David) * Memory fixes and further speedup (me) * Persistent reservation manager infrastructure (me) * virtio-serial: add enable_backend callback (Pavel) * chardev GMainContext fixes (Peter) # gpg: Signature made Fri 22 Sep 2017 20:07:33 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (32 commits) chardev: remove context in chr_update_read_handler chardev: use per-dev context for io_add_watch_poll chardev: add Chardev.gcontext field chardev: new qemu_chr_be_update_read_handlers() scsi: add persistent reservation manager using qemu-pr-helper scsi: add multipath support to qemu-pr-helper scsi: build qemu-pr-helper scsi, file-posix: add support for persistent reservation management memory: Share special empty FlatView memory: seek FlatView sharing candidates among children subregions memory: trace FlatView creation and destruction memory: Create FlatView directly memory: Get rid of address_space_init_shareable memory: Rework "info mtree" to print flat views and dispatch trees memory: Do not allocate FlatView in address_space_init memory: Share FlatView's and dispatch trees between address spaces memory: Move address_space_update_ioeventfds memory: Alloc dispatch tree where topology is generared memory: Store physical root MR in FlatView memory: Rename mem_begin/mem_commit/mem_add helpers ... # Conflicts: # configure
2017-09-22vl: Don't include vde headerFam Zheng1-4/+0
Nothing in vl.c uses anything from the vde package, do remove the unnecessary include. Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <20170907083552.17725-2-famz@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com>
2017-09-22scsi, file-posix: add support for persistent reservation managementPaolo Bonzini1-1/+2
It is a common requirement for virtual machine to send persistent reservations, but this currently requires either running QEMU with CAP_SYS_RAWIO, or using out-of-tree patches that let an unprivileged QEMU bypass Linux's filter on SG_IO commands. As an alternative mechanism, the next patches will introduce a privileged helper to run persistent reservation commands without expanding QEMU's attack surface unnecessarily. The helper is invoked through a "pr-manager" QOM object, to which file-posix.c passes SG_IO requests for PERSISTENT RESERVE OUT and PERSISTENT RESERVE IN commands. For example: $ qemu-system-x86_64 -device virtio-scsi \ -object pr-manager-helper,id=helper0,path=/var/run/qemu-pr-helper.sock -drive if=none,id=hd,driver=raw,file.filename=/dev/sdb,file.pr-manager=helper0 -device scsi-block,drive=hd or: $ qemu-system-x86_64 -device virtio-scsi \ -object pr-manager-helper,id=helper0,path=/var/run/qemu-pr-helper.sock -blockdev node-name=hd,driver=raw,file.driver=host_device,file.filename=/dev/sdb,file.pr-manager=helper0 -device scsi-block,drive=hd Multiple pr-manager implementations are conceivable and possible, though only one is implemented right now. For example, a pr-manager could: - talk directly to the multipath daemon from a privileged QEMU (i.e. QEMU links to libmpathpersist); this makes reservation work properly with multipath, but still requires CAP_SYS_RAWIO - use the Linux IOC_PR_* ioctls (they require CAP_SYS_ADMIN though) - more interestingly, implement reservations directly in QEMU through file system locks or a shared database (e.g. sqlite) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-09-19vl.c: convert cpu_model to cpu type and set of global properties before ↵Igor Mammedov1-0/+10
machine_init() All machines that support user specified cpu_model either call cpu_generic_init() or cpu_class_by_name()/CPUClass::parse_features to parse feature string and to get CPU type to create. Which leads to code duplication and hard-codding default CPU model within machine_foo_init() code. Which makes it impossible to get CPU type before machine_init() is run. So instead of setting default CPUs models and doing parsing in target specific machine_foo_init() in various ways, provide a generic data driven cpu_model parsing before machine_init() is called. in follow up per target patches, it will allow to: * define default CPU type in consistent/generic manner per machine type and drop custom code that fallbacks to default if cpu_model is NULL * drop custom features parsing in targets and do it in centralized way. * for cases of cpu_generic_init(TYPE_BASE/DEFAULT_CPU, "some_cpu") replace it with cpu_create(machine->cpu_type) || cpu_create(TYPE_FOO) depending if CPU type is user settable or not. not doing useless parsing and clearly documenting where CPU model is user settable or fixed one. Patch allows machine subclasses to define default CPU type per machine class at class_init() time and if that is set generic code will parse cpu_model into a MachineState::cpu_type which will be used to create CPUs for that machine instance and allows gradual per board conversion. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <1505318697-77161-4-git-send-email-imammedo@redhat.com> Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-09-19vl: Clean up user-creatable objects when exitingEduardo Habkost1-0/+1
