aliguori [Fri, 13 Mar 2009 03:12:03 +0000 (03:12 +0000)]
Fix regression introduced by r6824
The changes introduced by r6824 broke a subtle, and admittedly obscure, aspect
of the block API. While bdrv_{pread,pwrite} return the number of bytes read
or written upon success, bdrv_{read,write} returns a zero upon success.
When using bdrv_pread for bdrv_read, special care must be taken to handle this
case.
This fixes certain guest images (notably linux-0.2 provided on the qemu
website).
aliguori [Thu, 12 Mar 2009 20:12:48 +0000 (20:12 +0000)]
Guest debugging support for KVM (Jan Kiszka)
This is a backport of the guest debugging support for the KVM
accelerator that is now part of the KVM tree. It implements the reworked
KVM kernel API for guest debugging (KVM_CAP_SET_GUEST_DEBUG) which is
not yet part of any mainline kernel but will probably be 2.6.30 stuff.
So far supported is x86, but PPC is expected to catch up soon.
Core features are:
- unlimited soft-breakpoints via code patching
- hardware-assisted x86 breakpoints and watchpoints
Changes in this version:
- use generic hook cpu_synchronize_state to transfer registers between
user space and kvm
- push kvm_sw_breakpoints into KVMState
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6825 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Thu, 12 Mar 2009 19:57:16 +0000 (19:57 +0000)]
Drop internal bdrv_pread()/bdrv_pwrite() APIs (Avi Kivity)
Now that scsi generic no longer uses bdrv_pread() and bdrv_pwrite(), we can
drop the corresponding internal APIs, which overlap bdrv_read()/bdrv_write()
and, being byte oriented, are unnatural for a block device.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6824 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Thu, 12 Mar 2009 19:57:12 +0000 (19:57 +0000)]
Add internal scsi generic block API (Avi Kivity)
Add an internal API for the generic block layer to send scsi generic commands
to block format driver. This means block format drivers no longer need
to consider overloaded nb_sectors parameters.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6823 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Thu, 12 Mar 2009 19:57:08 +0000 (19:57 +0000)]
Add specialized block driver scsi generic API (Avi Kivity)
When a scsi device is backed by a scsi generic device instead of an
ordinary host block device, the block API is abused in a couple of annoying
ways:
- nb_sectors is negative, and specifies a byte count instead of a sector count
- offset is ignored, since scsi-generic is essentially a packet protocol
This overloading makes hacking the block layer difficult. Remove it by
introducing a new explicit API for scsi-generic devices. The new API
is still backed by the old implementation, but at least the users are
insulated.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6822 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Wed, 11 Mar 2009 20:05:37 +0000 (20:05 +0000)]
Revert r6404
This series is broken by design as it requires expensive IO operations at
open time causing very long delays when starting a virtual machine for the
first time.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6816 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Wed, 11 Mar 2009 20:05:33 +0000 (20:05 +0000)]
Revert r6405
This series is broken by design as it requires expensive IO operations at
open time causing very long delays when starting a virtual machine for the
first time.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6815 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Wed, 11 Mar 2009 20:05:29 +0000 (20:05 +0000)]
Revert r6406
This series is broken by design as it requires expensive IO operations at
open time causing very long delays when starting a virtual machine for the
first time.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6814 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Wed, 11 Mar 2009 20:05:25 +0000 (20:05 +0000)]
Revert r6407
This series is broken by design as it requires expensive IO operations at
open time causing very long delays when starting a virtual machine for the
first time.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6813 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Wed, 11 Mar 2009 20:05:20 +0000 (20:05 +0000)]
Revert r6408
This series is broken by design as it requires expensive IO operations at
open time causing very long delays when starting a virtual machine for the
first time.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6812 c046a42c-6fe2-441c-8c8c-71466251a162
aurel32 [Sat, 7 Mar 2009 22:10:40 +0000 (22:10 +0000)]
do not pretend to support low voltage operation
Eliminate "mmc0: SD card claims to support the incompletely defined 'low voltage
range'. This will be ignored." warning. Qemu says the card is a SD card, and SD
spec doesn't define low-voltage cards, so do now pretend to be one.
aurel32 [Sat, 7 Mar 2009 22:00:56 +0000 (22:00 +0000)]
Work around QEMU GDB stub suboptimality
The current XML files claim, on floating point-supporting Power chips,
that $f0 is register 70. This would be fine, except that register 70
for non-XML-aware GDB is FPSCR. More importantly, 70 is less than
NUM_CORE_REGS (71) for Power, so a request for register 70 goes to the
"core" register reading routines, rather than the floating-point
register read routine we registered with gdb_register_coprocessor.