Delete all user-creatable objects in /objects when exiting QEMU, so they can perform cleanup actions. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20170824192315.5897-2-ehabkost@redhat.com> Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Zack Cornelius <zack.cornelius@kove.net> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-09-15seccomp: add resourcecontrol argument to command lineEduardo Otubo1-0/+16
This patch adds [,resourcecontrol=deny] to `-sandbox on' option. It blacklists all process affinity and scheduler priority system calls to avoid any bigger of the process. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
2017-09-15seccomp: add spawn argument to command lineEduardo Otubo1-0/+16
This patch adds [,spawn=deny] argument to `-sandbox on' option. It blacklists fork and execve system calls, avoiding Qemu to spawn new threads or processes. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
2017-09-15seccomp: add elevateprivileges argument to command lineEduardo Otubo1-0/+27
This patch introduces the new argument [,elevateprivileges=allow|deny|children] to the `-sandbox on'. It allows or denies Qemu process to elevate its privileges by blacklisting all set*uid|gid system calls. The 'children' option will let forks and execves run unprivileged. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
2017-09-15seccomp: add obsolete argument to command lineEduardo Otubo1-1/+23
This patch introduces the argument [,obsolete=allow] to the `-sandbox on' option. It allows Qemu to run safely on old system that still relies on old system calls. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
2017-09-15seccomp: changing from whitelist to blacklistEduardo Otubo1-1/+0
This patch changes the default behavior of the seccomp filter from whitelist to blacklist. By default now all system calls are allowed and a small black list of definitely forbidden ones was created. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
2017-09-06runstate/migrate: Two more transitionsDr. David Alan Gilbert1-0/+2
There's a race if someone does a 'stop' near the end of migrate; the migration process goes through two runstates: 'finish migrate' 'postmigrate' If the user issues a 'stop' between the two we end up with invalid state transitions. Add the transitions as valid. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20170804175011.21944-1-dgilbert@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-09-05virtfs: error out gracefully when mandatory suboptions are missingGreg Kurz1-6/+10
We internally convert -virtfs to -fsdev/-device. If the user doesn't provide the path or security_model suboptions, and the fsdev backend requires them, we hit an assertion when populating the internal -fsdev option: util/qemu-option.c:547: opt_set: Assertion `opt->str' failed. Aborted (core dumped) Let's test the suboption presence on the command line before trying to set it in the internal -fsdev option, and let the backend code error out gracefully (ie, like it already does when the user passes -fsdev on the command line). Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2017-09-04qapi: Mechanically convert FOO_lookup[...] to FOO_str(...)Markus Armbruster1-3/+3
Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1503564371-26090-14-git-send-email-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-08-08maint: Include bug-reporting info in --help outputEric Blake1-1/+3
These days, many programs are including a bug-reporting address, or better yet, a link to the project web site, at the tail of their --help output. However, we were not very consistent at doing so: only qemu-nbd and qemu-qa mentioned anything, with the latter pointing to an individual person instead of the project. Add a new #define that sets up a uniform string, mentioning both bug reporting instructions and overall project details, and which a downstream vendor could tweak if they want bugs to go to a downstream database. Then use it in all of our binaries which have --help output. The canned text intentionally references http:// instead of https:// because our https website currently causes certificate errors in some browsers. That can be tweaked later once we have resolved the web site issued. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20170803163353.19558-5-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08rcu: completely disable pthread_atfork callbacks as soon as possiblePaolo Bonzini1-0/+1
Because of -daemonize, system mode QEMU sometimes needs to fork() and keep RCU enabled in the child. However, there is a possible deadlock with synchronize_rcu: - the CPU thread is inside a RCU critical section and wants to take the BQL in order to do MMIO - the monitor thread, which is owning the BQL, calls rcu_init_lock which tries to take the rcu_sync_lock - the call_rcu thread has taken rcu_sync_lock in synchronize_rcu, but synchronize_rcu needs the CPU thread to end the critical section before returning. This cannot happen for user-mode emulation, because it does not have a BQL. To fix it, assume that system mode QEMU only forks in preparation for exec (except when daemonizing) and disable pthread_atfork as soon as the double fork has happened. Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01char: don't exit on hmp 'chardev-add help'Anton Nefedov1-4/+6