Therefore, when we are talking to an XML-aware GDB, we claim that
register has zero width, which causes the rest of QEMU's GDB stub to
send an error back to GDB, which causes GDB to be unable to read the
floating-point registers. (The problem is also present for SPE
registers and occurs in a slightly different way for Altivec registers.)
The best way to fix this is to have the "core register" XML files for
PPC32 and PPC64 claim that there is a 4-byte register 70, which causes
$f0 to be register 71, and everything works just fine from that point
forward.
aurel32 [Sat, 7 Mar 2009 22:00:49 +0000 (22:00 +0000)]
Fix off-by-one errors for Altivec and SPE registers
Altivec and SPE both have 34 registers in their register sets, not 35
with a missing register 32.
GDB would ask for register 32 of the Altivec (resp. SPE) registers and
the code would claim it had zero width. The QEMU GDB stub code would
then return an E14 to GDB, which would complain about not being sure
whether p packets were supported or not.
aurel32 [Sat, 7 Mar 2009 21:47:53 +0000 (21:47 +0000)]
arm: Fix gic_irq_state.level bitfield type
Found while cleaning up compiler warnings: GIC_*_LEVEL macros strongly
suggest that gic_irq_state.level is intended to be per-CPU and not just
a single, global bit. I'm unable to test the effect, but it seems to be
the most reasonable fix for the apparent brokenness.
blueswir1 [Sat, 7 Mar 2009 20:57:42 +0000 (20:57 +0000)]
Keep SLB in-CPU
Real 970 CPUs have the SLB not memory backed, but inside the CPU.
This breaks bridge mode for 970 for now, but at least keeps us from
overwriting physical addresses 0x0 - 0x300, rendering our interrupt
handlers useless.
I put in a stub for bridge mode operation that could be enabled
easily, but for now it's safer to leave that off I guess (970fx doesn't
have bridge mode AFAIK).
Signed-off-by: Alexander Graf <alex@csgraf.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6757 c046a42c-6fe2-441c-8c8c-71466251a162
blueswir1 [Sat, 7 Mar 2009 20:53:18 +0000 (20:53 +0000)]
Activate uninorth AGP bridge
Linux tries to poke the AGP bridge port and is pretty sad when it can't,
so let's activate the old code again and throw out the bit modifications,
as we don't really do anything with the values anyways.
Signed-off-by: Alexander Graf <alex@csgraf.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6750 c046a42c-6fe2-441c-8c8c-71466251a162
blueswir1 [Sat, 7 Mar 2009 20:52:22 +0000 (20:52 +0000)]
Implment tlbiel
Linux uses tlbiel to flush TLB entries in PPC64 mode. This special TLB
flush opcode only flushes an entry for the CPU it runs on, not across
all CPUs in the system.
Signed-off-by: Alexander Graf <alex@csgraf.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6749 c046a42c-6fe2-441c-8c8c-71466251a162
blueswir1 [Sat, 7 Mar 2009 20:50:01 +0000 (20:50 +0000)]
Implement slbmte
In order to modify SLB entries on recent PPC64 machines, the slbmte
instruction is used.
This patch implements the slbmte instruction and makes the "bridge"
mode code use the slb set functions, so we can move the SLB into
the CPU struct later.
This is required for Linux to run on PPC64.
Signed-off-by: Alexander Graf <alex@csgraf.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6747 c046a42c-6fe2-441c-8c8c-71466251a162
pbrook [Sat, 7 Mar 2009 15:24:59 +0000 (15:24 +0000)]
The _exit syscall is used for both thread termination in NPTL applications,
and process termination in legacy applications. Try to guess which we want
based on the presence of multiple threads.
Also implement locking when modifying the CPU list.
Signed-off-by: Paul Brook <paul@codesourcery.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6735 c046a42c-6fe2-441c-8c8c-71466251a162
aurel32 [Fri, 6 Mar 2009 21:48:00 +0000 (21:48 +0000)]
Fix race condition on access to env->interrupt_request
env->interrupt_request is accessed as the bit level from both main code
and signal handler, making a race condition possible even on CISC CPU.