qemu_chr_new_from_opts() is used from both vl.c and hmp, and it is quite confusing to see qemu suddenly exit after receiving a help option in hmp. Do exit(0) from vl.c instead. Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com> Message-Id: <1500977081-120929-1-git-send-email-anton.nefedov@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01vl.c/exit: pause cpus before closing block devicesDr. David Alan Gilbert1-1/+1
There's a rare exit seg if the guest is accessing IO during exit. It's always hitting the atomic_inc(&bs->in_flight) with a NULL bs. This was added recently in 99723548 but I don't see it as the cause. Flip vl.c around so we pause the cpus before closing the block devices, that way we shouldn't have anything trying to access them when they're gone. This was originally Red Hat bz https://bugzilla.redhat.com/show_bug.cgi?id=1451015 Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reported-by: Cong Li <coli@redhat.com> -- This is a very rare race, I'll leave it running in a loop to see if we hit anything else and to check this really fixes it. I do worry if there are other cases that can trigger this - e.g. hot-unplug or ejecting a CD. Message-Id: <20170713190116.21608-1-dgilbert@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-07-14Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell1-4/+4
* gdbstub fixes (Alex) * IOMMU MemoryRegion subclass (Alexey) * Chardev hotswap (Anton) * NBD_OPT_GO support (Eric) * Misc bugfixes * DEFINE_PROP_LINK (minus the ARM patches - Fam) * MAINTAINERS updates (Philippe) # gpg: Signature made Fri 14 Jul 2017 11:06:27 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (55 commits) spapr_rng: Convert to DEFINE_PROP_LINK cpu: Convert to DEFINE_PROP_LINK mips_cmgcr: Convert to DEFINE_PROP_LINK ivshmem: Convert to DEFINE_PROP_LINK dimm: Convert to DEFINE_PROP_LINK virtio-crypto: Convert to DEFINE_PROP_LINK virtio-rng: Convert to DEFINE_PROP_LINK virtio-scsi: Convert to DEFINE_PROP_LINK virtio-blk: Convert to DEFINE_PROP_LINK qdev: Add const qualifier to PropertyInfo definitions qmp: Use ObjectProperty.type if present qdev: Introduce DEFINE_PROP_LINK qdev: Introduce PropertyInfo.create qom: enforce readonly nature of link's check callback translate-all: remove redundant !tcg_enabled check in dump_exec_info vl: fix breakage of -tb-size nbd: Implement NBD_INFO_BLOCK_SIZE on client nbd: Implement NBD_INFO_BLOCK_SIZE on server nbd: Implement NBD_OPT_GO on client nbd: Implement NBD_OPT_GO on server ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-14vl: fix breakage of -tb-sizeEmilio G. Cota1-4/+4
Commit e7b161d573 ("vl: add tcg_enabled() for tcg related code") adds a check to exit the program when !tcg_enabled() while parsing the -tb-size flag. It turns out that when the -tb-size flag is evaluated, tcg_enabled() can only return 0, since it is set (or not) much later by configure_accelerator(). Fix it by unconditionally exiting if the flag is passed to a QEMU binary built with !CONFIG_TCG. Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-07-13Convert error_report() to warn_report()Alistair Francis1-10/+10
Convert all uses of error_report("warning:"... to use warn_report() instead. This helps standardise on a single method of printing warnings to the user. All of the warnings were changed using these two commands: find ./* -type f -exec sed -i \ 's|error_report(".*warning[,:] |warn_report("|Ig' {} + Indentation fixed up manually afterwards. The test-qdev-global-props test case was manually updated to ensure that this patch passes make check (as the test cases are case sensitive). Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Suggested-by: Thomas Huth <thuth@redhat.com> Cc: Jeff Cody <jcody@redhat.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Max Reitz <mreitz@redhat.com> Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Lieven <pl@kamp.de> Cc: Josh Durgin <jdurgin@redhat.com> Cc: "Richard W.M. Jones" <rjones@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Cc: Peter Crosthwaite <crosthwaite.peter@gmail.com> Cc: Richard Henderson <rth@twiddle.net> Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com> Cc: Greg Kurz <groug@kaod.org> Cc: Rob Herring <robh@kernel.org> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Peter Chubb <peter.chubb@nicta.com.au> Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: Marcel Apfelbaum <marcel@redhat.com> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: Alexander Graf <agraf@suse.de> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Marcelo Tosatti <mtosatti@redhat.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Cornelia Huck <cohuck@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Greg Kurz <groug@kaod.org> Acked-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed by: Peter Chubb <peter.chubb@data61.csiro.au> Acked-by: Max Reitz <mreitz@redhat.com> Acked-by: Marcel Apfelbaum <marcel@redhat.com> Message-Id: <e1cfa2cd47087c248dd24caca9c33d9af0c499b0.1499866456.git.alistair.francis@xilinx.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2017-07-10vl: move global property, migrate init earlierPeter Xu1-12/+12