This causes freeze of QEMU under high load when running the dyntick
clock.
The patch below move the bit corresponding to CPU_INTERRUPT_EXIT in a
separate variable, declared as volatile sig_atomic_t, so it should be
work even on RISC CPU.
We may want to move the cpu_interrupt(env, CPU_INTERRUPT_EXIT) case in
its own function and get rid of CPU_INTERRUPT_EXIT. That can be done
later, I wanted to keep the patch short for easier review.
aliguori [Fri, 6 Mar 2009 20:27:37 +0000 (20:27 +0000)]
Support ACLs for controlling VNC access ("Daniel P. Berrange")
This patch introduces a generic internal API for access control lists
to be used by network servers in QEMU. It adds support for checking
these ACL in the VNC server, in two places. The first ACL is for the
SASL authentication mechanism, checking the SASL username. This ACL
is called 'vnc.username'. The second is for the TLS authentication
mechanism, when x509 client certificates are turned on, checking against
the Distinguished Name of the client. This ACL is called 'vnc.x509dname'
The internal API provides for an ACL with the following characteristics
- A unique name, eg vnc.username, and vnc.x509dname.
- A default policy, allow or deny
- An ordered series of match rules, with allow or deny policy
If none of the match rules apply, then the default policy is
used.
There is a monitor API to manipulate the ACLs, which I'll describe via
examples
(qemu) acl show vnc.username
policy: allow
(qemu) acl policy vnc.username denya
acl: policy set to 'deny'
(qemu) acl allow vnc.username fred
acl: added rule at position 1
(qemu) acl allow vnc.username bob
acl: added rule at position 2
(qemu) acl allow vnc.username joe 1
acl: added rule at position 1
(qemu) acl show vnc.username
policy: deny
0: allow fred
1: allow joe
2: allow bob
(qemu) acl show vnc.x509dname
policy: allow
(qemu) acl policy vnc.x509dname deny
acl: policy set to 'deny'
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
acl: added rule at position 1
(qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
acl: added rule at position 2
(qemu) acl show vnc.x509dname
policy: deny
0: allow C=GB,O=ACME,L=London,CN=*
1: allow C=GB,O=ACME,L=Boston,CN=bob
By default the VNC server will not use any ACLs, allowing access to
the server if the user successfully authenticates. To enable use of
ACLs to restrict user access, the ',acl' flag should be given when
starting QEMU. The initial ACL activated will be a 'deny all' policy
and should be customized using monitor commands.
eg enable SASL auth and ACLs
qemu .... -vnc localhost:1,sasl,acl
The next patch will provide a way to load a pre-defined ACL when
starting up
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6725 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Fri, 6 Mar 2009 20:27:28 +0000 (20:27 +0000)]
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Fri, 6 Mar 2009 20:27:23 +0000 (20:27 +0000)]
Move TLS auth into separate file ("Daniel P. Berrange")
This patch refactors the existing TLS code to make the main VNC code
more managable. The code moves to two new files
- vnc-tls.c: generic helpers for TLS handshake & credential setup
- vnc-auth-vencrypt.c: the actual VNC TLS authentication mechanism.
The reason for this split is that there are other TLS based auth
mechanisms which we may like to use in the future. These can all
share the same vnc-tls.c routines. In addition this will facilitate
anyone who may want to port the vnc-tls.c file to allow for choice
of GNUTLS & NSS for impl.
The TLS state is moved out of the VncState struct, and into a separate
VncStateTLS struct, defined in vnc-tls.h. This is then referenced from
the main VncState. End size of the struct is the same, but it keeps
things a little more managable.
The vnc.h file gains a bunch more function prototypes, for functions
in vnc.c that were previously static, but now need to be accessed
from the separate auth code files.
The only TLS related code still in the main vl.c is the command line
argument handling / setup, and the low level I/O routines calling
gnutls_send/recv.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6723 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Fri, 6 Mar 2009 20:27:13 +0000 (20:27 +0000)]
Move VNC structs into header file ("Daniel P. Berrange")
This patch moves the definitions of VncState and VncDisplay structs
out into a vnc.h header file. This is to allow the code for TLS
and SASL auth mechanisms to be moved out of the main vnc.c file.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6722 c046a42c-6fe2-441c-8c8c-71466251a162
projects / qemu-xen-4.5-testing.git / log