Currently drive_init_func() may call migrate_get_current() while the migrate object is still not ready yet at that time. Move the migration object init earlier, along with the global properties, right after acceleration init. This fixes a breakage for iotest 055, which caused an assertion failure. Reported-by: Max Reitz <mreitz@redhat.com> Reported-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Tested-by: QingFeng Hao <haoqf@linux.vnet.ibm.com> Fixes: 3df663 ("migration: move only_migratable to MigrationState") Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1499242883-2184-3-git-send-email-peterx@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-07-10migration: fix handling for --only-migratablePeter Xu1-1/+1
MigrateState object is not ready at that time, so we'll get an assertion. Use qemu_global_option() instead. Reported-by: Eduardo Habkost <ehabkost@redhat.com> Suggested-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Fixes: 3df663e ("migration: move only_migratable to MigrationState") Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1499242883-2184-2-git-send-email-peterx@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-07-04vl: add tcg_enabled() for tcg related codeYang Zhong1-1/+7
Need to disable the tcg related code in the vl.c if the disable-tcg option is added into ./configure command. Signed-off-by: Yang Zhong <yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-07-04vl: convert -tb-size to qemu_strtoulPaolo Bonzini1-3/+3
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-28migration: move only_migratable to MigrationStatePeter Xu1-2/+7
One less global variable, and it does only matter with migration. We keep the old "--only-migratable" option, but also now we support: -global migration.only-migratable=true Currently still keep the old interface. Hmm, now vl.c has no way to access migrate_get_current(). Export a function for it to setup only_migratable. Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1498536619-14548-7-git-send-email-peterx@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-06-28migration: let MigrationState be a qdevPeter Xu1-0/+6
Let the old man "MigrationState" join the object family. Direct benefit is that we can start to use all the property features derived from current QDev, like: HW_COMPAT_* bits, command line setup for migration parameters (so will never need to set them up each time using HMP/QMP, this is really, really attractive for test writters), etc. I see no reason to disallow this happen yet. So let's start from this one, to see whether it would be anything good. Now we init the MigrationState struct statically in main() to make sure it's initialized after global properties are applied, since we'll use them during creation of the object. No functional change at all. Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1498536619-14548-5-git-send-email-peterx@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-06-28vl: clean up global property registrationPeter Xu1-5/+24
It's not that clear on how the global properties are registered to global_props (and also its priority relationship). Let's provide a single function to be called in main() for that, with comment to explain it a bit. Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1498536619-14548-4-git-send-email-peterx@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-06-28accel: introduce AccelClass.global_propsPeter Xu1-0/+1
Introduce this new field for the accelerator classes so that each specific accelerator in the future can register its own global properties to be used further by the system. It works just like how the old machine compatible properties do, but only tailored for accelerators. Introduce register_compat_props_array() for it. Export it so that it may be used in other codes as well in the future. Suggested-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1498536619-14548-3-git-send-email-peterx@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-06-15vl: Fix broken thread=xxx option of the --accel parameterThomas Huth1-8/+5
Commit bde4d9205 ("Fix the -accel parameter and the documentation for 'hax'") introduced a regression by adding a new local accel_opts variable which shadows the variable with the same name that is declared at the beginning of the main() scope. This causes the qemu_tcg_configure() call later to be always called with NULL, so that the thread=xxx option gets ignored. Fix it by removing the local accel_opts variable and use "opts" instead, which is meant for storing temporary QemuOpts values. And while we're at it, also change the exit(1) here to exit(0) since asking for help is not an error. Fixes: bde4d9205ee9def98852ff6054cdef4efd74e1f8 Reported-by: Markus Armbruster <armbru@redhat.com> Reported-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1496899257-25800-1-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-13migration: Move remaining exported functions to migration/misc.hJuan Quintela1-1/+0
Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Xu <peterx@redhat.com>